same in servage.net
First steps is acting accordingly to that page :
Next you can come back and things will get more “productive” 🙂
Hi. Lynne and I are from the same site. I handle most of the technical stuff. We scanned using the sucuri tool at and we saw that it is in some of the plugins. I was able to remove most of it, but I don’t know how to access this jscript since it’s not in one of the plugins installed:
It showed the malware code in it and if I just know what file that is, I can access it in the Editor and delete the malware code. Can anyone help me in what part of the WordPress admin I can look for this script?
Thanks in advance
That’s part of wordpress core. You don’t have access to it via the admin dashboard. You’ll have to grab it via FTP, edit it, and re-upload it.
I have this same issue now
Anyone managed a temporary solution?
Oh ok. Thanks for the feedback. I’ll get in touch with our hosting service about it
A lot of people also have the same problem, thread can be found at: http://www.google.im/support/forum/p/Webmasters/thread?tid=39907801f6c83cde&hl=en
Would be very interested to know of a fix that does not involve starting from scratch and reinstalling everything.
Does anyone know if WP have a virus/malware scanner inbuilt or as plugin?
I just had the same problem. It seems ALL the .js files in my installation were modified at 1:23 am this morning.
I learned this by doing a scan with sucuri.net
The following code was included at the bottom of each file.
I just downloaded all my wordpress installation… used notepad++ to run a search and replace in files …. then uploaded the whole thing again, overwriting all files from the server with the newly corrected files.
Sucuri.net re-scan.. and all clean..
This is a temporary solution as I am not sure where the hackers got in, or what caused the problem… so I am sure it will come up again..
If anyone else knows the source of the problem… please let us know!! 🙂
Hope this helps you all.
One of the most common ways these hacks start is a compromised FTP password that was picked up by malware on a Windows PC. I recommend the following:
– scan your PC for viruses and trojans,use more than one scanner
– change your FTP password
– don’t use Windows as an FTP client
– if you must use Windows, don’t use the same machine for casual surfing
– if you must surf from that machine don’t use Internet Explorer(especially old versions)
Fair play to Securi, had forgotten about that site
Was using Totalvirus.com and was showing the site as clean.
Back online properly again. If they got in by guessing my FTP password fair play to them, mine is 14 characters long and I don’t save passwords in Filezilla. I am at a loss at how all these malware can keep getting into my site.
- The topic ‘Malware Detected by Chrome’ is closed to new replies.