Have you tried:
– deactivating all plugins to see if this resolves the problem. If this works, re-activate the plugins one by one until you find the problematic plugin(s).
– switching to the Twenty Eleven theme to rule out any theme-specific problems.
– resetting the plugins folder by FTP or PhpMyAdmin. Sometimes, an apparently inactive plugin can still cause problems.
– re-uploading the wp-admin and wp-includes folders from a fresh download of WordPress.
I did try deactivating all the plugins, and I thought that worked, but what I realized was it just wasn’t showing up (most likely), since it only appears on rare occasion.
I just realized now that there was also an admin registered that i did NOT create, so maybe that was the issue.
Hey Akjackson
Sounds like you’re suffering from conditional malware, you can find more information looking up “polymorphic malware”.
Your best bet is to scrub your server, all sites, and find the backdoor. If not, it’ll just keep jumping around to its hearts content.
The problem with *any* malware infection is that once infected – you never know where actual malware would hide.
In other words updating, removing or overwriting plugins, as well as updating (or even removing and reinstalling) the whole wordpress would not help because malware usually leaves hidden backdoor files and quite often outside of any wordpress directory structures.
Normal detection tools (like wordpress plugins) quite often would not work because today’s malware backdoor scripts are not necessarily malicious looking files, but rather legitimate scripts offering functions to plant actual malware.
The effects of malware infection is that your site becomes spammers and scammers paradise offering hidden redirects of your visitors to scammers portals usually selling porn, drugs and casinos.
Once Google detects such changes on your site – it sends you a warning and then remove your site from search engine index and all your hard earned rankings are gone for good.
So taking care of this asap is the way to go.
I personally was infected by malware 3 times. Shame on me – because I have intensive anti-virus development experience. And that happened because I was just been plain not careful with the way I maintained my websites.
After third time I decided to take matters in my own hands and with the help of custom software as well as manual analysis approach – managed to scan, find and remove not only actual malware files, but also innocent looking malware “helper” files from my server. My site has been clean since then.
It is a lots of work but if you interested – contact me as I started to offer this service on a consulting basis already.
Gleb
We’re seeing an increase in the following: http://blog.sucuri.net/2012/04/getmama-conditional-malware-affecting-thousands-of-sites.html
Check yourself by looking at all your PHP files. Its evolving so be mindful of that.
