site generating or hosting a virus

  • kayakid

    (@kayakid)


    15 years ago

    When I open the site in IE 7, my anti-virus detects Mal HIFRM-3 and EXPL ANICMOO.GEN in wordpress.htm and curs.htm in the cache. After about 15 seconds, the page open in the browser morphs into something looking like a blank acrobat reader. The menu bar even changes.

    Since the file is php generated (as I understand it), I have no idea where to look for or where to clean.

    I clear the caches, reload and see the same behavior. It does not seem to effect other browser tabs.

    Luckily, I am still developing this site, so it is in a sandbox that is not advertised.

    Thanks in advance.

Viewing 1 replies (of 1 total)
  • gazouteast

    (@gazouteast)

    15 years ago

    Delete the whole re-install from the server after saving your wp-contents folder to your local system – also before deletion, download your wp-config file and wp-settings file from wp-admin

    Virus scan etc your wp-content folder and clean as advised by your AV software (it might find nothing)

    Compare the file dates of your wp-content folders’ files to those of your plug-ins, themes, and wp original files (the copies from before upload) – look for very recent file date and size changes – inspect those files for script injects.

    When your wp-content folders and files are “clean” change your database and FTP logins and passwords

    Re-upload WordPress
    Upload your cleaned wp-config and wp-settings files back to admin

    Copy up any files you customised (from your saved WP-content folders)
    Copy up clean plugin and theme copies from your original downloads

    Run the install, configure plugins and themes

    Your database will still be there.

Viewing 1 replies (of 1 total)
  • The topic ‘site generating or hosting a virus’ is closed to new replies.