v1.7-v8x ETS - Payment With Fee: PayPal, COD & custom payment methods 2.4.6
- Thread starter Snowden
- Start date
Thank you for uploading the module.
Thank you for uploading the module.
Thank you for uploading the module.
thank you for sharing the module 
look like it is good and best plugin thanks
Thanks alot nice module nice share it.
Detected: Trojan:Script/Wacatac.B!ml
ETS - Payment With Fee PayPal, COD & custom payment methods 2.4.6\ets_payment_with_fee.zip->ets_payment_with_fee/classes/index.php
ATTENTION there is a TROJAN.
This file has been modified: /classes/index.php
Replace it with any other index.php from another folder.
The content MUST BE the following:
<?php
/**
* Copyright ETS Software Technology Co., Ltd
*
* NOTICE OF LICENSE
*
* This file is not open source! Each license that you purchased is only available for 1 website only.
* If you want to use this file on more websites (or projects), you need to purchase additional licenses.
* You are not allowed to redistribute, resell, lease, license, sub-license or offer our resources to any third party.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future.
*
* @author ETS Software Technology Co., Ltd
* @copyright ETS Software Technology Co., Ltd
* @license Valid for 1 website (or project) for each purchase of license
*/
if (!defined('_PS_VERSION_')) { exit; }
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Location: ../");
exit;
Following my previous comment, to clean the module you need to remove the following injections.
Open the file ets_payment_with_fee.php
remove this row 85
Then remove the whole function Installation() from row 1271
I find this Trojan in 2 modules posted by the user Spasoo. If you download more, search for this. There is an injection in the main file, in the root directory, calling a Installation() function, this is pointing to the file classes/index.php that has been modified.
This file has been modified: /classes/index.php
Replace it with any other index.php from another folder.
The content MUST BE the following:
<?php
/**
* Copyright ETS Software Technology Co., Ltd
*
* NOTICE OF LICENSE
*
* This file is not open source! Each license that you purchased is only available for 1 website only.
* If you want to use this file on more websites (or projects), you need to purchase additional licenses.
* You are not allowed to redistribute, resell, lease, license, sub-license or offer our resources to any third party.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future.
*
* @author ETS Software Technology Co., Ltd
* @copyright ETS Software Technology Co., Ltd
* @license Valid for 1 website (or project) for each purchase of license
*/
if (!defined('_PS_VERSION_')) { exit; }
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Location: ../");
exit;
Post automatically merged:
Following my previous comment, to clean the module you need to remove the following injections.
Open the file ets_payment_with_fee.php
remove this row 85
Then remove the whole function Installation() from row 1271
I find this Trojan in 2 modules posted by the user Spasoo. If you download more, search for this. There is an injection in the main file, in the root directory, calling a Installation() function, this is pointing to the file classes/index.php that has been modified.
Last edited:
Do you understand what this trojan is doing?