Support » Fixing WordPress » Anyone know how to fix a WordPress blog affected by HTML:Illiframe-C [Trj] ?

  • Resolved thetanooki

    (@thetanooki)


    So I’ve got a WordPress blog on my site, and lately it’s been going haywire. Got some emails from my readers, and I’ve figure out the culprit to be a Trojan, HTML:Illiframe-C [Trj]

    The virus apparently sticks iframe spam links into web files (PHP, HTML, etc), which on WordPress usually results in parse errors. It seems like this is a relatively new virus (most search results are reports from the past month or so), and I can’t find much info on it (is it something on my Mac? on my host’s server?). The obvious fix is to simply re-upload clean versions of the original files. I do this, and all I get is a blank page, no WordPress – no blog, no admin dashboard, no login screen… I can’t access anything. Of course, the virus usually kicks in after a few hours, and the blank screens are again replaced by parse errors.

    I know this isn’t a virus-solving forum, but I was wondering if maybe other WordPress users were also affected and managed to solve the virus issue and/or get beyond the blank page.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Thanks… but that brought me back exactly where I started. Fresh install went fine, but once the database was imported, blank pages.

    If other WordPress users were also affected by this particular trojan and managed to solve the issue and/or get beyond the blank pages, let me know.

    If you get a blank screen, reset permalinks and make sure your htaccess file is writable. That’s the typical fix for a blank admin screen.

    Quick question before I do that – I’m pretty sure the issue is database related, is that a possibility? Like I said, after the fresh install, everything was fine so far. I could see the blog, I could login, I could access the backend. It was only after importing the old database that I began getting blank screens – no other files or permissions were changed.

    If you did a fresh install and could get into admin, then it would seem like your database backup is damaged. You could try a database repair with PHPMyAdmin, but I don’t know the full scope of those repair capabilities. Do you have lots of posts you want to save?

    Resetting permalinks won’t hurt anything; the only thing that might temporarily change are your pretty URLs.

    It was a news blog of roughly 10,000 posts, including at least a few dozen original editorials. I’d like to save as much of it as I can, and I’m scrambling right now to find the most recent working backup.

    Obviously, if it’s a database issue, the problem could be anywhere. When I backed it up a few days ago, it still produced a roughly 8MB file, though. I’ve not attempted to fix anything of this nature before… do you or anyone reading this have any suggestions as where might be good places to start if I were to look through the database tables for oddities that I might be able to fix manually? I would assume the problem’s in the core tables, but I honestly have no idea.

    There’s a long thread here about dumping a database and searching through it.

    Hopefully you have a backup that goes back before the hack. That would make life easy….

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Anyone know how to fix a WordPress blog affected by HTML:Illiframe-C [Trj] ?’ is closed to new replies.