| Question: |
not working sites |
| Question: |
all in working order |
| Answer: |
you again mourning Return-path: <EMAIL>
Envelope-to: EMAIL
Delivery-date: Tue, 17 Mar 2015 22:09:27 +0100
Received: from [IP] (helo=smr-m3.mx.aol.com)
by mail.hetzner.company with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80)
(envelope-from <EMAIL>)
id 1YXyju-0007OE-E9
for EMAIL; Tue, 17 Mar 2015 22:09:27 +0100
Received: from scmp-d010.mail.aol.com (scmp-d010.mail.aol.com [IP])
by smr-m3.mx.aol.com (AOL Mail Bouncer) with ESMTP id 3F68A381A6FF2
for <EMAIL>; Mon, 16 Mar 2015 17:25:45 -0400 (EDT)
Received: from MAIL by scmp-d010.mail.aol.com; Mon, 16 Mar 2015 17:25:38 EDT
To: EMAIL
From: EMAIL
Date: Mon, 16 Mar 2015 17:25:38 EDT
Subject: Email Feedback Report for IP IP
MIME-Version: 1.0
Content-Type: multipart/report; report-type=feedback-report;
boundary=\"boundary-1138-29572-2659438-26616\"
X-AOL-INRLY: static.IP.clients.your-server.de [IP] scmp-d010
X-Loop: scomp
X-Spam-Level: 8.4 (********)
X-Spam-Flag: YES
X-Spam-Report: Spam detection software, running on the system
\"spam26.your-server.de\" that has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn`t spam) or label
similar future email. If you have any questions, see
EMAIL for details.
Content analysis details: (8.4 points)
pts rule name description
---- ---------------------- -------------------------------------------
1.3 URIBL_MW_SURBL Contains a Malware Domain or IP listed in the MW SURBL
blocklist
[URIs: sticky-design.com]
2.0 URIBL_DBL_ABUSE_SPAM Contains an abused spamvertized URL listed in
the DBL blocklist
[URIs: sticky-design.com]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: sticky-design.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(scomp[at]aol.net)
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
2.5 URIBL_DBL_ABUSE_BOTCC Contains an abused botnet C&C URL listed in the
DBL blocklist
[URIs: com.md]
0.1 MISSING_MID Missing Message-Id: header
0.5 RDNS_NONE Delivered to internal network by a host with no rDNS
2.0 URI_WP_HACKED_2 URI for compromised WordPress site, possible malware
Message-ID: 1YXyju-0007OE-EEMAILpany
Delivered-To: EMAIL
--boundary-1138-29572-2659438-26616
Content-Type: text/plain; charset=\"US-ASCII\"
Content-Transfer-Encoding: 7bit
This is an email abuse report for an email message with the message-id of
EMAIL received from IP address on IP
Mon, 16 Mar 2015 17:15:04 -0400 (EDT)
For information, please review the top portion of the following page:
http://postmaster.aol.com/Postmaster.FeedbackLoop.php
For information about AOL E-mail guidelines, please see
http://postmaster.aol.com/Postmaster.Guidelines.php
If you would like to cancel or change the configuration for your FBL please use the
tool located at:
http://postmaster.aol.com/SupportRequest.FBL.php
--boundary-1138-29572-2659438-26616
Content-Disposition: inline
Content-Type: message/feedback-report
Feedback-Type: abuse
User-Agent: AOL SComp
Version: 0.1
Received-Date: Mon, 16 Mar 2015 17:15:04 -0400 (EDT)
Source IP: IP
Reported-Domain: static.IP.clients.your-server.de
Redacted-Address: redacted
Redacted-Address: redacted@
--boundary-1138-29572-2659438-26616
Content-Type: message/rfc822
Content-Disposition: inline
Return-Path: <EMAIL>
Received: from vesnic-granit.com.md (static.IP.clients.your-server.de
[IP])
by mtaig-aaj03.mx.aol.com (Internet Inbound) with ESMTP id B87C970000085
for <redacted>; Mon, 16 Mar 2015 17:15:04 -0400 (EDT)
Date: Tue, 17 Mar 2015 1:15:42 +0400
From: \"Tabatha Dunlap\" <EMAIL>
Reply-To:\"Tabatha Dunlap\" <EMAIL>
Message-ID: <EMAIL>
To: EMAIL
Subject: FW: Hi
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: text/html; charset=\"iso-8859-1\"
Content-Transfer-Encoding: 8bit
x-aol-global-disposition: G
Authentication-Results: mx.aol.com
spf=pass (aol.com the domain vesnic-granit.com.md reports IP as a
permitted sender.) smtp.mailfrom=vesnic-granit.com.md;
x-aol-sid: 3039ac1b03c3550747d7299e
X-AOL-IP: IP
X-AOL-SPF: domain : vesnic-granit.com.md SPF : pass
<div>
Fresh and never seen ebony xxx on the every gallery collected - <a
href=\"http://sticky-design.com/wp-content/plugins/jetpack/modules/related-posts/dir.php?Y2Zva2xCZW9ja24sYW1v\">click
here</a>
</div>
--boundary-1138-29572-2659438-26616-- |
| Question: |
now clean up the sites and check |
| Answer: |
Report on progress measures. |
| Question: |
cleaned from viruses(2)changed paramonovich all to the current component marsiiall post russiatoday the registration module on siteului SMTP |
| Answer: |
Check the job sites. The link mistroim.md we see a 500 error. please Check the rights for folders and files.
Rights should only be 644 for files, 755 for folders. Permissions 777 prohibited and do not require
In the file .htaccess should not be of type php settings php_value, php_flag. php is running as cgi and the parameters entered in the php files.ini .
Error You can see in the control panel, the error Log |
| Question: |
site rabotaet file .htaccess should not be of type php settings php_value, php_flag. php is running as cgi and the parameters entered in the php files.ini . everything conforms to the rules |
| Answer: |
OK |
| Answer: |
|
| Question: |
you can access on the SP |
| Question: |
IP |
| Question: |
you can get FTP access |
| Answer: |
please Wait, the request is sent to the administrator. |
| Question: |
you can access via FTP permission is obtained |
| Answer: |
Hello
access now You will be provided |
| Answer: |
# clamscan -ir ./ ; maldet -a/
./www/eleni-foto.ru/libraries/fof/platform/filesystem/footer.php: Php.Malware.Mailbot-1 FOUND
./www/mondolegno.md/libraries/joomla/environment/inc.php: Php.Malware.Mailbot-1 FOUND
./www/palma-tour.com/modules/mod_zt_accordion_menu/tmpl/login.php: Php.Malware.Mailbot-1 FOUND
./www/compactservice.md/autoservices/barhat1/data/model.php: Php.Malware.Mailbot-1 FOUND
./www/compactservice.md/autoservices/wp-sign.php: PHP.Shell-22 FOUND
./www/mistroim.md/components/com_xmap/views/html/include.php: Php.Malware.Mailbot-1 FOUND
./www/svoiakmd.com/templates/ja_purity/html/mod_login/blog.php: Php.Malware.Mailbot-1 FOUND
./www/ladi.com.md/modules/mod_tz_fullslide/tmpl/dirs.php: Php.Malware.Mailbot-1 FOUND
./www/constructorcms.ru/libraries/f0f/platform/filesystem/global.php: Php.Malware.Mailbot-1 FOUND
./www/oisi.md/libraries/f0f/dispatcher/template.php: Php.Malware.Mailbot-1 FOUND
./www/restaurantnunta.com/libraries/joomla/template/module/function/css.php: Php.Malware.Mailbot-1 FOUND
./www/transkomstroi.ru/media/k2/assets/images/ie6nomore/gallery.php: Php.Malware.Mailbot-1 FOUND
./www/avalanche-md.com/images/.tmb/admin.php: Php.Malware.Mailbot-1 FOUND
./www/atc-md.com/plugins/system/sjcore/core/ytools/javascript.php: Php.Malware.Mailbot-1 FOUND
./www/evolar.md/components/com_users/models/test.php: Php.Malware.Mailbot-1 FOUND
./www/granilux.md/templates/ot_spasalon/lib/system.php: Php.Malware.Mailbot-1 FOUND
./www/vesnic-granit.com/media/mod_languages/css/db.php: Php.Malware.Mailbot-1 FOUND
./www/aveks-m.ru/1/components/com_jshopping/js/option.php: Php.Malware.Mailbot-1 FOUND
./www/ritual-nord.md/libraries/rokcommon/RokCommon/Utils/blog.php: Php.Malware.Mailbot-1 FOUND
./www/mebelux.biz/TURIZM/templates/beez_20/css/config.php: Php.Malware.Mailbot-1 FOUND
./www/bambino.com.md/templates/atomic/css/blueprint/help.php: Php.Malware.Mailbot-1 FOUND
./www/bastionmd.com/modules/mod_news_show_sp2/language/menu.php: Php.Malware.Mailbot-1 FOUND
./www/mcsoft.com.md/components/com_newsfeeds/views/list.php: Php.Malware.Mailbot-1 FOUND
./www/monument.com.md/components/com_chronoforms/libraries/article.php: Php.Malware.Mailbot-1 FOUND
LibClamAV Warning: SWF: Invalid tag length.
|
| Question: |
now engaged to remove and close the hole |
| Answer: |
OK
|
| Question: |
removed Malware.Mailbot-1поменял passwords to steambuster rights to the folder removed the module registration |
| Question: |
check and you can run the sites |
| Answer: |
you found the cause? |
| Question: |
dowdall Malware.Mailbot-1удалил module registration |
| Answer: |
we see that the viruses were in different folders. |
| Question: |
Malware.Mailbot-1 were in different folders adalilar the registration module on the component sithi mailings also utilility SMTP password |
| Question: |
LibClamAV Warning: SWF: Invalid tag length.----------- SCAN SUMMARY -----------Known viruses: 3770927Engine version: 0.98.1 Scanned directories: 121883Scanned files: 628829Infected files: 0Data scanned: 4856.68 MBData read: 6707.20 MB (ratio 0.72:1)Time: 809.025 sec (13 m 29 s) |
| Question: |
possible launch sites |
| Answer: |
the antivirus is not 100% guarantee, a lot of viruses will be skipped. |
| Question: |
all they found was cleaned and closed adalilar possible launch sites |
| Answer: |
please wait, we check the |
| Question: |
the test is not over yet sites is not yet available? |
| Answer: |
we`re not sure that you`re clean, you today there were two complaints. you need to check everything carefully. |
| Question: |
what I need to do I will do |
| Answer: |
we are now compiling a list of potentially dangerous files. check out ykh . file base64.txt in the root www folder , now it is filled |
| Question: |
well |
| Question: |
I deleted all the files starlady.ru.com and checked on the computer flooded back files but can`t unzip why not tell me |
| Answer: |
specify what error you see |
| Question: |
failed to extract files from the archive |
| Question: |
Internal Server ErrorThe server encountered an internal error or misconfiguration and was unable to complete your request.Please contact the server administrator, EMAIL and inform them of the time the error occurred, and anything you might have done that may have caused the error.More information about this error may be available in the server error log.the sites don`t work |
| Answer: |
AVG command line Anti-Virus scanner
Copyright (c) 2013 AVG Technologies CZ
Virus database version: 2641/6155
Virus database release date: Thu, 07 Mar 2013 20:37:00 +0400
./etc/.../.ramz/xh Virus identified Linux/ProcHider.C; deleted, inserted into virus vault.
./etc/.../.ramz/proc Virus identified Linux/Small.L; deleted, inserted into virus vault. |
| Question: |
what is |
| Question: |
Failed to execute the fork system call. Your computer probably ended RAM. |
| Answer: |
this anti-virus report. check |
| Question: |
Failed to execute the fork system call. Your computer probably ended RAM.what the message means |
| Answer: |
./var/www/coblov/wp-conf.php Trojan horse PHP/BackDoor.CK; deleted, inserted into virus vault. |
| Question: |
good morning all right?you can include websites? |
| Question: |
backup deleted |
| Answer: |
Hello. antivirus would Lydon virus, maybe something else. you need to carefully check the sites. Let`s do that, we will open access and you yourself will block dostop to each site, and as it will check to access |
| Question: |
well |
| Question: |
starlady.EN.the question can extract files from the archive |
| Answer: |
where is the archive? |
| Question: |
coblov/www/starlady.EN.com |
| Answer: |
the archive is unpacked. |
| Question: |
and why couldn`t I raspasovschika disk space I have left |
| Question: |
sites not yet included |
| Answer: |
you are employed 23.7 GB , the place is still there |
| Question: |
sites not yet included |
| Answer: |
now, include the free block, placing .htaccess for each site (added to the basic directives) deny from all allow from Valr |
| Question: |
just set the attributes to each website 000 |
| Answer: |
OK, that`s it. will say when done, we open the access |
| Question: |
starlady.ru.com checked open access |
| Question: |
downloaded oisi.md to your computer proveriti: Trojan program (19) Virus.PHP.Agent.xd Deleted 19.03.2015 9:47:08 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\libraries\\tcpdf\\fonts\\ symbol.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:47:08 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\libraries\\tcpdf\\config\\ plugin.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:47:07 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\libraries\\fof\\hal\\render\\ themes.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:47:05 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\libraries\\fof\\config\\domain\\ dispatcher.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:47:04 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\libraries\\fof\\layout\\ file.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:47:03 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\libraries\\fof\\string\\ utils.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:47:01 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\libraries\\joomla\\application\\component\\ controlleradmin.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:46:59 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\media\\kunena\\avatars\\gallery\\ db.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:46:58 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\components\\com_ose_cpu\\extjs\\htmleditor\\tiny_mce\\ defines.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:46:58 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\components\\com_mailto_nowSpam\\ controller.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:46:57 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\components\\com_jce\\editor\\libraries\\xml\\ options.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:46:56 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\components\\com_content\\views\\category\\tmpl\\ session.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:46:55 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\components\\com_contact\\helpers\\ icon.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:46:54 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\plugins\\system\\yt\\ model.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:46:46 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\plugins\\search\\newsfeeds\\ newsfeeds.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:46:45 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\templates\\beez5\\ component.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:46:44 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\templates\\beez5\\language\\ info.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:46:43 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\templates\\beez_20\\images\\nature\\ footer.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 9:45:59 C:\\Users\\User\\Desktop\\oisi.md (2)\\oisi.md\\templates\\sj_lotte25\\html\\utility\\ gallery.RRS hosting website removed and filled with clean kanamono open access |
| Answer: |
You forget Cho in the presence of websila hacker has access to the folder any site. |
| Question: |
so I all sites closed 000 law and as a cleaning and check open as you said |
| Question: |
only include sites if clients have already been calling |
| Question: |
but I`ll at least sweep and inspection open |
| Answer: |
You understand that because of complaints data center can simply turn off the server? we are now open access, You need to check everything carefully |
| Answer: |
we`ve shared |
| Question: |
OK thanks do a thorough check |
| Answer: |
OK
|
| Question: |
I am going to report for each open site |
| Answer: |
OK
|
| Question: |
downloaded oisi.md to your computer проверилBackdoor.PHP.Agent.xd Deleted 19.03.2015 10:05:15 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\libraries\\f0f\\form\\ form.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:05:15 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\libraries\\f0f\\table\\behavior\\ utf.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:05:14 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\libraries\\f0f\\platform\\ blog.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:05:14 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\libraries\\cms\\form\\field\\ cache.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:05:04 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\libraries\\joomla\\installer\\adapters\\ cache.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:04:12 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\images\\1\\KRESTINY\\ file.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:04:12 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\images\\remote\\ themes.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:04:11 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\media\\mod_languages\\ code.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:04:10 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\modules\\mod_vtem_skitter\\ mod_vtem_skitter.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:04:09 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\components\\com_joomfish\\ javascript.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:04:08 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\components\\com_xmap\\views\\xml\\ utf.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:04:07 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\components\\com_akeeba\\ akeeba.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:04:06 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\components\\com_jce\\editor\\tiny_mce\\plugins\\ general.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:04:02 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\components\\com_jce\\ jce.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:04:00 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\plugins\\search\\ session.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:03:01 C:\\Users\\User\\Desktop\\beriozca.md (1)\\beriozca.md\\templates\\beez_20\\javascript\\ alias.RRS hosting website removed and filled with clean computer checked was pakistansaudi |
| Question: |
downloaded monument.com.md to your computer проверилBackdoor.PHP.Agent.xd Deleted 19.03.2015 10:14:21 C:\\Users\\User\\Desktop\\monument.com.md\\monument.com.md\\libraries\\joomla\\image\\ stats.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:14:14 C:\\Users\\User\\Desktop\\monument.com.md\\monument.com.md\\media\\system\\css\\ defines.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:14:13 C:\\Users\\User\\Desktop\\monument.com.md\\monument.com.md\\media\\jce\\mediaplayer\\ view.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:14:12 C:\\Users\\User\\Desktop\\monument.com.md\\monument.com.md\\modules\\mod_wrapper\\ model.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:14:11 C:\\Users\\User\\Desktop\\monument.com.md\\monument.com.md\\components\\com_jshopping\\views\\user\\ article.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:14:10 C:\\Users\\User\\Desktop\\monument.com.md\\monument.com.md\\plugins\\editors-xtd\\article\\ themes.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:13:08 C:\\Users\\User\\Desktop\\monument.com.md\\monument.com.md\\templates\\ot_photographer\\html\\com_users\\login\\ defines.RRS hosting website removed and filled with clean computer checked was pakistansaudi |
| Answer: |
what do You check? |
| Question: |
КІЅ2014и manual checks security specialist malware |
| Question: |
KIS2014 paid license |
| Question: |
downloaded cleanvac.md to your computer prevaricate clean when testing nothing obnarujennyh launched |
| Answer: |
check third-party scripts Dolittle |
| Question: |
OK |
| Question: |
downloaded palma-tour.com to their computer проверилBackdoor.PHP.Agent.xd Deleted 19.03.2015 10:59:49 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\libraries\\fof\\query\\ option.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:59:34 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\libraries\\fof\\query\\ abstract.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:59:32 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\images\\ROMANIA\\CASA VIOREL 4\\ option.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:59:31 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\images\\ROMANIA\\CASA SCHMIDT 3\\ proxy.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:59:25 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\images\\stories\\Starlight Conventions Center 5 SPO\\ utf.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:59:13 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\images\\stories\\ROMANIA_WINTER_2013\\Vila Casa Viorel 4\\ ajax.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:58:55 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\modules\\mod_zt_accordion_menu\\tmpl\\ diff.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:58:54 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\modules\\mod_articles_archive\\tmpl\\ diff.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:58:52 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\modules\\mod_articles_latest_thumb\\tmpl\\ test.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:58:50 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\modules\\mod_finder\\tmpl\\ test.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:58:46 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\components\\com_jshopping\\views\\category\\ blog.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:58:45 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\components\\com_weblinks\\models\\forms\\ functions.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:58:44 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\components\\com_contact\\views\\featured\\tmpl\\ xml.php Backdoor.PHP.Agent.xe Deleted 19.03.2015 10:58:42 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\plugins\\system\\nnframework\\helpers\\ protect.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:58:39 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\plugins\\system\\nnframework\\js\\ info.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 10:57:19 C:\\Users\\User\\Desktop\\palma-tour.com\\palma-tour.com\\plugins\\content\\relatedthumbarticles\\language\\ dump.php with hosting website removed and filled with clean computer checked was pakistansaudi |
| Answer: |
wow, how much virus was never found nor |
| Question: |
install KIS2014 on hosting |
| Answer: |
when it exist for linux servers, certainly set. |
| Question: |
downloaded wawpodarki.ru to their computer prevaricate clean when testing nothing obnarujennyh launched |
| Answer: |
OK
|
| Answer: |
anyway, the change just in case all the passwords |
| Question: |
|
| Question: |
downloaded aveks-m.ru to their computer prevaricate clean when testing nothing obnarujennyh launched |
| Question: |
downloaded palma-tour.com to their computer проверилBackdoor.PHP.Agent.xd Deleted 19.03.2015 12:03:23 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\libraries\\joomla\\application\\input\\ article.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:03:22 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\media\\media\\css\\ javascript.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:03:21 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\modules\\mod_gtranslate\\tmpl\\ code.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:03:21 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\plugins\\editors\\codemirror\\ codemirror.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:03:20 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\templates\\ot_paradise\\html\\mod_articles_latest\\ start.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:03:19 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\templates\\beez_20\\language\\ file.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:03:19 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\templates\\beez_20\\language\\ menu.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:03:18 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\__MACOSX\\libraries\\ ._platform.php Backdoor.PHP.Agent.xe Deleted 19.03.2015 12:03:17 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\__MACOSX\\libraries\\joomla\\updater\\ ._updateadapter.php Backdoor.PHP.Agent.xe Deleted 19.03.2015 12:03:17 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\__MACOSX\\libraries\\joomla\\string\\ ._string.php Backdoor.PHP.Agent.xe Deleted 19.03.2015 12:03:16 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\__MACOSX\\components\\com_wrapper\\ ._wrapper.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:03:15 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\__MACOSX\\components\\com_k2\\images\\placeholder\\ menu.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:03:15 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\__MACOSX\\components\\com_k2\\images\\system\\ list.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:03:13 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\__MACOSX\\components\\com_finder\\ ._controller.php Backdoor.PHP.Agent.xe Deleted 19.03.2015 12:03:11 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\__MACOSX\\components\\com_users\\models\\ ._remind.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:03:09 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\__MACOSX\\components\\com_newsfeeds\\models\\ ._category.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:02:59 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\__MACOSX\\templates\\beez5\\javascript\\ general.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:00:17 C:\\Users\\User\\Desktop\\avalanche-md.com\\avalanche-md.com\\__MACOSX\\templates\\ot_paradise\\images\\green\\ search.php with hosting website removed and filled with clean computer checked was pakistansaudi |
| Answer: |
please Wait. |
| Question: |
downloaded evolar.md to your computer проверилBackdoor.PHP.Agent.xd Deleted 19.03.2015 12:18:00 C:\\Users\\User\\Desktop\\evolar.md\\evolar.md\\libraries\\fof\\utils\\array\\ utf.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:17:58 C:\\Users\\User\\Desktop\\evolar.md\\evolar.md\\libraries\\joomla\\session\\ diff.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:17:57 C:\\Users\\User\\Desktop\\evolar.md\\evolar.md\\libraries\\joomla\\crypt\\ dirs.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:17:53 C:\\Users\\User\\Desktop\\evolar.md\\evolar.md\\images\\SSD1\\ search.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:17:36 C:\\Users\\User\\Desktop\\evolar.md\\evolar.md\\media\\system\\images\\mooRainbow\\ info.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:17:36 C:\\Users\\User\\Desktop\\evolar.md\\evolar.md\\components\\com_jshopping\\payments\\ payment.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:17:35 C:\\Users\\User\\Desktop\\evolar.md\\evolar.md\\components\\com_jshopping\\templates\\default\\user\\ ini.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:17:34 C:\\Users\\User\\Desktop\\evolar.md\\evolar.md\\components\\com_jshopping\\templates\\default\\product\\ header.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:17:33 C:\\Users\\User\\Desktop\\evolar.md\\evolar.md\\components\\com_jce\\editor\\ css.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:17:33 C:\\Users\\User\\Desktop\\evolar.md\\evolar.md\\components\\com_jce\\editor\\libraries\\classes\\ ini.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:17:32 C:\\Users\\User\\Desktop\\evolar.md\\evolar.md\\plugins\\system\\p3p\\ search.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:17:31 C:\\Users\\User\\Desktop\\evolar.md\\evolar.md\\plugins\\josetta_ext\\ ajax.php Backdoor.PHP.Agent.xe Deleted 19.03.2015 12:16:35 C:\\Users\\User\\Desktop\\evolar.md\\evolar.md\\templates\\vt_farm\\ index.php with hosting website removed and filled with clean computer checked was pakistansaudi |
| Answer: |
please Wait. |
| Question: |
downloaded ecatelena-plast.com.md to your computer проверилBackdoor.PHP.Agent.xd Deleted 19.03.2015 12:44:17 C:\\Users\\User\\Desktop\\ecatelena-plast.com.md\\ecatelena-plast.com.md\\modules\\mod_login\\tmpl\\ xml.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:44:17 C:\\Users\\User\\Desktop\\ecatelena-plast.com.md\\ecatelena-plast.com.md\\modules\\mod_skype_ajax\\ alias.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:44:16 C:\\Users\\User\\Desktop\\ecatelena-plast.com.md\\ecatelena-plast.com.md\\modules\\mod_footer\\ test.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:44:16 C:\\Users\\User\\Desktop\\ecatelena-plast.com.md\\ecatelena-plast.com.md\\modules\\mod_icetabs\\libs\\groups\\virtuemart\\ include.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:44:15 C:\\Users\\User\\Desktop\\ecatelena-plast.com.md\\ecatelena-plast.com.md\\plugins\\content\\jw_allvideos\\ info.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:44:15 C:\\Users\\User\\Desktop\\ecatelena-plast.com.md\\ecatelena-plast.com.md\\components\\com_jce\\editor\\tiny_mce\\plugins\\nonbreaking\\ login.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:44:15 C:\\Users\\User\\Desktop\\ecatelena-plast.com.md\\ecatelena-plast.com.md\\templates\\rhuk_milkyway\\images\\green\\ model.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:44:14 C:\\Users\\User\\Desktop\\ecatelena-plast.com.md\\ecatelena-plast.com.md\\templates\\it_paparazzi\\html\\com_poll\\ themes.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:43:41 C:\\Users\\User\\Desktop\\ecatelena-plast.com.md\\ecatelena-plast.com.md\\templates\\it_paparazzi\\html\\mod_latestnews\\ code.php with hosting website removed and filled with clean computer checked was pakistansaudi |
| Question: |
downloaded holidays.md to your computer проверилBackdoor.PHP.Agent.xd Deleted 19.03.2015 13:00:44 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\libraries\\f0f\\utils\\ ini.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:00:43 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\libraries\\f0f\\ session.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:00:43 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\libraries\\fof\\inflector\\ test.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:00:42 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\libraries\\fof\\utils\\ xml.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:00:41 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\libraries\\cms\\language\\ help.php Backdoor.PHP.Agent.xf Removed 19.03.2015 13:00:19 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\ index.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:59:25 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\media\\editors\\tinymce\\templates\\ article.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:59:21 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\media\\plugin_googlemap2\\site\\googleearthv3\\ admin.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:59:19 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\modules\\mod_feed\\ session.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:59:19 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\modules\\mod_articles_categories\\ plugin.php Backdoor.PHP.Agent.xe Deleted 19.03.2015 12:59:17 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\modules\\mod_slideshowck\\ mod_slideshowck.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:59:15 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\modules\\mod_iceslideshow\\libs\\elements\\ lofcategory.php Backdoor.PHP.Agent.xe Deleted 19.03.2015 12:59:05 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\components\\com_faqftw\\helpers\\ default_footer.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:59:02 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\components\\com_faqftw\\views\\faqs\\ view.html.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:58:59 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\components\\com_contact\\ router.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:58:48 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\plugins\\system\\nnframework\\ start.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:58:46 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\plugins\\finder\\newsfeeds\\ include.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 12:58:08 C:\\Users\\User\\Desktop\\holidays.md\\holidays.md\\templates\\it_therestaurant2\\css\\styles\\ style-switcher.php with hosting website removed and filled with clean computer checked was pakistansaudi |
| Question: |
downloaded mondolegno.md to your computer проверилBackdoor.PHP.Agent.xd Deleted 19.03.2015 13:20:14 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\libraries\\cms\\captcha\\ session.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:20:13 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\libraries\\cms\\controller\\ template.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:20:12 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\libraries\\cms\\view\\ stats.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:20:12 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\libraries\\joomla\\form\\rules\\ menu.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:20:11 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\libraries\\joomla\\html\\ utf.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:20:10 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\libraries\\omg\\assets\\ view.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:20:09 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\libraries\\omg\\ blog.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:20:06 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\modules\\ javascript.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:20:05 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\modules\\mod_sj_js_slider\\core\\fields\\ menu.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:20:03 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\modules\\mod_ot_lightboxlogin\\language\\ css.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:20:02 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\modules\\mod_custom\\tmpl\\ default.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:20:01 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\components\\com_jshopping\\views\\search\\ start.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:20:00 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\components\\com_k2\\templates\\default\\ category_item_links.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:19:59 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\components\\com_users\\views\\profile\\ view.html.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:19:58 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\plugins\\system\\redirect\\ javascript.php Backdoor.PHP.Agent.xe Deleted 19.03.2015 13:19:58 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\plugins\\content\\pagebreak\\ pagebreak.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:18:44 C:\\Users\\User\\Desktop\\mondolegno.md\\mondolegno.md\\templates\\ot_azuline\\html\\com_virtuemart\\orders\\ options.php with hosting website removed and filled with clean computer checked was pakistansaudi |
| Question: |
downloaded mistroim.md to your computer проверилBackdoor.PHP.Agent.xd Deleted 19.03.2015 13:41:50 C:\\Users\\User\\Desktop\\mistroim.md\\mistroim.md\\libraries\\phputf8\\mbstring\\ global.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:41:50 C:\\Users\\User\\Desktop\\mistroim.md\\mistroim.md\\modules\\mod_hg_slidingframes\\assets\\js\\ css.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:41:49 C:\\Users\\User\\Desktop\\mistroim.md\\mistroim.md\\modules\\mod_hg_staticcontent\\tmpl\\ countdown.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:41:48 C:\\Users\\User\\Desktop\\mistroim.md\\mistroim.md\\components\\com_jshopping\\tables\\ shippingmethod.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:41:48 C:\\Users\\User\\Desktop\\mistroim.md\\mistroim.md\\components\\com_jshopping\\tables\\ tax.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:41:47 C:\\Users\\User\\Desktop\\mistroim.md\\mistroim.md\\components\\com_jshopping\\templates\\default\\category\\ diff.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:41:46 C:\\Users\\User\\Desktop\\mistroim.md\\mistroim.md\\components\\com_jshopping\\lib\\tcpdf\\ help.php Backdoor.PHP.Agent.xe Deleted 19.03.2015 13:41:46 C:\\Users\\User\\Desktop\\mistroim.md\\mistroim.md\\components\\com_jshopping\\lib\\tcpdf\\ tcpdf.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:41:45 C:\\Users\\User\\Desktop\\mistroim.md\\mistroim.md\\plugins\\system\\hg_assets\\assets\\images\\ dump.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:41:44 C:\\Users\\User\\Desktop\\mistroim.md\\mistroim.md\\plugins\\system\\nnframework\\fields\\ categoriesk2.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:41:43 C:\\Users\\User\\Desktop\\mistroim.md\\mistroim.md\\plugins\\system\\log\\ log.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:40:45 C:\\Users\\User\\Desktop\\mistroim.md\\mistroim.md\\templates\\kallyas\\html\\com_virtuemart\\pluginresponse\\ system.php with hosting website removed and filled with clean computer checked was pakistansaudi |
| Question: |
downloaded restaurantnunta.com to their computer проверилBackdoor.PHP.Agent.xf Removed 19.03.2015 13:50:39 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\ INSTALL.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:39 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\libraries\\phpmailer\\ test.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:38 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\libraries\\pattemplate\\patTemplate\\ InputFilter.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:37 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\libraries\\joomla\\database\\table\\ content.php Backdoor.PHP.Agent.xe Deleted 19.03.2015 13:50:36 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\libraries\\joomla\\filter\\ filteroutput.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:36 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\libraries\\joomla\\application\\component\\ helper.php Backdoor.PHP.Agent.xf Removed 19.03.2015 13:50:35 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\ COPYRIGHT.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:34 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\includes\\domit\\ xml_domit_include.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:33 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\includes\\PEAR\\ info.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:32 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\includes\\js\\dtree\\img\\ press.php Backdoor.PHP.Agent.xf Removed 19.03.2015 13:50:31 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\ CHANGELOG.php Backdoor.PHP.Agent.xf Removed 19.03.2015 13:50:29 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\ CREDITS.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:29 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\modules\\mod_search\\tmpl\\ model.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:28 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\modules\\mod_feed\\ mod_feed.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:26 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\modules\\mod_artsexylightbox\\artsexylightbox\\images\\white\\ ajax.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:25 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\components\\com_jce\\views\\ file.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:24 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\components\\com_weblinks\\ global.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:23 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\plugins\\user\\ example.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:22 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\plugins\\system\\ list.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:21 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\plugins\\system\\nnframework\\fields\\ slide.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:20 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\plugins\\system\\nnframework\\fields\\nn\\ search.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:19 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\plugins\\editors\\jce\\tiny_mce\\plugins\\tabfocus\\ sql.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:18 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\plugins\\content\\ vote.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:17 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\plugins\\editors-xtd\\modulesanywhere\\ modulesanywhere.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:16 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\templates\\zt_jorda\\html\\com_user\\reset\\ diff.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:15 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\templates\\zt_jorda\\html\\com_poll\\poll\\ ini.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:14 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\templates\\beez\\html\\com_search\\ code.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 13:50:12 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\templates\\beez\\html\\mod_latestnews\\ default.php Backdoor.PHP.Agent.xf Removed 19.03.2015 13:48:46 C:\\Users\\User\\Desktop\\restaurantnunta.com\\restaurantnunta.com\\ LICENSES.RRS hosting website removed and filled with clean computer checked was pakistansaudi |
| Question: |
downloaded crispol.md to your computer proveris hosting website removed and filled with clean computer checked was pakistansaudi |
| Question: |
downloaded stasgladcom.md to your computer proveris hosting website removed and filled with clean computer checked was pakistansaudi |
| Question: |
downloaded stasgladcom.md to your computer проверилBackdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:33 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\libraries\\phpmailer\\ phpmailer.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:32 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\libraries\\f0f\\less\\formatter\\ classic.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:32 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\libraries\\f0f\\view\\ raw.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:31 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\libraries\\joomla\\language\\ include.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:31 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\libraries\\fof\\config\\ view.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:30 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\libraries\\joomla\\document\\html\\ html.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:30 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\libraries\\joomla\\html\\ editor.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:29 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\libraries\\joomla\\image\\filters\\ file.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:29 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\libraries\\joomla\\application\\component\\ controllerform.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:28 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\libraries\\joomla\\string\\ ini.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:27 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\components\\com_finder\\helpers\\html\\ query.php Backdoor.PHP.Agent.xe Deleted 19.03.2015 14:25:27 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\modules\\mod_k2_tools\\tmpl\\ breadcrumbs.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:26 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\components\\com_users\\views\\ sql.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:23 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\components\\com_content\\views\\form\\ global.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:22 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\components\\com_weblinks\\ weblinks.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:22 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\components\\com_content\\views\\form\\tmpl\\ file.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:21 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\components\\com_newsfeeds\\views\\categories\\ themes.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:20 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\components\\com_contact\\views\\category\\ test.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:20 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\components\\com_contact\\models\\ admin.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:19 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\plugins\\finder\\contacts\\ dir.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:25:18 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\templates\\ot_spasalon\\ index.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:24:43 C:\\Users\\User\\Desktop\\granilux.md\\granilux.md\\templates\\ot_spasalon\\html\\mod_menu the\\ diff.RRS hosting website removed and filled with clean computer checked was pakistansaudi |
| Question: |
downloaded stasgladcom.md to your computer проверилBackdoor.PHP.Agent.xd Deleted 19.03.2015 14:45:47 C:\\Users\\User\\Desktop\\bambino.com.md\\bambino.com.md\\libraries\\fof\\render\\ admin.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:45:45 C:\\Users\\User\\Desktop\\bambino.com.md\\bambino.com.md\\libraries\\joomla\\installer\\adapters\\ ajax.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:45:43 C:\\Users\\User\\Desktop\\bambino.com.md\\bambino.com.md\\libraries\\joomla\\image\\filters\\ search.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:45:42 C:\\Users\\User\\Desktop\\bambino.com.md\\bambino.com.md\\media\\system\\ javascript.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:45:41 C:\\Users\\User\\Desktop\\bambino.com.md\\bambino.com.md\\modules\\mod_syndicate\\tmpl\\ default.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:45:40 C:\\Users\\User\\Desktop\\bambino.com.md\\bambino.com.md\\components\\com_wrapper\\ db.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:45:39 C:\\Users\\User\\Desktop\\bambino.com.md\\bambino.com.md\\components\\com_newsfeeds\\views\\categories\\tmpl\\ config.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:45:38 C:\\Users\\User\\Desktop\\bambino.com.md\\bambino.com.md\\plugins\\authentication\\joomla\\ start.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:45:27 C:\\Users\\User\\Desktop\\bambino.com.md\\bambino.com.md\\plugins\\system\\ksecure\\ stats.php Backdoor.PHP.Agent.xd Deleted 19.03.2015 14:41:30 C:\\Users\\User\\Desktop\\bambino.com.md\\bambino.com.md\\plugins\\system\\nonumberelements\\elements\\textareaplus\\ plugin.php with hosting website removed and filled with clean computer checked was pakistansaudi |
| Answer: |
Your account is unlocked.
please Check now. |
| Question: |
downloaded plitca.md to your computer proveris hosting website removed and filled with clean computer checked was pakistansaudi |
| Question: |
downloaded vesnic-granit.com.md to your computer proveris hosting website removed and filled with clean computer checked was pakistansaudi |
| Answer: |
what do these multiple messages? |
| Question: |
understand |
| Answer: |
OK |
