melhaerHi, I found recently on my site a virus that was redirecting to something like: evony-fifia.com or something like that. I found that a script was injected into some of the index files. I removed the script and everything was fine.
A few days ago I found that when I want to post a new post I see the same address that redirects for a seconds. I have installed Avast and reloaded the page. It alert me for a virus in:
/wp-admin/post-new.php
JS: Illredir-Z[Trj]
I have download a new fresh copy of wordpress and installed it - the problem has left.
So I have opened /wp-admin/post-new.php file and start to test it.
I found that if a remove
include('edit-form-advanced.php');
from the source and reload post new page there is no alert for Trj virus.
So, next file I try to test was /wp-admin/edit-form-advanced.php.
I found that when I remove
require_once('admin-header.php');
from the source there is no alert.
Finally I try to test /wp-admin/admin-header.php.
I found the problem comes from:
if ( in_array( $pagenow, array('post.php', 'post-new.php', 'page.php', 'page-new.php') ) ) {
add_action( <strong>'admin_print_footer_scripts', 'wp_tiny_mce', 25</strong> );
wp_enqueue_script('quicktags');
}And especially from the bold line. If I remove one of the strings, the page is loaded without a virus alert.
Any ideas how to fix that problem?
