[RISOLTO] html:ImgHack-A [Trj] trojan

[tommygc]

Salve a tutti

 

il mio sito presenta alla connessione un trojan, identificato da avast

 

 

Dettagli dell'infezione

URL: http://xxx.xxxxxx.it/favicon.ico Processo: file://C:\Program Files (x86)\Google\Chr... Infezione: html:ImgHack-A [Trj]

qualcuno mi sa dare qualche indicazione per eliminare questo problema

 

grazie

[Mike Kranzler]

Ciao tommygc,

Potete per favore inseri sci il tuo URL in modo che posso guarda requesto per voi?Questo probabilmente nonè un PrestaShop problema specifico, masarò felice per cercare di aiutare a determina rela vera causa.

 

-Mike

[tommygc]

thanks mike

 

this is my website wwwDOTxxxxxxxxxDOTit

 

I deleted all my website files and I droped my sql database to try cancel the issue, but that did not solve the problem

 

Ho cancellato tutti i files del mio sito e tutte le tabelle del database, ma questo non ha risolto il problema.

[Mike Kranzler]

Without the site being up I can't work with a developer to try to identify the issue, but like I said earlier, this does not sound like any sort of issue specific to PrestaShop. My guess is, having seen this sort of problem before, someone has gained access to your site via FTP and has installed some sort of script in one of the directories.

 

Before you do anything else, please be sure to change your FTP password, as this appears to be the likely culprit when it comes to identifying the vulnerability.

 

Beyond that, there's not much I can recommend, but that should at least secure your site from future attacks, and you can ask your hosting provider to help you identify what has been done to your site.

 

-Mike

[tommygc]

Hi Mike

thanks for the answer

 

I removed all files from my host looking for the issue, I found the trojan in a folder on the root of my host, and I think this is a problem of my provider. NOT in the PS folders.

The folder called ERROR and it had index.php files inside the folders 401, 402, 403, 404, I found many rows at the end of those files (after </html>) like these:

 

 

I cancelled these rows from every files and the issue looks fixed, this issue was reported just from Avast antivirus, others antivirus don't show to recognize the problem.

 

Please if you want have a look to my website (www xxxxxxxxxxx dot it ) is now online and it works good, report to me if you will find some security issue

 

thank you for your time and interest

Best regards

[Mike Kranzler]

Everything looks good to me on my end now. Even though it wasn't a PrestaShop issue, I'm glad you were able to resolve this! There's nothing worse than having your website compromised, you may want to be sure to notify your hosting provider so that they can look into this on their end as well. I will go ahead and mark this thread as solved for you. Happy selling!

 

-Mike

[tommygc]

this can help

 

questo potrebbe aiutare

 

http://www.google.com/support/forum/p/Webmasters/thread?tid=1b624f24baa445a6&hl=en