Downloaded from where? The WordPress themes section of this site or…?
If it’s some other site, there’s not a whole lot that can be done.
Thread Starter
saxamo
(@saxamo)
I am usually pretty good about not downloading things from other sites that are not the creators downloads. However, maybe on this one instance I downloaded it from some place else. I can’t remember any more.
I have downloaded it again from your site and checked the file and as you state there is no virus in the download.
I am sorry for the scare but I just can’t understand at this time how it came down in the download of the zip file.
The file on 9thsphere is clean:
http://themes.9thsphere.com/category/wordpress/streamline/
Thanks for your replies..
Kind regards,
Saxamo
if you have run the easy csv importer plugin, you probably got infected from it. The PHP.Kryptik.AB trojan is embedded in the file functions/ecs_functions_code.php. At least that is what eset NODE32 tells me. While this trojan might be used as an update tool, I doubt it since the plugin developer has refused to put any physical address on file with his registrar. See the readme.txt file for the URL.
Always a good idea to download the plugins and scan before installing to your blog or site. The easy install in WP is a nice time saver for us and the hackers.
I realize this is an old thread. But I came on it trying to get a description of the same Trojan. It appears that the reason this was found on this site was never resolved.
I’m assisting in cleaning malware from a system and the entry I see is slightly different:
C:\Documents and Settings\xxxxx\My Documents\Professional Websites\z_Design Sites\Word Press\themes\Darren\miscellany.zip PHP/Kryptik.AB trojan
C:\Documents and Settings\xxxxx\My Documents\Professional Websites\z_Design Sites\Word Press\themes\Darren\miscellany\footer.php PHP/Kryptik.AB trojan
