WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] WARNING MALWARE DETECTED (12 posts)

  1. jamesdearsley
    Member
    Posted 3 years ago #

    Hi all,

    Just a quick question. I have been told that there is a problem with my site and that a Malware has been detected. I presume this is a virus.

    Is there an easy way to find out the cause of this virus.....

    James

  2. Elegant Themes
    Member
    Posted 3 years ago #

    what is your url?

  3. jamesdearsley
    Member
    Posted 3 years ago #

    The URL is http://www.surreybeekeeper.co.uk

    Thanks for the help.

    James

  4. James Gander
    Member
    Posted 3 years ago #

    I have scanned your site with sitecheck.sucuri.net/scanner and malware has been detected in the following file:

    http://www.surreybeekeeper.co.uk/wp-includes/js/l10n.js?ver=20101110

    Maybe you could try deleting this file and seeing if it makes a difference?

    Maybe you could edit the file to remove the malware - Scan the site for yourself to get full information on where the malware is located.

    Hope this helps.

    James Gander

  5. jamesdearsley
    Member
    Posted 3 years ago #

    Thanks James, really appreciated.

    I will just have to locate that particular file as have no idea what it might be. Can only think it is an image I must have uploaded.

    Will take a look, thank you.

    James

  6. James Gander
    Member
    Posted 3 years ago #

    Ok, hope it works. I think the file is a javascript file, rather than an image, which could have been uploaded through a theme or plugin, or you site might have been hacked. Can I suggest that once you've deleted the file you change any administrator passwords just to be on the safe side.

    Let me know if you have any success.

    James Gander :)

  7. jamesdearsley
    Member
    Posted 3 years ago #

    Thanks James,

    Just to help me find this javascript file can I find it using the URL that you sent through to me?

    That might speed up the process.

    Thanks

    James

  8. James Gander
    Member
    Posted 3 years ago #

    You'll need an FTP connection to delete this file easily.

    If you have one, log on to the server and navigate to "/wp-includes/js/" then delete the file called "l10n.js"

    Hopefully that should do the trick.

    If you encounter any problems with the site after deleting the file let me know and i'll post the version of the file without the malware included, as well as instructions on how to re-create the file.

  9. jamesdearsley
    Member
    Posted 3 years ago #

    Hi all,

    Just gone into my FTP and deleted that file. Does there appear to be a virus on the site when you go in now?

    Thanks for your help thus far.

    James

  10. govpatel
    Member
    Posted 3 years ago #

    I did not get any warning

  11. jamesdearsley
    Member
    Posted 3 years ago #

    Great, thank you for letting me know. Much appreciated.

    James

  12. MickeyRoush
    Member
    Posted 3 years ago #

    This attack could have infected more than just that file. So far these four WordPress files could have been infected in this widespread attack. Please examine these four files before taking any action on them.

    /wp-config.php
    /wp-settings.php
    /wp-includes/js/l10n.js
    /wp-includes/js/jquery/jquery.js

    Also these malicious files could be uploaded/created. All of these below can be safely deleted/removed.

    /wp-admin/common.php
    /wp-admin/upd.php
    /wp-admin/js/config.php
    /wp-content/2b64c2f19d868305aa8bbc2d72902cc5.php (or similar)
    /wp-content/themes/[theme's name]/temp/eab9c5e9815adc4c40a6557495eed6d3.php (or similar)
    /wp-content/upd.php

    Possibly also:
    /wp-content/uploads/feed-file.php
    /wp-content/uploads/feed-files.php

Topic Closed

This topic has been closed to new replies.

About this Topic