Question: |
not working sites |
Answer: |
you have a Trojan php-cgi 939271 coblov 40325936 3u IPv4 0t0 TCP coil.dnsline.EN:40474->host266.hostmonster.com:smtp (ESTABLISHED) php-cgi 939592 coblov 40325919 3u IPv4 0t0 TCP coil.dnsline.EN:50857->192-185-169-237.unifiedlayer.com:smtp (ESTABLISHED) until a match is found, access will be restricted. can access only for your ip |
Answer: |
you have a Trojan php-cgi 939271 coblov 40325936 3u IPv4 0t0 TCP coil.dnsline.EN:40474->host266.hostmonster.com:smtp (ESTABLISHED) php-cgi 939592 coblov 40325919 3u IPv4 0t0 TCP coil.dnsline.EN:50857->192-185-169-237.unifiedlayer.com:smtp (ESTABLISHED) until a match is found, access will be restricted. can access only for your ip |
Question: |
where to find it maybe I can help find |
Answer: |
we launched the scanner. will give you the result. he only finds potential files This infection almost certainly means that the infected web site has used pirated plugins from the nulledstylez.com, dailynulled.com sites or some other site that specializes in providing \"nulled\" (pirated) software. Fox-IT`s research has shown that every pirated theme or plug-in on these two sites has been infested with the cryptophp malware. |
Question: |
thank you then expect a response from you |
Question: |
until a match is found, access will be restricted. can access only for your ip____________it is possible for me to open |
Answer: |
Inform your IP |
Question: |
37.233.3.82 |
Question: |
sorry to bother you but when is finished verification by |
Answer: |
Your request is sent to the administrator. |
Question: |
thank you |
Answer: |
the script still is not finished but so far nothing found |
Question: |
sites until you can start? |
Answer: |
while Yon will have found the problem to run unfortunately impossible. ip and already covered for two weeks ka minimum and under threat of eternal ban |
Question: |
so the sites will be after the check to work?you can hope for? |
Answer: |
we hope to find the problem |
Question: |
sorry problem still not solved? |
Answer: |
the script work was finished. file in /data/www/coblovhacked.txt the script was only a potential threat. |
Question: |
what you sent to the list is hacked or what |
Answer: |
it is found that in the script . besides potentially seeking threats. Fox-IT has a blog item on finding and fixing CryptoPHP infections here. Based on suggestions found there, we recommend one of the following two *NIX command lines to find the current version of CryptoPHP. The first command is usually very fast, but will not find copies of CryptoPHP installed after the last time \"updatedb\" has been run (usually once per day). The second command will find all existing copies, but may take hours to run. find-L / -type f -name `social.png` | xargs file locate-b `\\social.png` | xargs file
If either script returns something like \"../images/social.png: PHP script, ASCII text\", then you have found one infection - there may be more than one.
Note that the \"locate\" subsystem or the \"file\" command are not always installed by default. On Debian or Ubuntu, you can install these two commands by \"sudo apt-get install locate\" and \"sudo apt-get install file\" respectively. If you have to install locate, it won`t locate anything until the \"updatedb\" (part of the locate package) has run at least once. You can run it manually via \"sudo update\". Update takes a long time to run the first time.
Fox-IT recommends that you should NOT try to \"repair\" the infection. The infected account should be reinstalled from scratch.
I shall repeat the previous paragraph: removing the \"social.png\" file DOES NOT remove the infection. \"social.png\" is only just one small piece of it. The infected account should be reinstalled from scratch.
NEW! There`s a new version of findbot that should find CryptoPHP faster and simpler - try the -c option.
There are a number of scanners that can be used on web servers to try to find malicious PHP and Perl scripts, such as rkhunter etc.
With the assistance of others, we`ve written a simple perl script called findbot.pl that searches for such things as r57shell, cryptphp etc. It will search your system can find potentially dangerous scripts.
As it`s very simple-minded you will have to carefully inspect the files it finds to verify whether what it finds is malicious or not. Be aware of the file types - finding executable code fragments within \".png\" or \".jpg\" files is clearly demonstrates that the file is malicious. |
Question: |
files changed on the original infected photos and features удалилBERIOZCA.Net MD can include |
Answer: |
specify which components have been infected. |
Question: |
/var/www/coblov/data/www/beriozca.md/LICENSE.txt: Suspicious(Hacker):/var/www/coblov/data/www/beriozca.md/plugins/content/geshi/geshi/geshi/ini.php: Suspicious(hacker):/var/www/coblov/data/www/beriozca.md/administrator/components/com_ose_cpu/oseregistry/html/select.php: Suspicious(hacked):/var/www/coblov/data/www/beriozca.md/libraries/fof/LICENSE.txt: Suspicious(Hacker):checked infestation was not but just in case, blamed and removed |
Answer: |
what theme is on the website? free? here, oznakomtes https://threatpost.com/attackers-using-compromised-web-plug-ins-in-cryptophp-blackhat-seo-campaign/109505 |
Question: |
http://joomla-master.org/forum.html?catid=20&func=view&id=623я do not legalize buying and using this website legally |
Question: |
BERIOZCA.MD can include |
Answer: |
Yes, now open access |
Question: |
/var/www/coblov/data/www/mistroim.md/plugins/vmpayment/moneybookers/moneybookers.php: Suspicious(fsockopen)- удалил__________/var/www/coblov/data/www/mistroim.md/LICENSE.txt: Suspicious(Hacker):/var/www/coblov/data/www/mistroim.md/administrator/components/com_xmap/LICENSE.txt: Suspicious(Hacker):/var/www/coblov/data/www/mistroim.md/administrator/components/com_jce/licence.txt: Suspicious(Hacker):/var/www/coblov/data/www/mistroim.md/administrator/templates/hathor/LICENSE.txt: Suspicious(Hacker):/var/www/coblov/data/www/mistroim.md/libraries/joomla/html/html/select.php: Suspicious(hacked):/var/www/coblov/data/www/mistroim.md/libraries/fof/LICENSE.txt: Suspicious(Hacker):/var/www/coblov/data/www/mistroim.md/libraries/f0f/LICENSE.txt: Suspicious(Hacker):/var/www/coblov/data/www/mistroim.md/components/com_jce/licence.txt: Suspicious(Hacker):/var/www/coblov/data/www/mistroim.md/components/com_jce/editor/tiny_mce/plugins/spellchecker/classes/pspellshell.php: Suspicious(shell_exec):/var/www/coblov/data/www/mistroim.md/components/com_jce/editor/tiny_mce/license.txt: Suspicious(Hacker):FOUND NOTHING BUT REPLACED the ORIGINAL___________________________________________________CLEAN!!! |
Question: |
mistroim.md can include |
Question: |
mistroim.md can включитьBERIOZCA.MD can include |
Answer: |
have to one option. now we will configure you a server and you will be transferred to his proven websites. |
Question: |
on configure domain it will not effect |
Answer: |
please https://144.76.171.233:1500/ispmgr your dial-up server. place it on the cleaned sites |
Question: |
login password what |
Question: |
what is the username and password how to login |
Question: |
Error: Invalid password |
Answer: |
the username and password of your account |
Question: |
coblov9eEe0VU$t7yDFSX#aHR2*dVam%93#oshibka: Invalid proliposome not let |
Question: |
coblov9eEe0VU$t7yDFSX#aHR2*dVam%93#oshibka: Invalid proliposome not let |
Question: |
auuuuuuu can`t log in what happened |
Answer: |
no, the password is your billing account |
Question: |
DNS domains do not need to change |
Answer: |
No. |
Question: |
BERIOZCA.MD moved to a new server but the site doesn`t open why? |
Question: |
beriozca.md checked out and moved viruses нетmistroim.md checked out and moved viruses нетmonument.com.md checked and moved no virus |
Question: |
you can run the sites |
Question: |
uuuuuuuuuuuuuuuu answer me |
Answer: |
there is Obnovlenie DNS, your domain directed to the new server. |
Question: |
/www/palma-tour.com/1.zip can`t extract the files |
Answer: |
specify what is the error |
Question: |
/www/palma-tour.com/1.zip can`t extract the files on the hosting from the archive |
Question: |
https://144.76.171.233:1500/ispmgr |
Question: |
/www/palma-tour.com/1.zip can`t extract the files on the hosting from the archive |
Question: |
extract the files from the archive to the new hosting |
Question: |
there is Obnovlenie DNS, your domain directed to the new server__________________________and how long wait |
Question: |
auuuuuu answer me please |
Question: |
Type: Trojan.PHP.Agent.gh Removed 25.11.2014 14:21:06 astra.md\\webstat\\ proxy84.php Trojan.PHP.Agent.gh Removed 25.11.2014 14:20:58 astra.md\\webstat\\ .view24.php Trojan.PHP.Agent.gh Removed 25.11.2014 14:10:20 ecatelena-plast.com.md\\components\\com_xmap\\ .error94.php Trojan.PHP.Agent.gh Removed 25.11.2014 14:10:19 ecatelena-plast.com.md\\components\\ .dump76.php Trojan.PHP.Agent.gh Removed 25.11.2014 14:09:59 ecatelena-plast.com.md\\plugins\\editors\\jce\\tiny_mce\\plugins\\code\\img\\ .start.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:55:51 aveks-m.EN\\components\\com_jshopping\\templates\\default\\list_products\\ .sql.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:55:51 aveks-m.EN\\components\\com_jce\\editor\\tiny_mce\\plugins\\source\\img\\ object.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:55:50 aveks-m.EN\\components\\com_jce\\editor\\tiny_mce\\plugins\\article\\classes\\ dir.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:55:49 aveks-m.EN\\administrator\\components\\com_categories\\models\\forms\\ .header80.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:55:49 aveks-m.EN\\libraries\\fof\\input\\ session.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:55:11 aveks-m.EN\\administrator\\components\\com_media\\models\\forms\\ sql92.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:37:55 palma-tour.com\\modules\\mod_image_show_gk4\\styles\\gk_music\\ info.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:37:54 palma-tour.com\\modules\\mod_image_show_gk4\\styles\\gk_music\\ file30.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:37:54 palma-tour.com\\images\\ROMANIA\\Caraiman_\\ alias.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:37:46 palma-tour.com\\images\\stories\\GOLDEN_SANDS\\5\\ .footer.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:34:58 palma-tour.com\\components\\com_jce\\editor\\libraries\\jquery\\js\\ cache28.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:14:39 monument.com.md\\modules\\mod_banners\\tmpl\\ list84.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:14:39 monument.com.md\\modules\\mod_jshopping_bestseller_products\\tmpl\\ system30.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:14:38 Rome.com.md\\media\\akeeba_strapper\\css\\ANTOR group has\\ article95.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:14:38 Rome.com.md\\administrator\\components\\com_languages\\controllers\\ .javascript67.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:14:37 monument.com.md\\administrator\\components\\com_chronoforms\\form_actions\\joomla_login\\ utf.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:14:35 monument.com.md\\plugins\\system\\ksecure\\ object71.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:13:11 monument.com.md\\plugins\\system\\remember\\ .ajax.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:59:27 mistroim.md\\modules\\mod_custom\\tmpl\\ .themes.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:59:25 mistroim.md\\media\\overrider\\js\\ ajax30.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:59:24 mistroim.md\\media\\editors\\tinymce\\jscripts\\tiny_mce\\plugins\\nonbreaking\\ db.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:59:11 mistroim.md\\administrator\\components\\com_config\\views\\close\\ .dump.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:58:56 mistroim.md\\administrator\\components\\com_content\\models\\forms\\ .ajax3.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:44:42 beriozca.md\\templates\\atomic\\language\\ info95.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:44:40 beriozca.md\\components\\com_jce\\editor\\tiny_mce\\plugins\\charmap\\tmpl\\ .functions.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:44:31 beriozca.md\\administrator\\templates\\hathor\\html\\com_finder\\index\\ files63.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:43:31 beriozca.md\\administrator\\components\\com_installer\\controllers\\ dir86.php |
Answer: |
the Domain has not worked with the new ip http://ping-admin.ru/free_test/result/14169187436re9o6n02n55v2qy10b911.html please confirm which folder is the archive, we will draw it out |
Question: |
www/palma-tour.com/1.zip on the new server |
Question: |
Microsoft Windows [Versio(c) Corporation Microsoft:\\Users\\User>tracert berТрассировка route to beс maximum number of ballasts 1 1 ms <1 MS 2 1 ms 1 ms 3 4 ms 3 ms 4 43 ms 106 ms 5 44 ms 43 ms 6 55 ms 55 ms 56 ms 7 77 8 55 ms 55 ms 57 ms 9 ms 10 62 ms 56 ms 56 metaserve completed. |
Question: |
Microsoft Windows [Version 6.1.7601](c) Corporation Microsoft (Microsoft Corp.), 2009. All rights reserved.C:\\Users\\User>tracert beriozca.mdТрассировка route to beriozca.md [46.29.2.43]with the maximum number of jumps 30: 1 1 ms <1 MS <1 MS 192.168.1.1 2 1 ms 1 ms 1 ms 37-233-3-1.starnet.md [37.233.3.1] 3 3 ms 3 ms 3 ms 95-65-1-126.starnet.md [95.65.1.126] 4 44 ms 43 ms 47 ms 37-233-0-33.starnet.md [37.233.0.33] 5 43 ms 42 ms 42 ms ae4-201.fra61.ip4.gtt.net [77.67.74.221] 6 55 ms 54 ms 55 ms xe-1-1-0.vie20.ip4.gtt.net [141.136.105.94] 7 56 ms 56 ms 56 ms pantel-gw.ip4.gtt.net [77.67.74.14] 8 55 ms 55 ms 54 ms 31.210.11.37 9 57 ms 61 ms 58 ms 31.210.11.38 10 56 ms 57 ms 57 ms coil.dnsline.ru [46.29.2.43]Trace complete.C:\\Users\\User>C:\\Users\\User>C:\\Users\\User> |
Question: |
http://2ip.ru/site-availability/ website not available |
Answer: |
well, you have it may still be unavailable because you have the cache of DNS. you need to check with different sources. http://host-tracker.com/check_res_ajx/15311364-0 And delete the file index.html avtomaticheski which is created when you add the www domain |
Question: |
www/palma-tour.com/1.zip help to unzip files on hosting |
Answer: |
this file is corrupted or it does not zip Archive: 1.zip End-of-central-directory signature not found. Either this file is not a zipfile, or it constitutes one disk of a multi-part archive. In the latter case the central directory and zipfile comment will be found on the last disk(s) of this archive. unzip: cannot find zipfile directory in one of 1.zip or 1.zip.zip, and cannot find 1.zip.ZIP period. |
Question: |
http://astra.md/http://palma-tour.com/http://aveks-m.ru/http://mistroim.md/http://monument.com.md/http://palma-tour.com/_________________________еще not updated |
Answer: |
you checked all of them Perd transfer? Go to menu domain on the old server in the control panel. select domain and enter there the ip is 144.76.171.233 46.29.2.43 and 46.29.2.42 |
Question: |
Yes properidine names (DNS)is there to change properly |
Question: |
Type: Trojan program (37) Trojan.PHP.Agent.gh Removed 25.11.2014 14:39:07 holidays.md\\media\\editors\\tinymce\\jscripts\\tiny_mce\\themes\\advanced\\skins\\default\\img\\ .file.php Trojan.PHP.Agent.gh Removed 25.11.2014 14:38:50 holidays.md\\templates\\beez5\\html\\com_contact\\contact\\ view39.php Trojan.PHP.Agent.gh Removed 25.11.2014 14:38:49 holidays.md\\components\\com_jce\\editor\\tiny_mce\\plugins\\spellchecker\\css\\ .dirs.php Trojan.PHP.Agent.gh Removed 25.11.2014 14:38:48 holidays.md\\libraries\\joomla\\session\\storage\\ .file89.php Trojan.PHP.Agent.gh Removed 25.11.2014 14:37:43 holidays.md\\plugins\\system\\logout\\ include.php Trojan.PHP.Agent.gh Removed 25.11.2014 14:21:06 astra.md\\webstat\\ proxy84.php Trojan.PHP.Agent.gh Removed 25.11.2014 14:20:58 astra.md\\webstat\\ .view24.php Trojan.PHP.Agent.gh Removed 25.11.2014 14:10:20 ecatelena-plast.com.md\\ecatelena-plast.com.md\\components\\com_xmap\\ .error94.php Trojan.PHP.Agent.gh Removed 25.11.2014 14:10:19 ecatelena-plast.com.md\\ecatelena-plast.com.md\\components\\ .dump76.php Trojan.PHP.Agent.gh Removed 25.11.2014 14:09:59 ecatelena-plast.com.md\\ecatelena-plast.com.md\\plugins\\editors\\jce\\tiny_mce\\plugins\\code\\img\\ .start.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:55:51 aveks-m.EN\\components\\com_jshopping\\templates\\default\\list_products\\ .sql.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:55:51 aveks-m.EN\\components\\com_jce\\editor\\tiny_mce\\plugins\\source\\img\\ object.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:55:50 aveks-m.EN\\components\\com_jce\\editor\\tiny_mce\\plugins\\article\\classes\\ dir.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:55:49 aveks-m.EN\\administrator\\components\\com_categories\\models\\forms\\ .header80.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:55:49 aveks-m.EN\\libraries\\fof\\input\\ session.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:55:11 aveks-m.EN\\administrator\\components\\com_media\\models\\forms\\ sql92.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:37:55 palma-tour.com\\modules\\mod_image_show_gk4\\styles\\gk_music\\ info.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:37:54 palma-tour.com\\modules\\mod_image_show_gk4\\styles\\gk_music\\ file30.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:37:54 palma-tour.com\\images\\ROMANIA\\Caraiman_\\ alias.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:37:46 palma-tour.com\\images\\stories\\GOLDEN_SANDS\\5\\ .footer.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:34:58 palma-tour.com\\components\\com_jce\\editor\\libraries\\jquery\\js\\ cache28.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:14:39 monument.com.md\\modules\\mod_banners\\tmpl\\ list84.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:14:39 monument.com.md\\modules\\mod_jshopping_bestseller_products\\tmpl\\ system30.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:14:38 Rome.com.md\\media\\akeeba_strapper\\css\\ANTOR group has\\ article95.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:14:38 Rome.com.md\\administrator\\components\\com_languages\\controllers\\ .javascript67.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:14:37 monument.com.md\\administrator\\components\\com_chronoforms\\form_actions\\joomla_login\\ utf.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:14:35 monument.com.md\\plugins\\system\\ksecure\\ object71.php Trojan.PHP.Agent.gh Removed 25.11.2014 13:13:11 monument.com.md\\plugins\\system\\remember\\ .ajax.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:59:27 mistroim.md\\modules\\mod_custom\\tmpl\\ .themes.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:59:25 mistroim.md\\media\\overrider\\js\\ ajax30.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:59:24 mistroim.md\\media\\editors\\tinymce\\jscripts\\tiny_mce\\plugins\\nonbreaking\\ db.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:59:11 mistroim.md\\administrator\\components\\com_config\\views\\close\\ .dump.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:58:56 mistroim.md\\administrator\\components\\com_content\\models\\forms\\ .ajax3.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:44:42 beriozca.md\\templates\\atomic\\language\\ info95.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:44:40 beriozca.md\\components\\com_jce\\editor\\tiny_mce\\plugins\\charmap\\tmpl\\ .functions.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:44:31 D:\\БЭКАПЫ\\WWW.BERIOZCA.MD\\beriozca.md\\beriozca.md\\administrator\\templates\\hathor\\html\\com_finder\\index\\ files63.php Trojan.PHP.Agent.gh Removed 25.11.2014 12:43:31 beriozca.md\\administrator\\components\\com_installer\\controllers\\ dir86.php |
Answer: |
Yes, but change only the ip in the records. update DNS for you, probably for a couple chasov if you don`t budeet to go to the sites |
Answer: |
another test maldet(588398): {quar} malware quarantined from `./www/holidays.md/templates/it_therestaurant2/html/com_content/article/default.php` to `/usr/local/maldetect/quarantine/default.php.5840` maldet(588398): {clean} restoring /usr/local/maldetect/quarantine/default.php.5840 for cleaning attempt maldet(588398): {clean} trying to clean ./www/holidays.md/templates/it_therestaurant2/html/com_content/article/default.php with base64.inject.unclassed rule maldet(588398): {clean} rescanning ./www/holidays.md/templates/it_therestaurant2/html/com_content/article/default.php for malware hits maldet(588398): {clean} clean successful on ./www/holidays.md/templates/it_therestaurant2/html/com_content/article/default.php maldet(588398): {quar} malware quarantined from `./www/evolar.md/templates/vt_farm/html/com_content/article/default.php` to `/usr/local/maldetect/quarantine/default.php.15168` maldet(588398): {clean} restoring /usr/local/maldetect/quarantine/default.php.15168 for cleaning attempt maldet(588398): {clean} trying to clean ./www/evolar.md/templates/vt_farm/html/com_content/article/default.php with base64.inject.unclassed rule maldet(588398): {clean} rescanning ./www/evolar.md/templates/vt_farm/html/com_content/article/default.php for malware hits maldet(588398): {clean} clean successful on ./www/evolar.md/templates/vt_farm/html/com_content/article/default.php maldet(588398): {quar} malware quarantined from `./www/evolar.md/templates/vt_farm/html/com_k2/templates/default/item.php` to `/usr/local/maldetect/quarantine/item.php.28994` maldet(588398): {clean} restoring /usr/local/maldetect/quarantine/item.php.28994 for cleaning attempt maldet(588398): {clean} trying to clean ./www/evolar.md/templates/vt_farm/html/com_k2/templates/default/item.php with base64.inject.unclassed rule maldet(588398): {clean} rescanning ./www/evolar.md/templates/vt_farm/html/com_k2/templates/default/item.php for malware hits maldet(588398): {clean} clean successful on ./www/evolar.md/templates/vt_farm/html/com_k2/templates/default/item.php maldet(588398): {quar} malware quarantined from `./www/juniscart.com/templates/shaper_optima/html/com_k2/templates/default/item.php` to `/usr/local/maldetect/quarantine/item.php.10400` maldet(588398): {clean} restoring /usr/local/maldetect/quarantine/item.php.10400 for cleaning attempt maldet(588398): {clean} trying to clean ./www/juniscart.com/templates/shaper_optima/html/com_k2/templates/default/item.php with base64.inject.unclassed rule maldet(588398): {clean} rescanning ./www/juniscart.com/templates/shaper_optima/html/com_k2/templates/default/item.php for malware hits maldet(588398): {clean} clean successful on ./www/juniscart.com/templates/shaper_optima/html/com_k2/templates/default/item.php maldet(588398): {quar} malware quarantined from `./www/aveks-m.ru/templates/sj_muzik/html/com_content/article/default.php` to `/usr/local/maldetect/quarantine/default.php.11182` maldet(588398): {clean} restoring /usr/local/maldetect/quarantine/default.php.11182 for cleaning attempt maldet(588398): {clean} trying to clean ./www/aveks-m.ru/templates/sj_muzik/html/com_content/article/default.php with base64.inject.unclassed rule maldet(588398): {clean} rescanning ./www/aveks-m.ru/templates/sj_muzik/html/com_content/article/default.php for malware hits maldet(588398): {clean} clean successful on ./www/aveks-m.ru/templates/sj_muzik/html/com_content/article/default.php maldet(588398): {quar} malware quarantined from `./www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_content/article/default.php` to `/usr/local/maldetect/quarantine/default.php.14252` maldet(588398): {clean} restoring /usr/local/maldetect/quarantine/default.php.14252 for cleaning attempt maldet(588398): {clean} trying to clean ./www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_content/article/default.php with base64.inject.unclassed rule maldet(588398): {clean} rescanning ./www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_content/article/default.php for malware hits maldet(588398): {clean} clean successful on ./www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_content/article/default.php maldet(588398): {quar} malware quarantined from `./www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_k2/templates/sj-template/item.php` to `/usr/local/maldetect/quarantine/item.php.3864` maldet(588398): {clean} restoring /usr/local/maldetect/quarantine/item.php.3864 for cleaning attempt maldet(588398): {clean} trying to clean ./www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_k2/templates/sj-template/item.php with base64.inject.unclassed rule maldet(588398): {clean} rescanning ./www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_k2/templates/sj-template/item.php for malware hits maldet(588398): {clean} clean successful on ./www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_k2/templates/sj-template/item.php maldet(588398): {quar} malware quarantined from `./www/mondolegno.md/templates/ot_happyday/html/com_content/article/default.php` to `/usr/local/maldetect/quarantine/default.php.11219` maldet(588398): {clean} restoring /usr/local/maldetect/quarantine/default.php.11219 for cleaning attempt maldet(588398): {clean} trying to clean ./www/mondolegno.md/templates/ot_happyday/html/com_content/article/default.php with base64.inject.unclassed rule maldet(588398): {clean} rescanning ./www/mondolegno.md/templates/ot_happyday/html/com_content/article/default.php for malware hits maldet(588398): {clean} clean successful on ./www/mondolegno.md/templates/ot_happyday/html/com_content/article/default.php maldet(588398): {quar} malware quarantined from `./www/mondolegno.md/templates/ot_happyday/html/com_k2/templates/default/item.php` to `/usr/local/maldetect/quarantine/item.php.14979` maldet(588398): {clean} restoring /usr/local/maldetect/quarantine/item.php.14979 for cleaning attempt maldet(588398): {clean} trying to clean ./www/mondolegno.md/templates/ot_happyday/html/com_k2/templates/default/item.php with base64.inject.unclassed rule maldet(588398): {clean} rescanning ./www/mondolegno.md/templates/ot_happyday/html/com_k2/templates/default/item.php for malware hits maldet(588398): {clean} clean successful on ./www/mondolegno.md/templates/ot_happyday/html/com_k2/templates/default/item.php maldet(588398): {quar} malware quarantined from `./www/proectservis.com.md/templates/shaper_awetive/html/com_k2/templates/default/item.php` to `/usr/local/maldetect/quarantine/item.php.15` maldet(588398): {clean} restoring /usr/local/maldetect/quarantine/item.php.15 for cleaning attempt maldet(588398): {clean} trying to clean ./www/proectservis.com.md/templates/shaper_awetive/html/com_k2/templates/default/item.php with base64.inject.unclassed rule maldet(588398): {clean} rescanning ./www/proectservis.com.md/templates/shaper_awetive/html/com_k2/templates/default/item.php for malware hits maldet(588398): {clean} clean successful on ./www/proectservis.com.md/templates/shaper_awetive/html/com_k2/templates/default/item.php
|
Question: |
install the database evolar.md/evolar.sql.zip |
Question: |
can`t unzip files on hosting evolar.md/1.zip |
Question: |
auuuuuuuuuuu answer me |
Answer: |
Ask how you archived. |
Question: |
RAR archiver to ZIP |
Question: |
Error: Directory does not exist: /var/www/coblov/data/www/granilux.mdне can create a domain |
Question: |
144.76.171.233:1500 |
Question: |
what happened can`t migrate a site |
Question: |
auuuuuuuuuuuu answer me |
Answer: |
please Wait, your issue is being dealt with. |
Question: |
can`t unzip says over QUOTA |
Question: |
auuuuuuuuuuuu answer me |
Answer: |
you can delete old files? |
Answer: |
obrý deň
špecializovanému útvaru CSIRT.SK bolo nahlásené pravdepodobné umiestnenie škodlivého PHP skriptu na IP adresách , ktoré podľa databázy WHOIS patria do Vášho rozsahu. Daný skript sa správa ako Proxy, ktorý preposiela používateľské požiadavky na \"upstream download server\" a následne doručí používateľovi škodlivý softvér Asprox/Kuluoz. Odkazy na kompromitované stránky sú zväčša distribuované prostredníctvom spam-u alebo phishingových e-mailov. Bližšie informácie sú priložené na konci e-mailu.
Zoznam pravdepodobne infikovaných IP adries a URL:
Format: ASN | CC | IP | URL 6663 | SK | 46.29.2.43 | hxxp://beriozca.md/blog.php |
Question: |
all re-upload |
Answer: |
look for the file |
Question: |
Welcome !Site granilux.md just created.Real content coming soon.what is this instead of the website http://beriozca.md/ |
Question: |
http://beriozca.md/перезалил |
Answer: |
in the creation of www domains the machine is created index.html. delete it |
Question: |
install base in wawpodarki.ru/waw.sql.zip |
Answer: |
let name database name user password Yai and we import it. |
Question: |
/waw.sql.zipwawwawWaw21021972 |
Question: |
wawpodarki.ru/waw.sql.zip |
Question: |
failed to extract files from the archive 1.zip in wawpodarki.ru |
Answer: |
please Check now.
|
Question: |
learned what base imported |
Answer: |
import manufactured |
Question: |
Microsoft Windows [Version 6.1.7601](c) Corporation Microsoft (Microsoft Corp.), 2009. All rights reserved.C:\\Users\\User>tracert aqva.mdНе unable to resolve target system name aqva.md.C:\\Users\\User> |
Answer: |
you changed his ip? |
Question: |
no can check |
Answer: |
smenet in the properties of the domain on the old server. |
Question: |
but nothing changed |
Answer: |
Wait for the DNS updates. |
Answer: |
maldet(439654): {quar} malware quarantined from `/var/www/coblov/data/www/holidays.md/templates/it_therestaurant2/html/com_content/article/default.php` to `/usr/local/maldetect/quarantine/default.php.1907` maldet(439654): {clean} trying to clean /var/www/coblov/data/www/holidays.md/templates/it_therestaurant2/html/com_content/article/default.php with base64.inject.unclassed rule maldet(439654): {clean} rescanning /var/www/coblov/data/www/holidays.md/templates/it_therestaurant2/html/com_content/article/default.php for malware hits maldet(439654): {clean} clean successful on /var/www/coblov/data/www/holidays.md/templates/it_therestaurant2/html/com_content/article/default.php maldet(439654): {quar} malware quarantined from `/var/www/coblov/data/www/evolar.md/templates/vt_farm/html/com_content/article/default.php` to `/usr/local/maldetect/quarantine/default.php.13973` maldet(439654): {clean} trying to clean /var/www/coblov/data/www/evolar.md/templates/vt_farm/html/com_content/article/default.php with base64.inject.unclassed rule maldet(439654): {clean} rescanning /var/www/coblov/data/www/evolar.md/templates/vt_farm/html/com_content/article/default.php for malware hits maldet(439654): {clean} clean successful on /var/www/coblov/data/www/evolar.md/templates/vt_farm/html/com_content/article/default.php maldet(439654): {quar} malware quarantined from `/var/www/coblov/data/www/evolar.md/templates/vt_farm/html/com_k2/templates/default/item.php` to `/usr/local/maldetect/quarantine/item.php.7453` maldet(439654): {clean} trying to clean /var/www/coblov/data/www/evolar.md/templates/vt_farm/html/com_k2/templates/default/item.php with base64.inject.unclassed rule maldet(439654): {clean} rescanning /var/www/coblov/data/www/evolar.md/templates/vt_farm/html/com_k2/templates/default/item.php for malware hits maldet(439654): {clean} clean successful on /var/www/coblov/data/www/evolar.md/templates/vt_farm/html/com_k2/templates/default/item.php maldet(439654): {quar} malware quarantined from `/var/www/coblov/data/www/juniscart.com/templates/shaper_optima/html/com_k2/templates/default/item.php` to `/usr/local/maldetect/quarantine/item.php.27399` maldet(439654): {clean} trying to clean /var/www/coblov/data/www/juniscart.com/templates/shaper_optima/html/com_k2/templates/default/item.php with base64.inject.unclassed rule maldet(439654): {clean} rescanning /var/www/coblov/data/www/juniscart.com/templates/shaper_optima/html/com_k2/templates/default/item.php for malware hits maldet(439654): {clean} clean successful on /var/www/coblov/data/www/juniscart.com/templates/shaper_optima/html/com_k2/templates/default/item.php maldet(439654): {quar} malware quarantined from `/var/www/coblov/data/www/aveks-m.ru/templates/sj_muzik/html/com_content/article/default.php` to `/usr/local/maldetect/quarantine/default.php.20944` maldet(439654): {clean} trying to clean /var/www/coblov/data/www/aveks-m.ru/templates/sj_muzik/html/com_content/article/default.php with base64.inject.unclassed rule maldet(439654): {clean} rescanning /var/www/coblov/data/www/aveks-m.ru/templates/sj_muzik/html/com_content/article/default.php for malware hits maldet(439654): {clean} clean successful on /var/www/coblov/data/www/aveks-m.ru/templates/sj_muzik/html/com_content/article/default.php maldet(439654): {quar} malware quarantined from `/var/www/coblov/data/www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_content/article/default.php` to `/usr/local/maldetect/quarantine/default.php.21388` maldet(439654): {clean} trying to clean /var/www/coblov/data/www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_content/article/default.php with base64.inject.unclassed rule maldet(439654): {clean} rescanning /var/www/coblov/data/www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_content/article/default.php for malware hits maldet(439654): {clean} clean successful on /var/www/coblov/data/www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_content/article/default.php maldet(439654): {quar} malware quarantined from `/var/www/coblov/data/www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_k2/templates/sj-template/item.php` to `/usr/local/maldetect/quarantine/item.php.9980` maldet(439654): {clean} trying to clean /var/www/coblov/data/www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_k2/templates/sj-template/item.php with base64.inject.unclassed rule maldet(439654): {clean} rescanning /var/www/coblov/data/www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_k2/templates/sj-template/item.php for malware hits maldet(439654): {clean} clean successful on /var/www/coblov/data/www/sibarit-s.ru/nobilis.md/templates/sj_atom/html/com_k2/templates/sj-template/item.php maldet(439654): {quar} malware quarantined from `/var/www/coblov/data/www/mondolegno.md/templates/ot_happyday/html/com_content/article/default.php` to `/usr/local/maldetect/quarantine/default.php.5850` maldet(439654): {clean} trying to clean /var/www/coblov/data/www/mondolegno.md/templates/ot_happyday/html/com_content/article/default.php with base64.inject.unclassed rule maldet(439654): {clean} rescanning /var/www/coblov/data/www/mondolegno.md/templates/ot_happyday/html/com_content/article/default.php for malware hits maldet(439654): {clean} clean successful on /var/www/coblov/data/www/mondolegno.md/templates/ot_happyday/html/com_content/article/default.php maldet(439654): {quar} malware quarantined from `/var/www/coblov/data/www/mondolegno.md/templates/ot_happyday/html/com_k2/templates/default/item.php` to `/usr/local/maldetect/quarantine/item.php.21937` maldet(439654): {clean} trying to clean /var/www/coblov/data/www/mondolegno.md/templates/ot_happyday/html/com_k2/templates/default/item.php with base64.inject.unclassed rule maldet(439654): {clean} rescanning /var/www/coblov/data/www/mondolegno.md/templates/ot_happyday/html/com_k2/templates/default/item.php for malware hits maldet(439654): {clean} clean successful on /var/www/coblov/data/www/mondolegno.md/templates/ot_happyday/html/com_k2/templates/default/item.php maldet(439654): {quar} malware quarantined from `/var/www/coblov/data/www/proectservis.com.md/templates/shaper_awetive/html/com_k2/templates/default/item.php` to `/usr/local/maldetect/quarantine/item.php.32009` maldet(439654): {clean} trying to clean /var/www/coblov/data/www/proectservis.com.md/templates/shaper_awetive/html/com_k2/templates/default/item.php with base64.inject.unclassed rule maldet(439654): {clean} rescanning /var/www/coblov/data/www/proectservis.com.md/templates/shaper_awetive/html/com_k2/templates/default/item.php for malware hits maldet(439654): {clean} clean successful on /var/www/coblov/data/www/proectservis.com.md/templates/shaper_awetive/html/com_k2/templates/default/item.php
|