Recent Malware Attack

In Light of the recent Code Injection to the Multiverse Site and Wiki, I am downloading the entire domain being served to sanitize the site and get everything in a malware free state again, Tristin IS working on this as well but I have alot more free time to look through the code for the site and nuke anything that isnt supposed to be there.

Please Bear with us if the site or forum seems a little laggy, It is probly due to me  downloading  entire sections of the site root at once for cleaning

Hey there... since I can't see the year of the post, I'm not sure if it's the same problem... but it seems like the template the page was built upon had some javascript imports that are at least suspicious.
They import what they claim to be jquery from both sodiummetal.com and thaiathome.fr


* Forum post from more people having problem with those imports - Joomla Forum post

* Sucuri labs report on those domains:
http://labs.sucuri.net/?details=sodiummetal.com (Report on sodiummetal.com)
http://labs.sucuri.net/?details=thaiathome.fr (Report on thaiathome.fr)


* Sucuri sitecheck on multiversemmo.com:
"http://sitecheck.sucuri.net/results/www.multiversemmo.com/site/" (they seem to agree that’s the problem... and had to put " around it because forum's autolink eats the 1st part of the address)

And it seems the reason the wiki is tagged as insecure is because the login page uses the template.
* Sucuri sitecheck on wiki: "http://sitecheck.sucuri.net/results/www.multiversemmo.com/site/w/index.php/main_page"


I don't have the server side code, but replacing those imports on final html output with a legit local jquery import worked fine.