Hi Ciaran,
I have a virus problem on a joomla site with J51 magnolia.
The virus is signaled by NOD32 with the following report:
<ESET>
<LOG>
<RECORD>
<COLUMN NAME="Ora">06/02/2018 16:58:13</COLUMN>
<COLUMN NAME="Scanner">Filtro HTTP</COLUMN>
<COLUMN NAME="Tipo di oggetto">FILE</COLUMN>
<COLUMN NAME="Oggetto">https://coinhive.com/lib/cryptonight.wasm</COLUMN>
<COLUMN NAME="Minaccia">una variante di Generik.HJNKXWD trojan horse</COLUMN>
<COLUMN NAME="Azione">connessione terminata</COLUMN>
<COLUMN NAME="Utente">win864-vm\admin864</COLUMN>
<COLUMN NAME="Informazioni">Minaccia rilevata all'accesso al Web dall'applicazione: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (21F39178BBBF22B470B8F983F8957EF7C8A8A13D).</COLUMN>
<COLUMN NAME="Hash">8C964DE7BB13FA9683EED76C419256462393C55C</COLUMN>
<COLUMN NAME="Prima visualizzazione"></COLUMN>
</RECORD>
</LOG>
</ESET>
also https://sitecheck.sucuri.net report the virus, see attachment.
If you visit one of the pages, after a while your CPU reach 50% load while the js application is probably mining bitcoins.
I checked this page: http://www.pctutor.it/ipl/la-mia-classe.html
that contains only j51 magnolia, the main menu, one joomla module with custom html (only to load ans link the image) and J51 icons module.
In the attachment you can find the page source code saved by google chrome. In the "La mia Classe_files" folder you can find the file "timebucks_miner.js.download" that probably is related to the virus.
Can you suggest me a way to come out of this?
Could be worth to re-install J51 template? In this case I'll lose all my parametrization?
Many thanks and regards
- Page :
- 1
There are no replies made for this post yet.
Be one of the first to reply to this post!
Be one of the first to reply to this post!