You need to be logged in to post in the forum - Log In
An active JCE Pro Subscription is required to post in the forum - Buy a Subscription
- Support
- Forum
- JCE Editor
- Trojan discovered in JCE
Support is currently Offline
Official support hours:
Monday To Friday
From 09:00 To 17:00 Europe/London (BST)
From 09:00 To 17:00 Europe/London (BST)
Please post your question in the Forum and we will get back to you as soon as we can.
Hi,
A scan of my websites produced the following:
Critical! - Directory Access Disabled - Feb 18 02:40:40 pluto ['/home/bdiwebs/public_html/stanholt/components/com_jce/editor/tiny_mce/plugins/noneditable/sql-7d.php'] - ClamAV detected virus = [Php.Trojan.WSO-1]
I thought you would want to know, the virus file has been there since mid-December.
Regards
Paul
A scan of my websites produced the following:
Critical! - Directory Access Disabled - Feb 18 02:40:40 pluto ['/home/bdiwebs/public_html/stanholt/components/com_jce/editor/tiny_mce/plugins/noneditable/sql-7d.php'] - ClamAV detected virus = [Php.Trojan.WSO-1]
I thought you would want to know, the virus file has been there since mid-December.
Regards
Paul
I have just run a scan of the JCE Pro 2.6.8 package on virustotal.com, which uses over 50 virus scanners (including ClamAV) to scan the package. ClamAV does not report any trojans or malware.
If you download the JCE Pro 2.6.8 package - https://www.joomlacontenteditor.net/downloads/editor/pro/item/jce-pro-268 - and unzip it, you will also see that the "components/com_jce/editor/tiny_mce/plugins/noneditable/sql-7d.php" file is not in the package.
This suggests that your site has been compromised in another way, and the hacker has placed the file in this location (an attempt to bury it in a non-descript location on the site), to easily access it later.
I would recommend uninstalling JCE, then running a scan on your site using a service like https://myjoomla.com/, which can help to track down other malware or breaches on the site that might be responsible for the trojan file.
If you download the JCE Pro 2.6.8 package - https://www.joomlacontenteditor.net/downloads/editor/pro/item/jce-pro-268 - and unzip it, you will also see that the "components/com_jce/editor/tiny_mce/plugins/noneditable/sql-7d.php" file is not in the package.
This suggests that your site has been compromised in another way, and the hacker has placed the file in this location (an attempt to bury it in a non-descript location on the site), to easily access it later.
I would recommend uninstalling JCE, then running a scan on your site using a service like https://myjoomla.com/, which can help to track down other malware or breaches on the site that might be responsible for the trojan file.
Just because you're not paranoid doesn't mean everybody isn't out to get you.
- Page :
- 1
There are no replies made for this post yet.
Be one of the first to reply to this post!
Be one of the first to reply to this post!