Malware detected

martincritten
(@martincritten)

13 years, 12 months ago

Hi, I’m just starting to get to grips with webmaster tools (google) and it detected malware. I’ve installed antivirus 3. scan and notify and getting a couple of red bars – just discovered the support is in german and no good. But the sotfware shows a block in red where there’s a danger then – There is no virus; View line 86require_once( $locale_file ) etc.

What next ? I’m no coder; and the site lives in dreamhost so theres no FTP launching. Is there a better plug in for detecting and bouncing malware,viruses and trojans without having to dig and root them out manually? Or can anyone advise what to do here.

Thanks Martin

Viewing 6 replies - 1 through 6 (of 6 total)

esmi
(@esmi)

13 years, 12 months ago

You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/

http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Thread Starter martincritten
(@martincritten)

13 years, 12 months ago

Thanks for pointing me in the right direction; the weirdest thing though, had a scan check done by Securi Site Check, another wordpress rated plug in and it gave me a clean bill of health??? And if I signed up with them to do the biz for me, it would have been 89 dollars a year.

Will have a read tho – thanks

Regards martin

perezbox
(@perezbox)

13 years, 12 months ago

Hi

What do you mean there is no FTP launching in Dreamhost? They do in fact offer FTP, pull it from your CPANEL in FTP accounts.

esmi provided a number of good links. Both the ones from SiteCheck and Unmask will give you real time scans of the site and if it finds anything they’ll tell you what it is. You can navigate through the pages to remove the infection.

If you’re not looking to do that then another option you have is to download the site directory and have your local AV scan it. If for nothing else to identify where the stuff is. I’d caution against using the default remove or delete though or you might find yourself in a world of hurt.

Thanks

Mark Ratledge
(@songdogtech)

13 years, 12 months ago

@perezbox said:

If you’re not looking to do that then another option you have is to download the site directory and have your local AV scan it.

This will do absolutely nothing and is a waste of time. AV for PCs will not pickup encoded php eval strings. PC virii and php web-based malware are completely different animals.

@martincritten: Stick with the links @esmi posted.

perezbox
(@perezbox)

13 years, 12 months ago

Hi @songdogtech

Are you saying the only infections he should consider are encoded PHP eval strings? Is there nothing else a local AV would pick up from infected files?

Interesting advise..

perezbox
(@perezbox)

13 years, 12 months ago

@martincritten

You sound like a novice, but if you’re not there are other methods you can use via SSH. Just let us know.

If you’re curious to see some of the other malware types that could be affecting you take a look here: http://blog.sucuri.net/2012/04/sucuri-sitecheck-web-malware-distribution-march-2012.html. This is a compilation of malware distribution for the month of March, follow the links and it’ll give you more info on the various types.

Local AV’s will pick up some of these, without knowing what you have it’ll be hard to advise, but never turn away a potential tool… lesson learned long ago..

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Malware detected’ is closed to new replies.

Malware detected

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics