Support » Themes and Templates » PHP/Kryptik.AB trojan – ESET NOD64

  • Seems to be something up with this download. Might be a false positive due to the encryption in the footer. Would like to pay to have footer replaced with normal footer minus advertising.

    \\XXXXXXX\Xxxxxxx\Xxxxxx\xxxxx\streamline\ » ZIP » streamline/footer.php – PHP/Kryptik.AB trojan

    Suggestions and replacement options appreciated.

    Kind regards,

Viewing 5 replies - 1 through 5 (of 5 total)
  • Downloaded from where? The WordPress themes section of this site or…?

    If it’s some other site, there’s not a whole lot that can be done.



    Forum Moderator

    I am usually pretty good about not downloading things from other sites that are not the creators downloads. However, maybe on this one instance I downloaded it from some place else. I can’t remember any more.

    I have downloaded it again from your site and checked the file and as you state there is no virus in the download.

    I am sorry for the scare but I just can’t understand at this time how it came down in the download of the zip file.

    The file on 9thsphere is clean:

    Thanks for your replies..

    Kind regards,

    if you have run the easy csv importer plugin, you probably got infected from it. The PHP.Kryptik.AB trojan is embedded in the file functions/ecs_functions_code.php. At least that is what eset NODE32 tells me. While this trojan might be used as an update tool, I doubt it since the plugin developer has refused to put any physical address on file with his registrar. See the readme.txt file for the URL.

    Always a good idea to download the plugins and scan before installing to your blog or site. The easy install in WP is a nice time saver for us and the hackers.

    I realize this is an old thread. But I came on it trying to get a description of the same Trojan. It appears that the reason this was found on this site was never resolved.

    I’m assisting in cleaning malware from a system and the entry I see is slightly different:

    C:\Documents and Settings\xxxxx\My Documents\Professional Websites\z_Design Sites\Word Press\themes\Darren\ PHP/Kryptik.AB trojan
    C:\Documents and Settings\xxxxx\My Documents\Professional Websites\z_Design Sites\Word Press\themes\Darren\miscellany\footer.php PHP/Kryptik.AB trojan

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘PHP/Kryptik.AB trojan – ESET NOD64’ is closed to new replies.