News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Trojans in Forum Files

Started by [CQFF]Richie, July 01, 2017, 05:18:45 PM

Previous topic - Next topic

[CQFF]Richie

Hello everyone,

I happened to do a forum back-up on a Windows PC (normally, back-ups are done through Linux), and Windows Defender detected two trojans within my compressed back-up file.  They are Trojan:JS/Redirector and Trojan:JS/Iframeinject.  When I ask it for details, it gives me a long list which it will not allow me to copy and paste.  Basically, it points to index.php and a whole bunch of other variations of index.php in modification folders.  I downloaded the main index.php file, but cannot seem to find anything that looks off in it.  Granted, I also don't know exactly what to look for.  I've attached the file to this post, in case anybody wants to look at it.  Aside from backing up the database and reinstalling everything new, is there a way to correct this?  If any other details are needed, please ask - I will provide them.  Interestingly, kb_scan.php is not picking anything bad up.  However, I'm unsure whether this tool is still current.  My forum URL is hxxp:www.chexquest.org [nonactive].


Steve

Until someone with coding knowledge looks at your file, keep in mind false positives are common with anti-virus software.
DO NOT pm me for support!

Arantor

False positive. I bet it's hung up on the frame protection headers and the keepalive GIF embedded in the code.


[CQFF]Richie

Thank you, everybody!

Quote from: Johnny54 on July 01, 2017, 06:37:20 PM

The attached index.php is clean:
hxxp:www.virustotal.com/en/file/2cd1958abc56ce884873e42ca54c1c845de7d35319935562dd90a55505221a03/analysis/1498948463/ [nonactive]

Thank you!  That is a super helpful website!  It now resides in my bookmarks.

Advertisement: