Announcement

Collapse
No announcement yet.

Suspect file in includes?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Suspect file in includes?

    Hi can anyone tell me if there should be a file called vbf.php in /includes?

    I downloaded this folder and my AV shows this File name:\includes\vbf.php Threat name: PHP/BackDoor.C99Shell
    Kind regards,
    Simon
    Microsoft Office Discussion

  • #2
    no php file with that name in that folder

    Comment


    • #3
      Suspect file in includes?

      Like said above, not a vB file, you've been compromised at the server level.

      Comment


      • #4
        http://www.keleko.com/2011/fixes-for...y-team-animus/
        "Our greatest weakness lies in giving up. The most certain way to succeed is always to try just one more time!"
        "It's important to only think about what you desire, not what you fear to achieve your ultimate goal!!"
        "When doors close, tear down the walls. Never give up!"

        Comment


        • #5
          Thanks all, i knew it didn't exist in the standard package, i thought it belonged to an add on (mod) that someone mights recognise. HMBeaty at least that link narrowed it down to which mod.

          The infection isn't on my site. What it did to this poor users forum was delete the forumid column from the forum table and you have to rebuild the templates table. Just ALTERing and adding a forumid column isn't much good really as all the forum id's are then wrong and have to be adjusted manually.

          Reading through the offending script it shows that they pretty much scrape everything from your server and databases, when i say everything i mean EVERYTHING!

          Don't you just hate folk like that??
          Kind regards,
          Simon
          Microsoft Office Discussion

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X