Question

Guruincsite恶意软件问题
感染2 x magento 1.9社区网站
按照以下网站的建议进行标准操作，例如：
系统＆gt;配置＆gt;设计＆gt;页脚＆gt;杂项HTML并找到恶意代码。 - 什么都没有用户：创建了众多用户 - 删除了所有用户更改.htaccess文件以防万一

现在使用搜索短语检查DB：
功能LCWEHH（XHFER1）{XHFER1 = XHFER1
至少有一个词
选择所有表格走。
此代码见于下表：
catalog_product_flat_1
catalog_product_entity_text
catalog_product_entity_varchar
catalogsearch_fulltext
cms_page
core_config_data
core_url_rewrite
m2epro_ebay_dictionary_marketplace

然后点击表格浏览
不要进入表格，但点击上面的编辑，你会看到如下代码：
SELECT * FROM way_radio4。catalog_category_flat_store_1 WHERE（CONVERT（entity_id使用utf8）LIKE'％function％'

在这里，您将看到恶意软件为了自己的目的而复制了这些功能例如catalog_product_flat_1表
这是代码
请注意：只是尝试删除代码不起作用 - 一旦你再次搜索它又回来了？不明白为什么 - 任何想法？

SELECT *  FROM `way_radio4`.`catalog_category_flat_store_1`
WHERE (CONVERT(`entity_id` USING utf8) LIKE '%function%'
OR CONVERT(`parent_id` USING utf8) LIKE '%function%'
OR CONVERT(`created_at` USING utf8) LIKE '%function%'
OR CONVERT(`updated_at` USING utf8) LIKE '%function%'
OR CONVERT(`path` USING utf8) LIKE '%function%'
OR CONVERT(`position` USING utf8) LIKE '%function%'
OR CONVERT(`level` USING utf8) LIKE '%function%'
OR CONVERT(`children_count` USING utf8) LIKE '%function%'
OR CONVERT(`store_id` USING utf8) LIKE '%function%'
OR CONVERT(`name` USING utf8) LIKE '%function%'
OR CONVERT(`is_active` USING utf8) LIKE '%function%'
OR CONVERT(`url_key` USING utf8) LIKE '%function%'
OR CONVERT(`description` USING utf8) LIKE '%function%'
OR CONVERT(`image` USING utf8) LIKE '%function%'
OR CONVERT(`meta_title` USING utf8) LIKE '%function%'
OR CONVERT(`meta_keywords` USING utf8) LIKE '%function%'
OR CONVERT(`meta_description` USING utf8) LIKE '%function%'
OR CONVERT(`display_mode` USING utf8) LIKE '%function%'
OR CONVERT(`landing_page` USING utf8) LIKE '%function%'
OR CONVERT(`is_anchor` USING utf8) LIKE '%function%'
OR CONVERT(`all_children` USING utf8) LIKE '%function%'
OR CONVERT(`path_in_store` USING utf8) LIKE '%function%'
OR CONVERT(`children` USING utf8) LIKE '%function%'
OR CONVERT(`url_path` USING utf8) LIKE '%function%'
OR CONVERT(`custom_design` USING utf8) LIKE '%function%'
OR CONVERT(`custom_design_from` USING utf8) LIKE '%function%'
OR CONVERT(`custom_design_to` USING utf8) LIKE '%function%'
OR CONVERT(`page_layout` USING utf8) LIKE '%function%'
OR CONVERT(`custom_layout_update` USING utf8) LIKE '%function%'
OR CONVERT(`available_sort_by` USING utf8) LIKE '%function%'
OR CONVERT(`default_sort_by` USING utf8) LIKE '%function%'
OR CONVERT(`include_in_menu` USING utf8) LIKE '%function%'
OR CONVERT(`custom_use_parent_settings` USING utf8) LIKE '%function%'
OR CONVERT(`custom_apply_to_products` USING utf8) LIKE '%function%'
OR CONVERT(`filter_price_range` USING utf8) LIKE '%function%') 
OR  (CONVERT(`entity_id` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`parent_id` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`created_at` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`updated_at` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`path` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`position` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`level` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`children_count` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`store_id` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`name` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`is_active` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`url_key` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`description` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`image` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`meta_title` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`meta_keywords` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`meta_description` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`display_mode` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`landing_page` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`is_anchor` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`all_children` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`path_in_store` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`children` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`url_path` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`custom_design` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`custom_design_from` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`custom_design_to` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`page_layout` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`custom_layout_update` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`available_sort_by` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`default_sort_by` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`include_in_menu` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`custom_use_parent_settings` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`custom_apply_to_products` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%' OR CONVERT(`filter_price_range` USING utf8) LIKE '%LCWEHH(XHFER1)
{XHFER1=XHFER1%')

所以基本上我需要删除每个表中的以下内容：

OR  (CONVERT(`entity_id` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`parent_id` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`created_at` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`updated_at` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`path` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`position` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`level` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`children_count` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`store_id` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`name` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`is_active` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`url_key` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`description` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`image` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`meta_title` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`meta_keywords` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`meta_description` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`display_mode` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`landing_page` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`is_anchor` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`all_children` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`path_in_store` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`children` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`url_path` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`custom_design` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`custom_design_from` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`custom_design_to` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`page_layout` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`custom_layout_update` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`available_sort_by` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`default_sort_by` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`include_in_menu` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`custom_use_parent_settings` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`custom_apply_to_products` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%' OR CONVERT(`filter_price_range` USING utf8) LIKE '%LCWEHH(XHFER1){XHFER1=XHFER1%')

Magento在数据库表中删除了GuruIncsite感染

0 个答案: