WordPress.org

Ready to get started?Download WordPress

Forums

jquery.js?ver=1.7.2 Virus??? safe to delete from host? (15 posts)

  1. blogger9
    Member
    Posted 2 years ago #

    every time i do a site check using http://sucuri.net site check it finds malware on my website which i HIGHLY doubt, iv done some searching and saw that it may be a false positive but if it is why is it still not fixed? this may cause people having the same problem to be blacklisted.

    the path sucuri shows is:

    wp-includes/js/jquery/jquery.js?ver=1.7.2'>

    i used filezilla to access the back end of my site and followed the path to the jquery folder and found the jquery.js file (it has no ?ver=1.7.2) next to it.

    my question is what do i do? if i delete this file from my host im certain that it may mess up something on the site since its from the wordpress folder and i dont want my site to be broken but why is it showing up as a virus?

  2. The ?ver=1.7.2 is just a parameter. The file is wp-includes/js/jquery/jquery.js and that is part of what WordPress includes in it's software package.

    every time i do a site check using http://sucuri.net site check it finds malware on my website which i HIGHLY doubt

    I wouldn't doubt that as they're pretty good at identifying compromised sites.

    Can you share the link to your site? Probably that file has been compromised and that would explain why Sucuri has flagged it.

  3. blogger9
    Member
    Posted 2 years ago #

    ok but i really have nothing on my site yet since its coming up dirty :/
    Cribboy9.co.cc

    "Known javascript malware.
    Details: http://sucuri.net/malware/malware-entry-mwjs488
    <script type='text/javascript' src='http://cribboy9.co.cc/wp-includes/js/jquery/jquery.js?ver=1.7.2'></script>"

    i didnt mention that it also shows another place where it detects malware... but its not a path.

    "Malware found in the URL:
    http://cribboy9.co.cc/wp-login.php?action=register"

    "Anomaly behavior detected (possible malware).
    Details: http://sucuri.net/malware/malware-entry-mwanomalysp8
    <script type="text/javascript" src="http://stats.hosting24.com/count.php"></script> "
  4. patv
    Member
    Posted 2 years ago #

    If it's a WordPress file you shouldn't worry about malware.

  5. esmi
    Forum Moderator
    Posted 2 years ago #

  6. blogger9
    Member
    Posted 2 years ago #

    how can my site be hacked so soon when i havent even given much exposure to it? how can this be.

    btw thats alot of advice you gave there i appreciate it but its really alot of reading when the user is practically a noobie.

    i need to get this problem solved before google blacklist's my site so what do i do?

    by "backing up" do you mean from my host cpanel right?

    also since i dont have much on the site yet can you please tell me how to delete the ENTIRE wordpress platform from my host so i can reupload a fresh install and start from scratch (since the malware im sure is somewhere in the wordpress files that i have on my host), since i dont have much yet ill just copy what i have so far into txt files and when i reupload the wordpress platform to my host then ill just post everything back.

    I rather that method so if its not too much of a hassle can you explain to me if thats possible for me to do or even how do i do it? im using FileZilla to manage my host files so it would be better if you could tell me how to do it using Filezilla.

  7. esmi
    Forum Moderator
    Posted 2 years ago #

    ow can my site be hacked so soon when i havent even given much exposure to it?

    Hackers don't care how popular (or not) your site is. They're like opportunistic burglars. If they find an open site, they insert their rubbish into it. A lot of the time, there's not even a human element involved. Just scripts (bots) that probe and then infect vulnerable sites.

    so what do i do?

    Please do see the links posted above. They really do contain the very best information available on how to de-louse your site properly. If you don't do the job properly, the hackers will just walk straight back in again. Also scan your own computer with up-to-date AV software. An infected machine can send out FTP access information.

    can you please tell me how to delete the ENTIRE wordpress platform from my host so i can reupload a fresh install and start from scratch

    Delete all WordPress files, themes & plugins from the server. Then delete your database. No making backups of anything - otherwise you may inadvertently re-infect your new site..

  8. blogger9
    Member
    Posted 2 years ago #

    i did all that here's what i did.

    -Deleted all wordpress files in the host public_html.

    -Deleted "Mysql databases"

    -Did a full scan of my pc using avira anti virus.

    -Downloaded a new copy of wordpress.zip (i scanned it with avira also, no viruses was found in the archive)

    -Extracted the wordpress zip file and still scanned it (again no virus)

    -Uploaded wordpress to the server via Filezilla.

    -Made a new MYSQL database then went through the steps of installing wordpress again.

    I used all new passwords and new usernames in the making of mySQL databases and wordpress user name and password

    -I cleared my firefox cache

    -Scanned my site using Sucuri Sitecheck, and guess what? malware detected...

    ***The thing is while i was deleting the wordpress files from filezilla at one point i did a scan using sucuri and my site turned up CLEAN*** of course after some minutes and a rescan it showed that the site was down since i deleted all the wordpress files.

    Please do a test for your self on using the site http://sucuri.net/ for my site http://cribboy9.co.cc/

    Its a totally new site.

    im really bamboozled these are some of the errors sucuri detects:

    Known javascript malware.
    Details: http://sucuri.net/malware/malware-entry-mwjs488
    <img src="http://cribboy9.co.cc/wp-content/themes/twentyten/images/headers/path.jpg" width="940" height="198" alt="" />
    Known javascript malware.
    Details: http://sucuri.net/malware/malware-entry-mwjs488
    <script type='text/javascript' src='http://cribboy9.co.cc/wp-includes/js/comment-reply.js?ver=3.4.1'></script>
    Known javascript malware.
    Details: http://sucuri.net/malware/malware-entry-mwjs488
    <script type='text/javascript' src='http://cribboy9.co.cc/wp-includes/js/comment-reply.js?ver=3.4.1'></script>
    Known javascript malware.
    Details: http://sucuri.net/malware/malware-entry-mwjs488
    <img src="http://cribboy9.co.cc/wp-content/themes/twentyten/images/headers/path.jpg" width="940" height="198" alt="" />
    Known javascript malware.
    Details: http://sucuri.net/malware/malware-entry-mwjs488
    <img src="http://cribboy9.co.cc/wp-content/themes/twentyten/images/headers/path.jpg" width="940" height="198" alt="" />
    Known javascript malware.
    Details: http://sucuri.net/malware/malware-entry-mwjs488
    <img src="http://cribboy9.co.cc/wp-content/themes/twentyten/images/headers/path.jpg" width="940" height="198" alt="" />
    Anomaly behavior detected (possible malware).
    Details: http://sucuri.net/malware/malware-entry-mwanomalysp8
    <script type="text/javascript" src="http://stats.hosting24.com/count.php"></script>
  9. MickeyRoush
    Member
    Posted 2 years ago #

    Please download the path.jpg file located here to your desktop:
    hxxp://cribboy9.co.cc/wp-content/themes/twentyten/images/headers/path.jpg

    Then upload it to:
    https://www.virustotal.com/

    And see if it finds anything.

    Then repeat for any other file that is being reported as malicious.

    Also are you on shared hosting?

  10. blogger9
    Member
    Posted 2 years ago #

    i have done some reading and saw that co.cc domains are block by Eset Nod, google and i think norton, so that explains why the browsers block the website, but it doesnt explain why im getting malware warning while doing the site check on a FRESH INSTALL.

    i have given up on the .co.cc domain and tried a .tk domain which doesnt get blocked by Eset Nod and other viruses but it still picked up as dirty as soon as the wordpress files have done installing on the host. I really do not think the problem is on my side and really dont care that sucuri detects my site as having malware. Ill leave keep thinking that its false possitives since iv done all what those guides say but still get a dirty site as soon as i upload the files.

    summary:

    --with an empty site without wordpress, sucuri detects it as CLEAN

    --as soon as i have uploaded wordpress to the host server sucuri detects it as dirty. It didnt matter how many times i downloaded the zip file, i have scanned my PC, have scanned the zip file, no viruses.

    i have made new SQL databases, new passwords, changed domain provider, but still http://sucuri.net/ detects my site as having malware in paths that are within the wordpress files, thats what makes me think that the problem is not on my end. However i do know that there are other sites running wordpress and come up clean on sucuri...

  11. blogger9
    Member
    Posted 2 years ago #

    @MickeyRoush Im using a free host.

  12. blogger9
    Member
    Posted 2 years ago #

    I did read the forum rules and didnt notice anything about posting other sites (this is not spam), but since this is for the sake of you helping me i will provide the name of the host i am using.

    i use 000webhost's free hosting plan. i dont know if this will help someone to deduce the problem but it might help mentioning the host that im using just incase someone is using that same host and has a clean site so can remove them from the equation. I used virus total and found no virus in path.jpg

  13. Krishna
    Volunteer Moderator
    Posted 2 years ago #

    i use 000webhost's free hosting plan.

    I would suggest that you try some other host and see if it repeats the problem. If it does not, there are are strong indications to suggest vulnerabilities with this hosting service. I have noticed several cases involving this host the details of which I do not want to discuss here.

  14. MickeyRoush
    Member
    Posted 2 years ago #

    I agree with Krishna, I remember seeing another issue of someone having an issue with that host as well.

  15. dremeda
    Sucuri Wizard
    Posted 2 years ago #

    Hey there. The site is definitely infected. Where are you getting the WordPress files you're uploading? Please make sure to use the latest download of 3.4.1 from WordPress.org when uploading.

    Thanks,
    Dre

Topic Closed

This topic has been closed to new replies.

About this Topic