Support » Fixing WordPress » virus

  • Resolved krimkus



    Being a Mac user, I am not familiar with viruses other than what I hear Windows users complain about, so I’m not sure how my blog at has been hacked, but after reading a few blog posts on WordPress Trojans and viruses I was able to see this code when I viewed the source code of my website.

    At the very end of the code is a script that loads a this

    I thought I could just edit the code from the footer of my theme, but I can’t find it.

    GoDaddy is doing some research on their end to see if they have a problem.

    The antivirus plugin I downloaded doesn’t find a permalink backdoor problem.

    I hope someone can help me.

    Thank you,


Viewing 15 replies - 1 through 15 (of 15 total)
  • esmi


    Forum Moderator

    I’m glad to find this post. I read through various twitter accounts that this has been happening all day. Two of my sites are down. 🙁

    I am encountering the same issues with a client’s blog. This is the 3rd attack – each time I attempted to restore/replace the files with my original versions. This, I thought, corrected the issue but apparently not as this is the 3rd incident (each time from a different malicious IP/domain but same exploit, eval code type). I have been researching for hours and applying suggestions but with no avail. I have a feeling there is some sort of backdoor which I am missing.

    Can anyone advise a solid solution?
    Thx 🙂



    Forum Moderator

    I started having issues today [am with GoDaddy, too] and just found notice this was loading as well. {sigh}

    i just loaded my site and got this problem as well 🙁

    I so feel for all of you guys.

    My blog has been hit twice in the last week, the 2nd time this morning.

    Last Friday it was by the zettapetta virus, and this morning by the holasionweb.

    I did everything swytch did above, and it didn’t work- everything was still completely screwed up, especially the admin. I was nearly suicidal by the time I fixed it last week.

    I had deleted all of the files, did a new install of the latest WP version, checked every folder and every main php file, and my blog was still fubared.

    BUT, the good (of not great) news is there is a fix, and one that is quick, easy and works really well.

    If you use GoDaddy that is, but I suspect that you’d be able to do this with other hosts too if you just contact their tech support and ask them how.

    What you need to do is a restore to history in your hosting control panel. Why, in the several times I talked to GoDaddy, they didn’t recommend this process (instead just repeating- you must upgrade your WP version- as if it’s a WP fault- it’s not!!), is beyond me.

    I just wrote a loooong post on my blog about how to (successfully) fix it using the GoDaddy restore to history. (But don’t worry- the process itself will only take about 15 minutes!)

    here is the link to my blog post:

    And if I ever, ever, catch someone writing, or using, malware code, I swear to god I will pour gasoline on them and light them on fire. I am that angry about this. Which is why I’m now trawling the internet trying to help other people. I went through hell and hopefully you won’t have to too.

    Comment back here if the restore to history worked for you!!

    I had the same issue with one of my sites today. I wish I had read Cowbelly’s post prior to my work this evening. After talking with GoDaddy, I reinstalled WordPress, including all of my plugin files, put my saved copy of my theme back (always have a copy on your computer), and cleared the cache and cookies. It worked, but took a while to do.

    Is it just me or is 2.9.2 prone to hacks? I hope security in 3.0 is a higher priority.

    Daniel Ansari posted a script that I just used on two of might sites that were infected and it worked beautifully:

    pundito, thanks for the link to Daniel Ansari’s script. It was just the ticket for getting rid of this nasty malware hack on my blog. If anyone else is having problems with the code, give this a try and see if it doesn’t work for you too.

    I found this awesome solution and it worked extemely fast and easy for me, just read it here on my blog at
    Also, pundito has the link that I talked about in my article.

    Hi guys, I used the fix from However, whenever I try to make a new post, the page is all scrambled up. I replaced wp-admin already and it didn’t work out. Help please? Thank you.

    cowbelly – your history restore method is the one which saved my website. thanks 🙂

    Daniel Ansari posted a script that I just used on two of might sites that were infected and it worked beautifully:

    This fixed it for me

    Excellent! Daniel Ansari’s script worked for me!

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘ virus’ is closed to new replies.