Malware in W3 Total Cache? (12 posts)

  1. girlgonegeekblog
    Posted 5 years ago #

    I recently was told that my blog girlgonegeekblog.com had malware warnings when people went it on it. I'm very new to wordpress.org so I just now downloaded WP-Security Scan to try and find the issue.

    In the meantime I used some free online url virus scanners and they told me that the file "w3tc" has some bad code in it. So I deleted the code but that didn't work, so then I deleted W3 Total Cache Plugin and it came out clean in the scan on a few sites.

    Now I heard these sites may not be completely accurate but it seemed to work. But I wanted to make sure and see if anyone else had this issue or am I mistaken?

    Anyone recommend any plugins or whatnot to scan and check for malware. I want to be completely sure my site is good now.

    *My blogs theme does not use timthumbs which I've seen is a recently malware issue.

  2. CyberOto
    Posted 5 years ago #


    Back ago there was one version of W3TC uploaded not by author, but from, let's say, bad people. The chances are that you had this particular version. The WP Team took steps to prevent such future issues and by that time all accounts have their passwords reset. Read more here - http://wordpress.org/news/2011/06/passwords-reset/

    The current version of W3TC is fine.


  3. girlgonegeekblog
    Posted 5 years ago #

    So i've scanned my site using google safe browse and it came up clean. I also have WP Security scan and use that and my site doesn't come up with malware or viruses. BUT this warning came up when I went to my blog today and it's the same warning others have gotten.

    screenshot: http://www.girlgonegeekblog.com/wp-content/uploads/2011/08/Screen-shot-2011-08-21-at-6.53.03-PM.png

    The weird thing is that the warning says the site "newportalse.com" is suspicious BUT there isn't anything on the warning on girlgonegeekblog.com (my site). When I scan newportalse.com it comes out suspicious, when I scan my blog girlgonegeekblog.com it's fine.

    Does anyone know why is this popping up?

    BTW I'm still green to wordpress.

  4. girlgonegeekblog
    Posted 5 years ago #

    Thanks a bunch CyberOto!!!

  5. Daniel Cid
    Sucuri.net Support
    Posted 5 years ago #

    Hey, I replied in another thread to you, but your site is compromised with malware (on one of the .js files). Details here:


    It seems to be related to the timthumb.php infections we are seeing lately. So it might be something you want to check in your theme (or plugins).


  6. prestonisgreat
    Posted 5 years ago #

    Were you still having the problem after you removed the W3TC code?

  7. prestonisgreat
    Posted 5 years ago #

    @girlgonegeekblog it looks as though your site is running just fine now and the scan that @dd@sucuri.net did is no longer showing Malware. I have the exact same problem with my site right now: http://www.drugrehabretreat.com.

    Any insight into how your removed the malware would be greatly appreciated.


  8. girlgonegeekblog
    Posted 5 years ago #

    I'm beyond stressed!

    Basically I found the timthumb.php and deleted the bad code from that and deleted the theme. I forgot that I never deleted the first theme downloaded but wasn't using (so so stupid).

    The bad java was: l10n.js

    Then secrui said my site was clean. BUT even after that I couldn't even access my wordpress dashboard because I kept getting malware warnings.
    The site popping up in the malware warning went from portalse.com to custom-wordpress.com. (before screenshot: http://www.girlgonegeekblog.com/wp-content/uploads/2011/08/Screen-shot-2011-08-21-at-6.53.03-PM.png)

    Then I found out there was still some malware in config.php and I removed that, but still no good.

    I also saw on a few posts that the bad code may be in a few places. I fear I have to reupload my blog. I'm not that good with wordpress and code, I only started this on wordpress.org about a month ago.

    I have my original wordpress.com xml from about a month ago. I also have several exported versions of my wordpress.org site. Will the wordpress.org stuff I downloaded from the dashboard > tools > export > export all, include any of the bad malware from the plugins and theme?

    Any suggestions for some really good and either free for reasonably priced anti virus plugins/software for wordpress?

  9. girlgonegeekblog
    Posted 5 years ago #

    I don't know if my site is clean or still has malware floating around somewhere. Any suggestions on how to fully scan every inch of the site to check for it. I'd be willing to pay for a anti virus/security software/plugin that isn't too expensive (indie blog) to get the job done right and keep malware off my blog. I've lost tons of hits these past few days

  10. prestonisgreat
    Posted 5 years ago #

    I broke down and paid (http://sucuri.net/) to clean it up... they were fast and seem to be efficient... time will tell, but at least for now... the sites are clean and functioning.

  11. girlgonegeekblog
    Posted 5 years ago #

    I actually did the same thing @prestonisgreat. I ended up buying securi and I still tried to redo my blog and upload a new one under domain.com/site but had issues with it that I couldn't fix and gave up. Especially since it seemed my blog was fine and wasnt getting any more malware warnings.

    I just got an email form secrui that they found malware and told me where and I deleted it. They said it was from timthumb so maybe it was leftover. I'm waiting for them to rescan it and get back to me but I'm happy with their quick response.

  12. Frederick Townes
    Posted 4 years ago #

    What resolutions were reached here? I encourage all users to use a solution like vaultpress.com to make sure you're able to rollback your site at a moment's notice and be aware of changes that you haven't made so that you can revert them and have the opportunity to remedy issues.

Topic Closed

This topic has been closed to new replies.

About this Topic