How to remove malware script from wordpress ? (5 posts)

  1. famecherry
    Posted 3 years ago #

    Hello friends

    Recently my site http://famecherry.com has been blocked by google due to malware

    My host found some malicious redirects in my .htaaccess of which I have removed

    After that i requested google for a review but i am still blocked

    This is what my google cpanel looks like now


    It says Status of the latest badware review for this site: A review for this site has finished. The site was found clean. The badware warnings from web search are being removed. Please note that it can take some time for this change to propagate.

    however below there they show links of malware although my host run scans on my files and they say its clean

    Then later on i found this site which can scan the scripts on my site for me here http://aw-snap.info/file-viewer/?tgt=+http%3A%2F%2Ffamecherry.com&ref_sel=Google&ua_sel=ff

    Some suspicious blocks of scripts were found

    Where can i find where these scripts are so i can remove them ?

    Can somebody please help me ?

  2. Mark Ratledge
    Forum Moderator
    Posted 3 years ago #

    You need to work your way through these resources and follow all instructions to completely clean your site or you may be hacked again. You can't trust your host to do this kind of work.

    See FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress « WordPress Codex.

    Change all passwords. Scan your own PC. Use http://sitecheck.sucuri.net/

    Consider changing to a more secure host: Recommended WordPress Web Hosting

  3. famecherry
    Posted 3 years ago #

    Thank you songdogtech

    So does that mean if i just delete everything and reinstall everything then the suspicious script block will be removed together too ?

  4. famecherry
    Posted 3 years ago #

    If after this clean install and i restore from my database, would the malicious code be restored together in my database ?

    From your experience, the suspicious code here http://aw-snap.info/file-viewer/?tgt=+http%3A%2F%2Ffamecherry.com&ref_sel=Google&ua_sel=ff are actually malicious scripts ?

  5. Mark Ratledge
    Forum Moderator
    Posted 3 years ago #

    Could be; follow the links above to search your database for malware.

    If you can't do the work yourself, consider looking for a reputable person to fix it correctly on jobs.wordpress.net or freelancing sites such as Elance. (It's not a good idea to respond to unsolicited emails from forum users offering to work for you.)

Topic Closed

This topic has been closed to new replies.

About this Topic