A : We should follow the below mentioned step to remove malware code from Hacked OpenX .
Most of the malware code injected in banner’s “append and prepend” filed in “ox_banners” table .You can check this one in banner’s “Advanced ” page else you can run the below mentioned MySQL query in to your phpMyAdmin.
SELECT bannerid, append, prepend FROM ox_banners WHERE append != '' OR prepend != '';
If you find any code not added in your Page then you should run this Below mentioned MySQL query in your Data Base.
UPDATE ox_banners SET append='', prepend='' WHERE append != '' OR prepend != '';
Next you need to check banner’s “htmltemplate and htmlcache” field in your “ox_banners” table in web and SQL banner types.You can check this one by this MySQL query.
select bannerid,htmltemplate ,htmlcache from ox_banners WHERE htmltemplate != null and htmlcache != null and storagetype IN('web','sql');
If you found any records you should run this MySQL query .
UPDATE ox_banners SET htmltemplate='', htmlcache='' WHERE htmltemplate != '' OR htmlcache != '' and storagetype IN('web','sql');
Check your zone’s “append and prepend” filed in “ox_zones” table .You can check this one in zone’s “Advanced ” page else you can run the below mentioned MySQL query in to your phpMyAdmin.
SELECT zoneid, append, prepend FROM ox_zones WHERE append != '' OR prepend != '';
If you find any malware code here then you should run this Below mentioned MySQL query in your Data Base.
UPDATE ox_zones SET append='', prepend='' WHERE append !='' OR prepend != '';
Some times malware was attacked in “details” in “ox_audit” tables in your Data Base .You can remove this one by this MySQL query.
UPDATE ox_audit set details= '' where details like “%Check details filed in this table and placed the most occurring text in that field ,mostly frames%”;
Some times hacker was created fake Administrator user via backdoor in our files.You should check this one ,if you found any fake user you should remove from your database.Check this one by below mentioned Query.
SELECT u.user_id, u.contact_name, u.email_address, u.username FROM ox_users AS u, ox_account_user_assoc AS aua WHERE u.user_id=aua.user_id AND aua.account_id = (SELECT value FROM ox_application_variable WHERE name='admin_account_id');
Check all the PHP files in our OpenX for encoded code inserted into our our OpenX. Some times lot of new php files with encoded content was created in “www/image”s and “www/delivery” folder.But better you should check all the folder in our OpenX .
For this we have recommend you should upgrade your OpenX into latest version .
If you already have latest version of OpenX ,then you should follow below mentioned step.
1 . Upload latest version of OpenX
2. Copy all the images from old OpenX “www/images” folder then Paste this into new uploaded OpenX “/www/images” folder .Make sure you need to copy only the images.
3. Copy files “yourdomain.conf.php and default.conf.php” files from your old OpenX “/var” folder then Paste this into new uploaded OpenX “/var” folder .
4. Finally rename this OpenX in to you live OpenX .
If you followed those steps this should be removed all the malware code from your OpenX .If you need any other help on this ,then put your comment here else contact us in Contact Us Page.