Forums

WordPress › Support » Themes and Templates

virus in header.php (11 posts)

  1. ilma55
    Member
    Posted 11 months ago #

    Hello!
    look, what is it?
    I have a virus: wp-content\themes\Innovate\header.php - PHP/Kryptik.AB

    how I can remove it?

  2. s_ha_dum (was apljdi)
    Member
    Posted 11 months ago #

    wp-content\themes\Innovate\header.php

    Replace this file with a clean copy, to start, but there is no guarantee that that is the only place you have a problem. You should probably work through the "I've been Hacked" codex page.

  3. ilma55
    Member
    Posted 11 months ago #

    this is my problem
    and I do not understand

    [Code moderated as per the Forum Rules. Please use the pastebin]
    `

    If I delete it everything is OK

    I use ESET antivirus

  4. s_ha_dum (was apljdi)
    Member
    Posted 11 months ago #

    No. As per my previous past, you don't know if this is the only problem. Replace that file with a clean copy and work through the codex page I linked to.

  5. ilma55
    Member
    Posted 11 months ago #

    I cant =(

    I have no back up
    and I cant download theme and replace this file cause this file was modified by old developer

    canhj I decode this line to know what daoes it mean?

  6. s_ha_dum (was apljdi)
    Member
    Posted 11 months ago #

    It is base64 encoded. You can find decoders online but I can't get it to decode to anything unreadable, but you don't need to decode it. You need to get rid of it. You've been hacked. If you don't have a backup, you need to replace all fo the files you can-- IE the WordPress ones that you can re-download-- and you need to check every single file on your server that you can't replace. See this thread.

  7. ilma55
    Member
    Posted 11 months ago #

    thank you!
    but...
    I deleted all base64 from head- footer- functions- php files in my themes folder

    hope everything will fine =)

  8. s_ha_dum (was apljdi)
    Member
    Posted 11 months ago #

    You were hacked once. If you don't figure out how you were hacked and fix the problem you will be hacked again. You aren't finished here.

  9. ilma55
    Member
    Posted 11 months ago #

    I updated all plugins, changed password

    but I cant renew my theme files cause I do not know what modifications were made by other developoer

  10. s_ha_dum (was apljdi)
    Member
    Posted 11 months ago #

    Did you check directory file permissions?
    Did you check the database for hidden admin users?

    I've given you a couple of links with good information in them. Read those links (and follow esmi's links when you find them), and do everything they say. If you want to know the answer to the question "Have I done enough?" then ask yourself "Have I done everything in those links?". If you haven't, you have not done enough.

  11. ilma55
    Member
    Posted 11 months ago #

    Thank you!
    I found few usefull links and advices and bookmarked it!!!

    and now I m rechecking all files

Reply

You must log in to post.

About this Topic

Tags