I think unfortunately that this is a hack of your site.
Why?
1) The message box is not html, it is an image. That is not typical for Adobe (who makes the most popular flash player) or any other company. And the whole image can be clicked not just the Download button. Suspicious.
2) More importantly, if you look at the destination url of the image/message, it is:
docs.google.com/uc?export=download&id=xxxxxxxxxxxxxxxxxxxxxxx (I have replaced the id with xxx’s so that this link will not cause anyone to download malware as suggested by ClaytonJames below)
That is NOT Adobe. That is likely a file with some malicious code being stored on Google docs.
If you have clicked it I would also be concerned that you may have some malware on your computer now.
Perhaps the hyperlink to the doc should be removed?
If you have clicked it I would also be concerned that you may have some malware on your computer now.
‘yep… the payload is in an exe Named FlashPLayerPLugin_11_9_900_152 that’s being served from doc-14-lo-docs.googleusercontenet.com/***yadda_yaddda..more_bad_stuff …but it’s all but guaranteed to be a fake. The image you see is being hosted on an Arabic language based file sharing site.
I felt it was very strange. For the record, I updated my Flash Player by going to the actual Adobe site, not clicking on the image. I’ll see what I can do about the probability that it was hacked on the links WPyogi provided. Thank you guys!
@wpfan1000 – it would probably be a good idea to remove that live link to the suspected fake executable while you can still edit your post.
ClaytonJames – Thanks for pointing that out – I have changed it as you suggest.
I agree with Pioneer Valley Web Design
Member that it would be best if you would consider removing the url from the image/message because some visitors to your site may download the malware.
Update:
I backed up the important files – media and plugins, then entirely removed the WP installation files via FTP.
Installed new, definitely uncontaminated WP installation files, and new theme files. Then, after confirming the site was working, I transferred over my backed up media and plugin files.
Seems like everything is working great and not much was lost! Changed the password and installed two new security/scanner plugins, too.
Thank you guys!
