WordPress.org

Ready to get started?Download WordPress

Forums

Trojan Horse (21 posts)

  1. Raw Twig
    Member
    Posted 2 years ago #

    Hi there,

    Some help desperately needed please. I've been having a lot of problems with my computer lately...crashes, freezes, malware etc...

    It seems that something has dumped a Trojan horse into my site.
    When i went to check on my site, regardless of what topic i press in my menu...Avast pops up blocking Trojan Horse.

    How do i get rid of this PLEASEEEEEEEEE

    http://rawtwig.com/

  2. ClaytonJames
    Member
    Posted 2 years ago #

    This thread contains an extended list of links and steps to follow after you've been hacked.

    http://wordpress.org/support/topic/wordpress-ecurity-site-hacked-twice-in-a-month?replies=5

  3. Raw Twig
    Member
    Posted 2 years ago #

    Clayton thanks for the quick reply.
    I just had a read of the links and i so dont know half, if not more, of how to do this. This site was set up for me.
    I can add pics and writing but thats as savvy as i am with it.

    Is there anyone that can do this for me?

    Thank you.

  4. crtenbarge
    Member
    Posted 2 years ago #

    Cleaning your site might just be a matter of reloading the core files and deleting ALL stray index.html files. Can you FTP?

  5. Raw Twig
    Member
    Posted 2 years ago #

    I've never done it but i can give it a try with step by step instructions.

  6. Raw Twig
    Member
    Posted 2 years ago #

    Update; I no longer have the option to log in to my site...What to do?

  7. crtenbarge
    Member
    Posted 2 years ago #

    Download a fresh copy of wordpress. Open it up and delete the wp-contents directory. Open a ftp session to your server and upload everything except for the wp-contents directory that you just deleted. While you are looking at your server, delete any files and folders that do not belong... notably html files. Look inside every folder for stray html files, delete everything that doesn't belong. I've seen where hackers place index.html files in every folder 3 or 4 levels deep. I've seen this a couple of time from unsecured servers.

  8. Raw Twig
    Member
    Posted 2 years ago #

    Sorry but how do i open a ftp session?

    Got the wordpress....where do i upload it to?

  9. Raw Twig
    Member
    Posted 2 years ago #

    Ok i discovered i can upload files in godaddy.

    My question is which file in the directory tree do i upload this file to
    "fresh copy of "wordpress".

    Html
    [Apache Logs]
    cgi
    wp-admin
    wp-content
    wp-includes

  10. If you haven't already done so, you really, really, really want to make that full backup before doing this.

    Your site is hacked, and being able to get back to where you are right now is your safety net...

    When you extract the files on your PC from http://wordpress.org/latest.zip, they'll be in a wordpress directory like so.

    wordpress/
    wordpress/wp-includes
    wordpress/wp-admin
    etc.

    Take the full contents of wordpress/ and transfer that into the same directory where your existing WordPress files are located except the wp-content directory.

    That will not delouse your install, but it may let you into the WordPress dashboard.

  11. Raw Twig
    Member
    Posted 2 years ago #

    OK have looked the wordpress file and understand what it looks like, i deleted the said wp-content.

    I still dont understand which of these i add that file to.

    Html
    [Apache Logs]
    cgi
    wp-admin
    wp-content
    wp-includes

  12. Raw Twig
    Member
    Posted 2 years ago #

    LMAO.....Desperate times call for desperate measures...

    OK, this is what i did to get rid of my trojan...lmao still

    Because i didnt know where to put that new wordpress file, frustration got the better of me and i turned into chrome...kill...

    I opened godaddy ftp manager, where my files are located. I opened my website so i could see the Avast trojan warning(file path). I followed the path in my godaddy files till i found the culprit and kept deleting. I kept clicking on all pages of my site, repeating the path finder step....lmao...

    Ok, OK, it may not be to some peoples standards but i'm over the moon right now.

    All i need is for someone to give me directions on how to add a log-in section to my website....PLEASE

    Thank you....lmao

  13. kmessinger
    Volunteer Moderator
    Posted 2 years ago #

    I had http://sucuri.net/ clean my site. I just didn't have the time and the fact it is good for a year convinced me.

    Over a weekend it takes a little longer. GoDaddy might also clean it for you.

  14. adpawl
    Member
    Posted 2 years ago #

    Sucuri is good .... but it removes the effect, not cause.

    URLs are provided almost everything, unfortunately, no access to the server - not much more we can do.

  15. Raw Twig
    Member
    Posted 2 years ago #

    Problem is a tad worse now. I tried using ftp to up/load wordpress. Yes i deleted the content file first. It has opened up a whole new file called "wordpress".

    All the trojan stuff that i had manually deleted came back. Was i suppose to delete anything before up/loading. This is turning into a bigger mess than when i started.
    I have gone through yet again, manually deleting, Now my site is gone.

    Pleaseeeeee can someone give me "STEP FOR STEP" instructions on how to fix all this.

    PS; Securi is good for people that can afford it. I can not.

  16. adpawl
    Member
    Posted 2 years ago #

    You deleted wp-contents folder? - It is a mistake!

    This is simple instructions, step by step in case of infection:

    First - turn-off page in .htaccess file.
    Next, check files by modyfication time and look into server logs.
    Then, by FTP remove wp-admin and wp-config catalog ....and replace it by fresh copy from latest wp package. Replace all files in wp root directory.
    Remove all plugins and upload a fresh copy's.

    Check all non-modified files eg. wp-config.php, .htaccess, in themes (if possible, replace by a fresh/backup copy) and upload folder. Find and remove malicous code in non-modified files and remove all backdoors hidden in the new, non-standard files.
    After cleaning, secure your wp - set permissions, add fixes to .htaccess, check your theme - if timthumb is used - update and secure it.
    On end, turn-on your page.

  17. Raw Twig
    Member
    Posted 2 years ago #

    You are kidding me right? I was told to delete it out of the new "wordpress" file/dload.

    No-one told me to delete wp-admin and wp-config prior to uploading new.

    I have ended up with a right mess in my server. It killed my site cos files were missing so i had to go back in to server files...restore the ones that had gone missing so i could get the site back up. Then it reloaded all the trojan files i had manually deleted...DAMN.

    I'm not sure what to do with your instructions now. If i just delete everything what will happen to the contents i put in..e.g..pics , writing...etc?

  18. esmi
    Forum Moderator
    Posted 2 years ago #

    I was told to delete it out of the new "wordpress" file/dload.

    You were told to remove the wp-contents folder from the new copy of WordPress that you downloaded. This was an attempt to stop you from over-writing your existing wp-content folder.

    No-one told me to delete wp-admin and wp-config prior to uploading new.

    Oh yes you were:
    "Open a ftp session to your server and upload everything except for the wp-contents directory that you just deleted."

    You need to read & follow any instruction carefully & slowly.

  19. You are kidding me right? I was told to delete it out of the new "wordpress" file/dload.

    No-one told me to delete wp-admin and wp-config prior to uploading new.

    I'm really sorry you're having a rough time of it, but see the first part of my reply up above?

    http://wordpress.org/support/topic/trojan-horse?replies=18#post-2785149

    I can't stress it enough: Do not hesitate, do not look for a short cut, please make and save that full file and database backup right now and put that somewhere safe. It's your get out of jail card and will help you if you delete something that you didn't intend to.

    That will not delouse your WordPress installation, the other links discuss that. But it will help you get out of a hole when you want your uploads back.

  20. Raw Twig
    Member
    Posted 2 years ago #

    Thanks for the replies, I have found someone that is going to redo the whole site. Apparently the trojan that i have has encrypted stuff through everything/everywhere. Even this guy says he has never seen anything this bad.

    Once again Thank you...

    @Esmi....apologies yes i was....but when you havent a clue as to what you are doing (ftp) you tend to concentrate on trying to learn what to do in one thing rather than "all" at once.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.