MyBB Central

Full Version: Malicious JS?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
When visiting my forum today I noticed it was calling a weird URL which it shouldn't have...

I looked into the URL and apparently it's some spyware site. The site didn't cause me to download any virus or anything but that's probably because the program it was trying to call crashed before it executed.

Googling around I found this, and apparently that's what I have on my site but can't seem to figure out how to remove it:
http://www.symantec.com/connect/blogs/ne...-wild-lgpl

Also, I'm not sure how I even became infected in the first place...all I remember was my server going down which is when I suspect this infection occurred.

Help would be appreciated.

*EDIT* This call also appears while logged into the Admin CP, so I don't think it's just my theme that got infected...
It's probably inserted into the database.
Upon further investigation it seems that it wasn't just MyBB that was affected, so it seems to be more of a server based infection as it infected every JS and index file. So if anyone else is having the same issue, you have to overwrite your JS and index files to the MyBB default ones to get rid of the infection.

When I find out more I'll update this, thanks for the input.

*EDIT*

After overwritting every JS/index file, I apparently got the malicious code issue resolved and as for how the infection occurred, a Trojan had fun with my FileZilla info...