Joomla Templates Club 406,261 posts

[mile1950 Friend mile1950Join date: October 2015Posts: 140Downloads:21Uploads:11 Thanks: 104 Thanked: 3 times in 2 posts]

#831972

Hi,

So my site is suspended by bluehost because it contains malwere :(.

Could you somehow help me they will generate some malware.txt file

Please I am desperate I have lost all my work till now and I was almost ready to publish my site.

[Pankaj Sharma Moderator Pankaj SharmaJoin date: February 2015Posts: 24589Downloads:144Uploads:202 Thanks: 127 Thanked: 4196 times in 4019 posts]

#832721

Hi
Could u provide more details , which file is effected with it , so i can only replace that files from the fresh package it reuse the site . (please save your custom changes before replacing the file and take full backup)
I strongly recommend you to use Security extension on your site from JED Here

[mile1950 Friend mile1950Join date: October 2015Posts: 140Downloads:21Uploads:11 Thanks: 104 Thanked: 3 times in 2 posts]

#833115

Hi Pankaj,

unfortunately they have suspended my site and I cannot access to backpanel anymore.
I don’t know how I would be able to check where the malware is since I am a beginner.

As well I am not sure I can install anymore the back up.

Do you have any solution for me?

Thank you for your time.

Regards

[Pankaj Sharma Moderator Pankaj SharmaJoin date: February 2015Posts: 24589Downloads:144Uploads:202 Thanks: 127 Thanked: 4196 times in 4019 posts]

#833254

Hi
You need to ask your host provider to give your site backup and about infected file , without running the site you can not found anything about site issue.

[mile1950 Friend mile1950Join date: October 2015Posts: 140Downloads:21Uploads:11 Thanks: 104 Thanked: 3 times in 2 posts]

#842547

Hi Pankaj,

finally I get malware.txt file with list of infected files but I don’t know about the backup. Will I lose some data and what I should do? What will change?

Here you have list of infected files:

The Content listed below may not be a complete list of malicious content on your account.
You are ultimately responsible for all of your content.
This is just what we have found that appears to be malicious.
These files appear to contain malicious code. You will want to review the files and remove the injected code from important files and/or remove unused or invalid files.

/home1/essencl7/public_html/error_log
/home1/essencl7/public_html/footer65.php
/home1/essencl7/public_html/libraries/fof/utils/ip/ip.php
/home1/essencl7/public_html/libraries/fof/encrypt/totp.php
/home1/essencl7/public_html/libraries/fof/encrypt/base32.php
/home1/essencl7/public_html/libraries/fof/model/dispatcher/behavior.php
/home1/essencl7/public_html/libraries/fof/autoloader/component.php
/home1/essencl7/public_html/libraries/fof/dispatcher/dispatcher.php
/home1/essencl7/public_html/libraries/vendor/phpmailer/phpmailer/PHPMailerAutoload.php
/home1/essencl7/public_html/libraries/vendor/phpmailer/phpmailer/class.phpmailer.php
/home1/essencl7/public_html/libraries/idna_convert/uctc.php
/home1/essencl7/public_html/libraries/solidres/user/user.php
/home1/essencl7/public_html/libraries/joomla/uri/uri.php
/home1/essencl7/public_html/libraries/joomla/user/user.php
/home1/essencl7/public_html/libraries/joomla/model/database.php
/home1/essencl7/public_html/libraries/joomla/document/html/html.php
/home1/essencl7/public_html/libraries/joomla/oauth1/start.php
/home1/essencl7/public_html/libraries/simplepie/idn/utf.php
/home1/essencl7/public_html/libraries/cms/html/user.php
/home1/essencl7/public_html/libraries/cms/html/access.php
/home1/essencl7/public_html/modules/mod_ja_acm/admin/assets/script.js
/home1/essencl7/public_html/modules/mod_ja_acm/admin/assets/jBox/jBox.min.js
/home1/essencl7/public_html/modules/mod_ja_acm/admin/assets/jBox/jBox.js
/home1/essencl7/public_html/modules/mod_jamasshead/asset/jquery/jquery.min.js
/home1/essencl7/public_html/media/system/js/mootools-core.js
/home1/essencl7/public_html/media/system/js/mootools-core-uncompressed.js
/home1/essencl7/public_html/administrator/templates/hathor/html/com_postinstall/messages/default.php
/home1/essencl7/public_html/administrator/templates/isis/js/jquery.js
/home1/essencl7/public_html/administrator/components/com_postinstall/views/messages/tmpl/default.php
/home1/essencl7/public_html/administrator/components/com_joomlaupdate/restore.php
/home1/essencl7/public_html/administrator/components/com_config/view/application/html.php
/home1/essencl7/public_html/administrator/components/com_config/view/application/json.php
/home1/essencl7/public_html/administrator/components/com_config/view/application/tmpl/default_navigation.php
/home1/essencl7/public_html/administrator/components/com_config/view/component/html.php
/home1/essencl7/public_html/administrator/components/com_config/view/component/tmpl/default_navigation.php
/home1/essencl7/public_html/administrator/components/com_config/model/application.php
/home1/essencl7/public_html/administrator/components/com_k2/controllers/media.php
/home1/essencl7/public_html/administrator/components/com_k2/lib/JSON.php
/home1/essencl7/public_html/administrator/components/com_k2/models/users.php
/home1/essencl7/public_html/administrator/components/com_k2/tables/k2item.php
/home1/essencl7/public_html/administrator/components/com_k2/tables/k2category.php
/home1/essencl7/public_html/administrator/components/com_jaextmanager/assets/japopup/ja.popup.js
/home1/essencl7/public_html/administrator/components/com_jaextmanager/assets/js/jquery.js
/home1/essencl7/public_html/administrator/components/com_jaextmanager/lib/jaupdater/core/php5/json.php
/home1/essencl7/public_html/administrator/components/com_jaextmanager/lib/simplexml.php
/home1/essencl7/public_html/administrator/components/com_jaextmanager/lib/xlib/pclzip/pclzip.lib.php
/home1/essencl7/public_html/administrator/components/com_solidres/tables/facility.php
/home1/essencl7/public_html/administrator/components/com_admin/script.php
/home1/essencl7/public_html/administrator/components/com_users/controllers/mail.php
/home1/essencl7/public_html/administrator/components/com_users/models/user.php
/home1/essencl7/public_html/administrator/components/com_users/models/group.php
/home1/essencl7/public_html/administrator/components/com_search/controllers/session.php
/home1/essencl7/public_html/administrator/test.php
/home1/essencl7/public_html/administrator/language/en-GB/en-GB.lib_joomla.ini
/home1/essencl7/public_html/media/k2/assets/js/jquery-1.8.3.min.js
/home1/essencl7/public_html/media/k2/assets/js/jquery-1.11.0.min.js
/home1/essencl7/public_html/media/k2/assets/js/jquery-1.9.0.min.js
/home1/essencl7/public_html/media/k2/assets/js/jquery-1.4.4.min.js
/home1/essencl7/public_html/media/k2/assets/js/jquery-1.6.4.min.js
/home1/essencl7/public_html/media/k2/assets/js/jquery-1.3.2.min.js
/home1/essencl7/public_html/media/k2/assets/js/nicEdit.js
/home1/essencl7/public_html/media/k2/assets/js/jquery-ui-1.8.24.custom.min.js
/home1/essencl7/public_html/media/k2/assets/js/jquery-1.9.1.min.js
/home1/essencl7/public_html/media/k2/assets/js/jquery-1.7.2.min.js
/home1/essencl7/public_html/media/k2/assets/js/jquery-1.8.2.min.js
/home1/essencl7/public_html/media/k2/assets/js/jquery-1.10.2.min.js
/home1/essencl7/public_html/media/k2/assets/js/jquery-1.5.2.min.js
/home1/essencl7/public_html/media/k2/assets/js/jquery-1.6.3.min.js
/home1/essencl7/public_html/media/com_joomlaupdate/json2.js
/home1/essencl7/public_html/media/com_solidres/assets/js/statistics/jqplot.json2.js
/home1/essencl7/public_html/media/com_solidres/assets/js/statistics/jqplot.json2.min.js
/home1/essencl7/public_html/media/com_solidres/assets/js/statistics/jquery.jqplot.js
/home1/essencl7/public_html/media/com_solidres/assets/js/jquery/ui/jquery-ui.js
/home1/essencl7/public_html/media/com_solidres/assets/js/jquery/ui/jquery-ui.min.js
/home1/essencl7/public_html/media/com_solidres/assets/js/jquery/external/jquery.metadata.js
/home1/essencl7/public_html/media/com_solidres/assets/js/angular/angular.js
/home1/essencl7/public_html/media/com_solidres/assets/js/angular/angular-route.min.js
/home1/essencl7/public_html/media/com_solidres/assets/js/angular/angular-route.js
/home1/essencl7/public_html/media/com_solidres/assets/js/angular/angular.min.js
/home1/essencl7/public_html/media/jui/less/type.less
/home1/essencl7/public_html/media/jui/js/jquery.min.js
/home1/essencl7/public_html/media/jui/js/jquery.ui.core.min.js
/home1/essencl7/public_html/media/jui/js/jquery.js
/home1/essencl7/public_html/media/jui/js/jquery.ui.core.js
/home1/essencl7/public_html/media/editors/tinymce/plugins/compat3x/tiny_mce_popup.js
/home1/essencl7/public_html/templates/ja_hotel/js/jquery.infinitescroll.js
/home1/essencl7/public_html/templates/ja_hotel/js/script.js
/home1/essencl7/public_html/templates/ja_hotel/js/jquery.infinitescroll.min.js
/home1/essencl7/public_html/plugins/system/solidres/solidres.php
/home1/essencl7/public_html/plugins/system/t3/base-bs3/js/less.js
/home1/essencl7/public_html/plugins/system/t3/base-bs3/js/less.unmin.js
/home1/essencl7/public_html/plugins/system/t3/base-bs3/js/jquery-1.11.2.min.js
/home1/essencl7/public_html/plugins/system/t3/base-bs3/js/jquery-1.11.2.js
/home1/essencl7/public_html/plugins/system/t3/base-bs3/bootstrap/css/bootstrap-theme.css.map
/home1/essencl7/public_html/plugins/system/t3/admin/js/json2.js
/home1/essencl7/public_html/plugins/system/t3/admin/js/jquery-1.8.3.min.js
/home1/essencl7/public_html/plugins/system/t3/admin/js/jquery-1.8.3.js
/home1/essencl7/public_html/plugins/system/t3/admin/fonts/fa4/fonts/fontawesome-webfont.woff
/home1/essencl7/public_html/plugins/system/t3/base/js/less.js
/home1/essencl7/public_html/plugins/system/t3/base/js/jquery-1.11.2.min.js
/home1/essencl7/public_html/plugins/system/t3/base/js/jquery-1.11.2.js
/home1/essencl7/public_html/plugins/system/t3/base/bootstrap/less/type.less
/home1/essencl7/public_html/plugins/system/t3/base/bootstrap/js/tests/vendor/jquery.js
/home1/essencl7/public_html/plugins/system/t3/base/bootstrap/js/tests/phantom.js
/home1/essencl7/public_html/plugins/system/t3/base/bootstrap/js/jquery.js
/home1/essencl7/public_html/modules/mod_jafacebooklikebox/asset/jquery/jquery.min.js
/home1/essencl7/public_html/plugins/system/t3/admin/fonts/fa4/utf8-d02.php
/home1/essencl7/public_html/media/editors/codemirror/theme/dirs.php
/home1/essencl7/public_html/media/cms/css/object.php
/home1/essencl7/public_html/plugins/system/t3/includes/lessphp/less/less.php
/home1/essencl7/public_html/plugins/system/debug/debug.php
/home1/essencl7/public_html/plugins/solidres/complextariff/media/com_solidres/assets/js/angular/angular.js
/home1/essencl7/public_html/plugins/solidres/complextariff/media/com_solidres/assets/js/angular/angular-route.min.js
/home1/essencl7/public_html/plugins/solidres/complextariff/media/com_solidres/assets/js/angular/angular-route.js
/home1/essencl7/public_html/plugins/solidres/complextariff/media/com_solidres/assets/js/angular/angular.min.js
/home1/essencl7/public_html/plugins/solidres/invoice/libraries/solidres/invoice/tcpdf/include/tcpdf_font_data.php
/home1/essencl7/public_html/plugins/solidres/invoice/libraries/solidres/invoice/tcpdf/CHANGELOG.TXT
/home1/essencl7/public_html/plugins/solidres/invoice/libraries/solidres/invoice/tcpdf/fonts/pdfacourierbi.z
/home1/essencl7/public_html/plugins/solidres/statistics/media/com_solidres/assets/js/statistics/jqplot.json2.js
/home1/essencl7/public_html/plugins/solidres/statistics/media/com_solidres/assets/js/statistics/jqplot.json2.min.js
/home1/essencl7/public_html/plugins/solidres/statistics/media/com_solidres/assets/js/statistics/jquery.jqplot.js
/home1/essencl7/public_html/plugins/content/jadisqus_debate_echo/asset/jquery/jquery.min.js
/home1/essencl7/public_html/components/com_jce/editor/libraries/jquery/js/jquery.min.js
/home1/essencl7/public_html/components/com_jce/editor/libraries/jquery/js/jquery-ui.min.js
/home1/essencl7/public_html/components/com_jce/editor/tiny_mce/tiny_mce.js
/home1/essencl7/public_html/components/com_config/view/templates/html.php
/home1/essencl7/public_html/components/com_config/view/config/html.php
/home1/essencl7/public_html/components/com_k2/helpers/route.php
/home1/essencl7/public_html/components/com_users/models/registration.php
/home1/essencl7/public_html/components/com_users/models/reset.php
/home1/essencl7/public_html/language/en-GB/en-GB.com_users.ini
/home1/essencl7/public_html/language/en-GB/en-GB.lib_joomla.ini
/home1/essencl7/public_html/components/com_jce/editor/tiny_mce/tiny_mce_popup.js
/home1/essencl7/public_html/plugins/content/jabookmark/assets/elements/jacolorpicker/jscolor.js
/home1/essencl7/public_html/plugins/content/jabookmark/assets/jquery/jquery.min.js
/home1/essencl7/public_html/plugins/user/profile/lib.php
/home1/essencl7/public_html/plugins/content/solidres/conf-00.php

[Pankaj Sharma Moderator Pankaj SharmaJoin date: February 2015Posts: 24589Downloads:144Uploads:202 Thanks: 127 Thanked: 4196 times in 4019 posts]

#842556

Hi
as u can see your files are completely effected in most of the component and in Joomla also . I suggest you to upload your previous site backup . There is only one of our extension that is effected is JA Extension manager component , You can directly remove this extension from /components folder . or replace its effected files .
Regarding other files i am not sure as its core Joomla and some other 3rd party extension , You may also replace them with fresh code files or ask it on joomla forum and the extensions support team.

[mile1950 Friend mile1950Join date: October 2015Posts: 140Downloads:21Uploads:11 Thanks: 104 Thanked: 3 times in 2 posts]

#844800

Hi Pankraj,

I don’ t have backup, how smart. This is my first site in my life and I have no experience before with joomla.

If I understand it correctly only one file from joomla is infected so would need to change it. Could you please let me know what is the best way do it?

As the other infected files are from extensions I could delete them as well and later just install them if I want. Will this affect mine site since have installed only discus comments as extension?

Please help me find a solution.

Kind regards

[Pankaj Sharma Moderator Pankaj SharmaJoin date: February 2015Posts: 24589Downloads:144Uploads:202 Thanks: 127 Thanked: 4196 times in 4019 posts]

#845025

Hi
i am not able to suggest anything more on this sir , As there are alot of files are infected in from core Joomla and third party extension , you may try to replace the files on this or raise your question on Joomla forum , you will get more accurate info for this on Joomla forum .

[Author]

Posts