julen

Ooops, to late to found all of them (most are deleted), I saved a pair (I think those contans logic to infect, the deleted had a script to include in html to send to browsers as response). I will compress and send as you ask for. infected.zip

itman, thanks for the link. I will read it carefully, don't hesitate. As I know, Prestashop forums and Prestashop itself published (well, is the developer, so not the best tester or critic about their software), version 1.7.8.2 (and greater) prevent SQL injection and XSS attacks. Nevertheless, no one is safe from Zero-day vulnerabilities, and hackers are faster than developers founding it.

Of course. Platform is Prestashop 1.7 files infected was: classes/Product.php classes/Store.php classes/Dispatcher.php classes/Hook.oho classes/Tools.php classes/controller/ModuleFrontController.php classes/controller/Controller.php classes/controller/FrontController.php classes/shop/Shop.php Best way to clean infected files is to restore them from a backup. If is not posible or not have a recent backup (!!!!!!), download Prestashop from offical site (same version) and overwrite infected files. I hope this can help other users, as Marcos says

Well, thanks a lot for the information. Finally, found infected files and remove the malicious code. I want to congratulate ESET. It's the only antivirus application on the client side (from all aour clustomers) that detected the infection. And, most important, I want to apologize if I have defended the "false positive" option too much, the tools we have used to scan the server have confused us Once again, THANKS

Site don't allow upload any file. Well, seems as fi ESET was OK, understand. So, if code is injected at runtime (let say, when js bundle is generated), Which is the responsible for this injection, I supose should be a code that resides on the site, right? I found'nt any information about this "injector" On the other hands, file scanned Administrators Posted 1 hour ago The website is indeed infected: that appear as infected, has 762,67 KB. In any case the site generate a bundle with this size, so where is from the scanned file?

Don't understand what is happened: I scanned the site with VirusTotal right now and the result is not the same:

Thank for he information. Can tell me in which file(s) found the infection? thanks in advance

ESET detected this Trojan on the website https://cosmeticosors.com, and after scanning the server filesystem with several tools, no trace of malware was detected. We're almost sure it's a false positive, Can you consider that?