Jump to content

Edit History

Rynraf

Rynraf


small typo

GOOD news!

The same thing happened to me. This is what it looked like in every cart step:

cart-scam.thumb.png.5692f88bce0d9d8a896ca30799df6e9f.png

But it's much easier way in this case to remove all infected files. There were about (I didn't count) 50 infected files just to remove and about 4 files to replace them by original Prestashop files.

What I did, step by step, easy steps:

  1. Download ALL files from ftp using FTP client (for example: FileZilla) to my local disk, to my computer.
  2. I did this on Windows 10. It's enough to use default Windows Defender. But I'm sure that every antyvirus will also alert all infected files just after downloading them.
  3. Windows Defener listed me all infected files.
  4. Using ftp client I opened each path, each folders on ftp server like was listed by Defender as infected files. All files which have to be deleted have "pairs" - always some file with graphic extension like jpg, png, webp + tiny php file with the same name, just with different extension (.php). Easy to find in folders because its names looks like JVcdl7fS.php and JVcdl7fS.png - created from random letters and digits.
  5. Few php files should be replaced, just few files. I got them from clear Preastashop installation with the same PS version.

This are folders listed by my native to Windows antyvirus. I guess that it's possible that in every store will be different folders with infected files. Don't know.

After all - my checkout is clear!

defender-pliki-lista.thumb.png.ae41a3da8c587ea835a6ec2902df3fb5.pngdefender-pliki-lista2.thumb.png.470bd05714078652ae3c24ccf138c77f.pngdefender-pliki-lista3.thumb.png.4074d1eed2aade103d314264d398f62b.png

 

Thank yout for this topic. It was inspiration for me how to resolve this. P.S. I couldn't use cleaner.php because memory limit and some other limtations on a server.

Rynraf

Rynraf

GOOD news!

The same thing happened to me. This is what it looked like in every cart step:

cart-scam.thumb.png.5692f88bce0d9d8a896ca30799df6e9f.png

But it's much easier way in this case to remove all infected files. There were about (I didn't count) 50 infected files just to remove and about 4 files to replace them by original Prestashop files.

What I did, step by step, easy steps:

  1. Download ALL files from ftp using FTP client (for example: FileZilla) to my local disk, to my computer.
  2. I did this on Windows 10. It's enough to use default Windows Defender. But I'm sure that every antyvirus will also alert all infected files just after downloading them.
  3. Windows Defener listed me all infected files.
  4. Using ftp client I opened each path, each folders on ftp server like was listed by Defender as infected files. All files which have to be deleted have "pairs" - always some file with graphic extension like jpg, png, webp + tiny php file with the same name, just with different extension (.php). Easy to find in folders because it's names like JVcdl7fS.php and JVcdl7fS.png created from random letters and digits.
  5. Few php files should be replaeced, just few files. I got them from clear Preastashop installation with the same PS version.

This are folders listed by my native to Windows antyvirus. I guess that it's possible that in every store will be different folders with infected files. Don't know.

After all - my checkout is clear!

defender-pliki-lista.thumb.png.ae41a3da8c587ea835a6ec2902df3fb5.pngdefender-pliki-lista2.thumb.png.470bd05714078652ae3c24ccf138c77f.pngdefender-pliki-lista3.thumb.png.4074d1eed2aade103d314264d398f62b.png

 

Thank you for this topic. Was inspiration for me how to resolve this. P.S. I couldn't use cleaner.php because memory limit and some other limtations on a server.

×
×
  • Create New...