WordPress.org

Ready to get started?Download WordPress

Forums

I have a malicious download on my page, how do I get it off. (5 posts)

  1. pierceopolis
    Member
    Posted 5 years ago #

    I attemted to go to my webpage today and I had my browser settings to
    report any site that try's to download something automatically. I was unable to log into my site until I turned of the security in the tools options.
    The problem is when my home page opens a pdf type file tries to open gut stops. I attempted to find the fle or what not but could not find where it was comeing from. I did not put anything that I know of that would do that. I am a permission based guy and would'nt force a download on someone. How do I find this and get it of my system. would it be a file in my file manager/ or could it be an ad on my page( I only have 4 and I put them there, the 3 pictures came with the theme. I am perplexed please any idea's

  2. pierceopolis
    Member
    Posted 5 years ago #

    I have found this url in the bottom of the browser when my page loads, DO NOT CLICK MALICIOUS DOWNLOAD***<thebigtoplite.cn/all/load.php?id=82620>***DO NOT CLICK MALICIOUS DOWNLOAD, I believe this is what is causing the download. I cannot find it anywhere on my page or in my files. Does anyone have any knowledge of this one? also I have seen a post about this but the post is in French, I do not speak enough to understand what the are saying. the blog post is here
    http://forum.malekal.com/viewtopic.php?f=62&t=15376

    If anyone can shed some light on this one so I can remove it, I would be grateful.

    Pierce

  3. mirandasoft
    Member
    Posted 5 years ago #

    There's a few questions I think the community needs to know:
    1. Are you the only one that sees the problem?
    2. Does other people see the same problem as you?
    3. Have you viewed your website from another computer?

    I've seen similar problem, but it was browser related. Its usually fixable by emptying the cache and/or removing cookies.

    Marcos

  4. UseShots
    Member
    Posted 5 years ago #

    What version of WordPress do you use? It looks like someone has injected the malicious code using some security hole (Many old versions of WordPress are vulnerable).

    You should check .php files (including theme file) for suspicious code.

    Try WordPress Exploit Scanner plugin.

  5. pierceopolis
    Member
    Posted 5 years ago #

    Thanks I will double check those areas. I am currently updated to the most resent version. I used the wordpress automatic updater plug in to do so.
    I have not had anyone else comment that they saw the problem, I have not viewed from another computer yet. I have removed the code I mentioned above and that seemed to stop the autodownload. I have cleared the cache and settings and the report attack site window still pops up.
    I am going to double check the code as suggested to make sure it's all out. I do not know exactly what I'm looking for but I found the one bit of code(url) so far.
    Thanks for your input, it really helps.

Topic Closed

This topic has been closed to new replies.

About this Topic