This is my first question here on the IT Security section of Stack Exchange, so if there is any problems with my question I apologize.
Basics
Suddenly Google says that my website contains Malware!
When I enter my website my antivirus program tells that a Trojan has been blocked and removed! The Trojan is categorized as a (Trojan:JS/Quidvetis.A) by the antivirus program, and if you look the Trojan up, it says that it currently is harmless and have no effect!
As Google said, yes my website does contain some new weird files which potentially could be Malware!
I found a file called 46ZqQVmc.php and I found it at the following path ROOT/css/46ZqQVmc.php I don't know at all how the file have gotten there!
Also inside my index.php I found this piece of code!
Edit: gowenfawr made me aware that some browsers, block the site because of the following code, so I changed it to pictures of the code as like gowenfawr said.
Click here to see the image in fullscreen
When the PHP file is processed that exact piece of code, becomes the following!
Click here to see the image in fullscreen
Again I have no idea how my index.php file got edited!
Information
- Host: One.com - I have contacted my host but there response was that my website didn't contain any Malware!
- FTP Client: Filezilla - I am aware that Filezilla strores passwords, etc, as plain text!
- Access: I'm the only person have all the passwords and access to the website itself!
- Currently I have no file uploading or comment sections and things like that on the website itself!
Question
Basically my question is, how does Malware get uploaded to my website? I know this is a really abstract question, but I'm asking if anybody have any kind of idea of how the Malware got uploaded or created on my website and also how my index.php file got edited!
I think that somehow someone have got the passwords, etc. to my website so that they can enter it and edit files and also upload files of course, though I have no idea how they've accomplished such thing.
Bottom line, my question is again, is there anybody that have any idea of how that file can have been uploaded to my website and also how my index.php file can have gotten edited!
Extra
If there is any more information you need to various things, just ask in a comment and I can add the information.
Edit
- I don't use Wordpress, everything is custom coded by myself.
- I use SQL for stuff like blogs and other content! (Though I have another website which functions like a File Browser for Notes, which uses no SQL at all, and that website is infected with this exact same thing as well)
- I don't use Prepared Statements in MySQLi yet! (That could be the problem somehow, but I'm going to use them from now on)
- My programming experience is 7 years and I'm self-taught, my main programming languages are C++, Java & C, my experience with PHP is only 1-2 years.