<![CDATA[FrontAccounting forum — Virus detected]]> 2014-12-24T17:34:21Z PunBB https://frontaccounting.com/punbb/viewtopic.php?id=5413 <![CDATA[Re: Virus detected]]> These files do not belong to frontaccounting. They are probably having some sort of base64_decode / gzinflate / eval code encrypted virus. Tere will be some image files as well that contain malicious code.

Check your files/folders ownerships/permissions (you appear to be using Windows because of backslash separators so it may not apply) and htaccess / apache conf directives for vulnerabilities.
Such malicious code can be placed even beyond your webroot as well.

Do you have data in your FA (is it in production use)? - if so, take professional help.
Also check if you have additional CoAs, extensions, themes and languages installed apart from item images.

Take a backup of the following files after taking sql dumps from say phpMyAdmin:

.htaccess
config.php
config_db.php
installed_extensions.php
lang/installed_languages.inc
company/0/installed_extensions.php
company/0/images/*.jpg
company/0/images/*.png
company/1/installed_extensions.php
company/1/images/*.jpg
company/1/images/*.png
....
....

Wipe out all files from your webroot and do a fresh install and then restore your sql and above files.
Change all your SFTP/SSH/FTP/FA passwords.

]]> https://frontaccounting.com/punbb/profile.php?id=364 2014-12-24T17:34:21Z https://frontaccounting.com/punbb/viewtopic.php?pid=21874#p21874 <![CDATA[Virus detected]]> Hi,

avg detected 3 infected file in my frontaccounting backup, they are

"";"Virus identified PHP/Agent.4, faccount\purchasing\includes\infobeB4.php";"Infected"
"";"Virus identified PHP/Agent.4, faccount\modules\import_items\cookielJy3.php";"Infected"
"";"Virus identified PHP/Agent.4, faccount\inventory\includes\infokO04.php";"Infected"

Can I just delete/overwrite them?

Than you
Eric

]]> https://frontaccounting.com/punbb/profile.php?id=5299 2014-12-24T15:56:19Z https://frontaccounting.com/punbb/viewtopic.php?pid=21872#p21872