Support » Fixing WordPress » JS Injection Virus

  • Courtney


    Hi All,

    I seem to have picked up a bug on my pc and when I logged into my ftp account the virus then injected some malicious code into EVERY SINGLE FRIGGIN .js file.

    Quite the pain in the arse.

    In my ftp account I noticed some rather odd behavior. When I did a search for all files ending in .js it seems that one of the malicious files goes into a never ending loop. I stopped the search after the ftp program found over 100,000 .js files inside the tinymce plugin folder. It was showing results for a js file that went hundreds of folders deep, where upon inspecting the folder… doesn’t go close to that level.

    I also noticed that all the files are injected at the very end of the file and each injection starts with the exact same code which is:

    var _0xa687

    what I would like to do is to run some sort of script that locates the “var _0xa687” string and then removes it and everything after it.

    It will take me forever to locate and remove the 10,000 plus .js files that I know are there.

    Does anyone have any suggestions as to how I can accomplish this?


    Courtney L Bostdorff

Viewing 7 replies - 1 through 7 (of 7 total)
Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘JS Injection Virus’ is closed to new replies.