[SOLVED] Error (maybe virus) in Admin

[Mantlet]

Hi all,

I've got a major problem it seems. When I go to the admin area of my website I constantly get the error you can see in the attached image. Also, all tabs on pages are not working, all the content from those tabs is displayed underneath each other. Lastly, TinyMCE isn't functioning.

To get the error out, I deleted all folders, except modules, plugins and uploads. After that, I uploaded the new 1.7 version. However, the error is still present. The AVG site doesn't give any clues what this error is, and Google isn't my best friend either. My system info is below:

----------------------------------------------

Cms Version: 1.7

Installed Modules:

   * MenuManager: 1.6.2
   * News: 2.10.4
   * ThemeManager: 1.1.1
   * FrontEndUsers: 1.6.11
   * CMSMailer: 1.73.14
   * Album: 0.9.2
   * Cataloger: 0.7.7
   * nuSOAP: 1.0.1
   * ModuleManager: 1.3.3
   * CustomContent: 1.5.3
   * Search: 1.6.2
   * Calendar: 0.7.8
   * TinyMCE: 2.6.5
   * FileManager: 1.0.2
   * FormBuilder: 0.6
   * Guestbook: 1.1.9
   * Captcha: 0.3
   * Smileys: 0.1.3
   * FileEditor: 0.0.1
   * Banners: 2.1.0
   * FileManager: 1.0.2
   * Printing: 1.0.4
   * Cataloger: 0.7.7
   * Uploads: 1.10.4
   * ImagePicker: 0.3
   * FormBuilder: 0.6
   * CGExtensions: 1.17.6
   * NMS: 2.2.3
   * CTLModuleMaker: 1.8.9.3
   * FileBackup: 0.5
   * Products: 2.4.6
   * CGSimpleSmarty: 1.4.3
   * appartementen: 1.0
   * CGGoogleMaps: 1.4.1


Config Information:

   * php_memory_limit:
   * process_whole_template: true
   * max_upload_size: 25000000
   * default_upload_permission: 664
   * assume_mod_rewrite: true
   * page_extension: .html
   * internal_pretty_urls: false
   * use_hierarchy: true


Php Information:

   * phpversion: 5.2.4-2ubuntu5.10
   * md5_function: On (True)
   * gd_version: 2
   * tempnam_function: On (True)
   * magic_quotes_runtime: Off (False)
   * E_STRICT: 0
   * memory_limit: 64M
   * max_execution_time: 60
   * safe_mode: Off (False)
   * session_save_path: No check because open basedir active
   * session_use_cookies: On (True)


Server Information:

   * Server Api: apache2handler
   * Server Db Type: MySQL (mysql)
   * Server Db Version: 4.0.24


----------------------------------------------

[Rolf]

Mantlet,

Check the content of your root index.php.
There you will probably find iFrames etc. with strange code...
Do you have a url? (pm)

Rolf 

[replytomk3]

PM me

[Mantlet]

I've solved the problem on my admin page, but it is still present on the build website.
Here's what I've done so far

• Scanned my computer and unfortunately found one virus, it's clean now
• Reset my FTP passwords, as that seemed their way in.
• Deleted the FTP passwords from my FTP program
• Deleted all folders that come with a basic install
• Retransfered all those files and upgraded to 1.7

Problem still persists, but I don't see any weird things in my index.php files or so.

Hope someone can help me figure this out.

[tyman00]

I just want to clarify that this isn't a virus or a CMSMS issue. It is likely something that you had on your own computer or other sites on your server were hacked.

You will need to delete ALL of the files for your site and install from a freshly downloaded package from CMSMS. Once you have it uploaded be sure to change all of your CMSMS passwords. You may also want to check with your host to see if they can locate where the breach came from on their servers.

[Mantlet]

Well, I solved it...

Like said, the virus required me to delete all content, re-upload the site and reset everything.

A warning to everyone: There is a virus going round that targets your FTP account data. My scanner only found it after deliberately scanning for it. That's what hacked my account.

The only advise to add to that: Don't store your FTP passwords inside your FTP program. Most of those programs don't encrypt the saved passwords in any way...