• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

This forum thread needs a solution.

"X".icofile with PHP code is called in when visiting home page of a website

I have a site where hackers, every day, modify the index.php with a code snippet in HEX which does a PHP include of the contents of the "X".ico file which, again, is all php code. It appeears to be designed to attemtp to attack visitors, by my Norton doesn't do anything or seem to detect it at all. Possibly is only is able to run on certain machines but it definitly does the actions I describe.

I am a developer and am able to use various decoders but they all return binary code (not 0101 etc) but true machine binary code.

So far, I have defeated all attacks on the website except this one. I saved the file as a .txt file. Is there anyone who'd take a look at it and give me an opinon? I'll attach the .txt file if someone will try to help me.

Description: Website -> index.php -> index.php code snippet which includes "x".ico file contents which is all PHP code. (Drupal CMS runs website btw).

Thank you.... this is my first post, so if this is in the wrong place or inappropriate entirely, let me know!   All the best....



Re: "X".icofile with PHP code is called in when visiting home page of a website

Can you not just remove this code and the .ico file from your site? Then change your password for access to the site's code. and files.

You would be better to post in a free Malware removal site where malware removal experts may look at the code for you. These are the sites we recommend.


Things happen. Export/Backup your Norton Password Manager data.

This thread is closed from further comment. Please visit the forum to start a new thread.