Hi chochor,
A very infected site you have indeed. You are lucky that none of the major have decided to blacklist your site.
First, your jQuery file. (
jquery-1.3.2.min.js)
Sucuri says on line 19, from "If(J===G)" down, contains the exploit.
However, I did not see anything apparent in that script and decided to upload the part that looked like regular jQuery coding to VirusTotal. See:
https://www.virustotal.com/file/3b992588ed7d8d7eac046b7f7f9ec353c9346004ab7645981deb0dddff5bf221/analysis/1335100855/Thus, the coding before and after the /*qpi*/ tag contains the exploit. See attachment #1 for readable malscript.
I am unable to access jquery.jqzoom-1.0.1.js.
jquery.jqzoom1.0.1.js contains the same exploit. Line 1124. See attachment #2 for script to be removed.
Same with
jquery.hoverIntent.minified.js and
jquery.fancybox-1.3.1.js. Remove the coding before and after the /*qpi*/ tag.
I suggest you upgrade to jQuery 1.7.2.http://docs.jquery.com/Downloading_jQueryYour CSS files are
NOT malicious. Zulu is warning of infection because they have links to your site, which is malicious.
Now for your HTML pages.
The
homepage of your site is indeed infected. Check line 1518. Notice the <!--qpi--> and <!--/qpi-->. Remove everything inbetween.
Same with your
404 pages, which I assume are generated by your
404javascript.js. Remove the coding before and after the <!--qpi--> tags.
bestsellery-c-96.html,
nowosci-c-31.html, and
promocje-c-113.html also contain the same exploit mentioned above.
The following PHP pages do as well:
advanced_search.php
contact_us.php
create_account.php
shopping_cart.phpRefrence:
http://zulu.zscaler.com/submission/show/7917bf94ed0fee5bc56a206bc920db6b-1335100086http://sitecheck.sucuri.net/results/http://www.lingerie4u.pl/I'm assuming that the malcreants made a tool for javascript injection. Looks exactly alike.
