WordPress › Support » Virus alert

flyw
Member
Posted 4 months ago #

Hello everyone and first of all, best wishes for the year 2012.

My current setup WP
- WordPress Version: 3.3.1
- Version of PHP / MySQL:
- Theme used: creativo
- Extensions in place: ALO EasyMail Newsletter, CodeStyling Localization, Easy Gravatars, Google Analyticator, Simply Show IDs, Testimonials Widget, Widget Logic, WordPress Database Backup WordPress Google Button 1 - Advanced Plugin, Includes redirection, WP-Memory-Usage, WPtouch
- Name of the host: 1 & 1
- Website address: http://www.fbmediaworks.com, http://www.hugtouch-la-communication-des-sages.fr (theme creativo) http://www.barilonegestion.fr (theme denizy )

Problem (s) meet (s): Alert viral Avast.

A few days ago I had reported that there was a virus alert on my site http://www.fbmediaworks.com after checking it appears that this alert is real.
At the same time, the same warning appears on two other sites http://www.barilonegestion.fr (theme denizy) and http://www.hugtouch-la-communication-des-sages.fr (theme creativo).

Of course I tried to find the resource on the net about this but without success.

The common feature of these three sites is that they are all hosted on a 1 & 1 but not on the same account.

I run them through against all three with google analytics on a same account.

What I did:

- Transfer all my files via ftp on my machine to go through the mill avast = Nothing
- Disabled all extensions = Nothing

Now I admit that I'm a bit stuck.

Do you have an idea for a track or a solution.

Looking forward to your lights

thank you

cordially

FLYW
esmi
Theme Diva & Forum Moderator
Posted 4 months ago #

http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

http://sitecheck.sucuri.net/scanner/
wpthemess
Member
Posted 4 months ago #

Hi please update the timthumb.php first : http://timthumb.googlecode.com/svn/trunk/timthumb.php and than keep update your wordpress version and than read this article for this : http://techspheria.com/2011/08/phpremoteview-hack-what-it-is-and-how-to-remove-it/. and thanks for the esmi you can check your website with this scanner ad update the javascript files on your themes. After this operations I think your website will turn normally.

Bulent
SwansonPhotos
Member
Posted 4 months ago #

you may also want to discretely discuss this with your webhost as the issue with timthumb is that it can affect other sites in a server environment.

http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/
wpthemess
Member
Posted 4 months ago #

I'm the same idea with "SwansonPhotos" the secret discuss about this. Please check your email for the extended solution. I ve sending solutions via email
flyw
Member
Posted 4 months ago #

Thank you to all for your help

I started to clean the machine and tried to destroy this virus in changing the .js

I will tell you when ill kill all.
ty Bulent, you are a real support for your clients.

see you

Flyw
flyw
Member
Posted 4 months ago #

Hi

problem was inside .js files.
I changed all the files scanned by securi sitecheck.
All is ok now.

My machine was nearly ok, not special things, then i think it was a server attack.
I changed all the passwords.

I need just a little precision.
When i re check after cleaning with securi sitecheck, it told me that all was clean.
But, when i openened the admin dashboard, my avast antivirus screamed that was 10 again.
My question is : do u know a scan wich can scan all at the same time, inside and outide the admin ?

Ty again for your help and i push this post in resolved.

Cheers

Flyw

Reply

You must log in to post.

WordPress.org

Forums

[resolved] Virus alert (7 posts)

Reply

About this Topic

Tags

Code is Poetry