Posted 1 year ago #
Seems to be something up with this download. Might be a false positive due to the encryption in the footer. Would like to pay to have footer replaced with normal footer minus advertising.
\\XXXXXXX\Xxxxxxx\Xxxxxx\xxxxx\streamline\streamline.zip » ZIP » streamline/footer.php - PHP/Kryptik.AB trojan
Suggestions and replacement options appreciated.
Kind regards,
Saxamo
Downloaded from where? The WordPress themes section of this site or...?
If it's some other site, there's not a whole lot that can be done.
There's absolutely nothing of this kind in the footer.php file of the Streamline theme in the Themes Directory. Sounds to me like your site may have been hacked.
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/
Posted 1 year ago #
I am usually pretty good about not downloading things from other sites that are not the creators downloads. However, maybe on this one instance I downloaded it from some place else. I can't remember any more.
I have downloaded it again from your site and checked the file and as you state there is no virus in the download.
I am sorry for the scare but I just can't understand at this time how it came down in the download of the zip file.
The file on 9thsphere is clean:
http://themes.9thsphere.com/category/wordpress/streamline/
Thanks for your replies..
Kind regards,
Saxamo
Posted 1 year ago #
if you have run the easy csv importer plugin, you probably got infected from it. The PHP.Kryptik.AB trojan is embedded in the file functions/ecs_functions_code.php. At least that is what eset NODE32 tells me. While this trojan might be used as an update tool, I doubt it since the plugin developer has refused to put any physical address on file with his registrar. See the readme.txt file for the URL.
Always a good idea to download the plugins and scan before installing to your blog or site. The easy install in WP is a nice time saver for us and the hackers.
Posted 1 year ago #
I realize this is an old thread. But I came on it trying to get a description of the same Trojan. It appears that the reason this was found on this site was never resolved.
I'm assisting in cleaning malware from a system and the entry I see is slightly different:
C:\Documents and Settings\xxxxx\My Documents\Professional Websites\z_Design Sites\Word Press\themes\Darren\miscellany.zip PHP/Kryptik.AB trojan
C:\Documents and Settings\xxxxx\My Documents\Professional Websites\z_Design Sites\Word Press\themes\Darren\miscellany\footer.php PHP/Kryptik.AB trojan
This topic has been closed to new replies.
