PHP/Kryptik.AB trojan - ESET NOD64 (6 posts)

  1. saxamo
    Posted 5 years ago #

    Seems to be something up with this download. Might be a false positive due to the encryption in the footer. Would like to pay to have footer replaced with normal footer minus advertising.

    \\XXXXXXX\Xxxxxxx\Xxxxxx\xxxxx\streamline\streamline.zip » ZIP » streamline/footer.php - PHP/Kryptik.AB trojan

    Suggestions and replacement options appreciated.

    Kind regards,

  2. Downloaded from where? The WordPress themes section of this site or...?

    If it's some other site, there's not a whole lot that can be done.

  3. esmi
    Forum Moderator
    Posted 5 years ago #

  4. saxamo
    Posted 5 years ago #

    I am usually pretty good about not downloading things from other sites that are not the creators downloads. However, maybe on this one instance I downloaded it from some place else. I can't remember any more.

    I have downloaded it again from your site and checked the file and as you state there is no virus in the download.

    I am sorry for the scare but I just can't understand at this time how it came down in the download of the zip file.

    The file on 9thsphere is clean:

    Thanks for your replies..

    Kind regards,

  5. flyfisher842
    Posted 5 years ago #

    if you have run the easy csv importer plugin, you probably got infected from it. The PHP.Kryptik.AB trojan is embedded in the file functions/ecs_functions_code.php. At least that is what eset NODE32 tells me. While this trojan might be used as an update tool, I doubt it since the plugin developer has refused to put any physical address on file with his registrar. See the readme.txt file for the URL.

    Always a good idea to download the plugins and scan before installing to your blog or site. The easy install in WP is a nice time saver for us and the hackers.

  6. anges35
    Posted 4 years ago #

    I realize this is an old thread. But I came on it trying to get a description of the same Trojan. It appears that the reason this was found on this site was never resolved.

    I'm assisting in cleaning malware from a system and the entry I see is slightly different:

    C:\Documents and Settings\xxxxx\My Documents\Professional Websites\z_Design Sites\Word Press\themes\Darren\miscellany.zip PHP/Kryptik.AB trojan
    C:\Documents and Settings\xxxxx\My Documents\Professional Websites\z_Design Sites\Word Press\themes\Darren\miscellany\footer.php PHP/Kryptik.AB trojan

Topic Closed

This topic has been closed to new replies.

About this Topic