WordPress.org

Ready to get started?Download WordPress

Forums

JS Injection Virus (8 posts)

  1. Courtney
    Member
    Posted 2 years ago #

    Hi All,

    I seem to have picked up a bug on my pc and when I logged into my ftp account the virus then injected some malicious code into EVERY SINGLE FRIGGIN .js file.

    Quite the pain in the arse.

    In my ftp account I noticed some rather odd behavior. When I did a search for all files ending in .js it seems that one of the malicious files goes into a never ending loop. I stopped the search after the ftp program found over 100,000 .js files inside the tinymce plugin folder. It was showing results for a js file that went hundreds of folders deep, where upon inspecting the folder.....it doesn't go close to that level.

    I also noticed that all the files are injected at the very end of the file and each injection starts with the exact same code which is:

    var _0xa687

    what I would like to do is to run some sort of script that locates the "var _0xa687" string and then removes it and everything after it.

    It will take me forever to locate and remove the 10,000 plus .js files that I know are there.

    Does anyone have any suggestions as to how I can accomplish this?

    Thanks!!!

    Courtney L Bostdorff

  2. Pankaj Pandey
    Member
    Posted 2 years ago #

    delete tinymce folder. there may be problem some php script is there which is inserting the code. better you follow http://codex.wordpress.org/FAQ_My_site_was_hacked

  3. Courtney
    Member
    Posted 2 years ago #

    Hi Pankaj,

    I deleted and the reinstalled tinymce.

    Courtney

  4. Courtney
    Member
    Posted 2 years ago #

    Hi Pankaj,

    I deleted and the reinstalled tinymce.

    I have pretty much done everything from the "my site is hacked" post. I could run a backup but I have over 1000 GB of data....so it takes a really long time to backup.

    I would much rather run a script to remove all of the var _0xa687 instances and know that this can be done....I just don't know how to do it :)

    Any ideas?

    Thanks for your assistance.

    Courtney

  5. Pankaj Pandey
    Member
    Posted 2 years ago #

    create a script from http://pastebin.com/c8pZ2HZC

    upload on your site. change line 2,46 and 47 as per your need.

  6. Courtney
    Member
    Posted 2 years ago #

    Thank you for that Pankaj!

    One last question. What is the best tool to use so that I can scan my site to check for malware?

  7. esmi
    Forum Moderator
    Posted 2 years ago #

  8. Pankaj Pandey
    Member
    Posted 2 years ago #

    Esmi Rocks. I use the same to check the site even non WordPress site.

Topic Closed

This topic has been closed to new replies.

About this Topic