Help needed deleting Pharma hack from database
-
Hi all,
I’d really appreciate some help getting rid of some rogue files from my database.
I originally was informed by my host that they had taken my site offline due to malicious files. I performed all the usual necessary measures and found that I had various problems with my plugins – in this case nextgen.
I performed a full reinstall of WP, changed passwords, deleted all plugins and began the laborious task of righting the site.
But when a few days later I came back to it, the rogue plugins had mysteriously reinstalled and once again I had a database connection error. I deleted the plugins again, got back into the site and the same thing happened next time.
After much Googling I ascertained that it is the pharma hack, which apparently loads rogue files in wp_options in my DB. I have tried searching for all the recommended “option_name” hack files but came-up empty. I then went through my table page by page and found literally hundreds of files named “displayed_gallery_rendering_cc5c2d697677a72d9420d351ce305297” or similar.
To be honest, I’m a little out of my depth in PHPMyAdmin so I don’t feel comfortable randomly deleting rows, but I do really need to fix this.
Is there any way that I can clean my DB without causing any more harm to my ‘good’ files?
Any help much appreciated.
- The topic ‘Help needed deleting Pharma hack from database’ is closed to new replies.