Malware Missed in scan

Jyn
(@jynmeyer)

10 years, 8 months ago

I was recently contacted by my webhost stating there were malicious codes embedded in my website.
I redid an ithemes malware scan which turned everything up good still, and my site is pretty high on security through the plugin.

They want me to remove the malware and then get back to them so they can rescan my site, so Im figuring they are going to have to lock it if I don’t figure out how to fix it. I really have no clue how to change these files individually or where the code is embedded in it to change it so I’m figuring my only choice is to reinstall.

My issue is why isn’t your plugin seeing this in it’s scan? Everything is current and up to date.

These are the infected files they listed:
public_html/oldindexhtml.zip
/public_html/wp-admin/about_indesit.php
/public_html/wp-admin/load-styles_backup.php
/public_html/wp-admin/user/menu_bck_old.php
/public_html/wp-admin/css/colors/_variables_indesit.php
/public_html/wp-admin/css/colors/ectoplasm/colors-rtl.min_ver1.php
/public_html/wp-admin/css/colors/ectoplasm/colors-rtl.min_indesit.php
/public_html/wp-admin/css/colors/light/colors-rtl.min_prevv1.php
/public_html/wp-admin/css/colors/blue/colors-rtl.min_ver1.php
/public_html/wp-admin/css/colors/midnight/colors.min_backup.php
/public_html/wp-admin/css/colors/midnight/colors_bck_old.php
/public_html/wp-admin/css/colors/sunrise/colors-rtl.min_old.php
/public_html/wp-admin/css/colors/sunrise/colors-rtl.min_backup.php
/public_html/wp-admin/includes/plugin-install_ver1.php
/public_html/wp-admin/includes/class-wp-upgrader-skins_bck_old.php
/public_html/wp-admin/network/site-info_indesit.php
/public_html/wp-admin/network/site-themes_old.php
/public_html/wp-admin/js/inline-edit-tax.min_backup.php
/public_html/wp-admin/js/xfn_indesit.php
/public_html/wp-admin/maint/repair_infoold.php
/public_html/wp-content/themes/its-a-girl/functions.php
/public_html/wp-content/themes/magazino/functions.php
/public_html/wp-content/themes/cleanpress/functions.php
/public_html/wp-content/themes/coller/functions.php
/public_html/wp-content/themes/vryn-restaurant/functions.php
/public_html/wp-content/themes/hanamoto/functions.php
/public_html/wp-content/themes/hanamoto/js/jqueryui/437a1895_backup.php
/public_html/wp-content/themes/preus/rtl_backup.php
/public_html/wp-content/themes/preus/functions.php
/public_html/wp-content/themes/preus/css/nivo/slider/themes/bar/bullets_indesit.php
/public_html/wp-content/themes/preus/inc/js/media-uploader_noversion.php
/public_html/wp-content/themes/sugar-and-spice/functions.php
/public_html/wp-content/themes/frau/functions.php
/public_html/wp-content/themes/the-erudite/functions.php
/public_html/wp-content/themes/gridster-lite/functions.php
/public_html/wp-content/themes/monaco/functions.php
/public_html/wp-content/themes/monaco/js/navigation_prevv1.php
/public_html/wp-content/themes/sketchbook/functions.php
/public_html/wp-content/themes/sketchbook/css/960_16_col_infoold.php
/public_html/wp-content/themes/sketchbook/doc/assets/e73dff55_noversion.php
/public_html/wp-content/themes/sketchbook/admin/options-interface_ver1.php
/public_html/wp-content/themes/market/functions.php
/public_html/wp-content/themes/Felice/functions.php
/public_html/wp-content/themes/dinky/functions.php
/public_html/wp-content/plugins/related-content-by-wordnik/_indesit.php
/public_html/wp-includes/SimplePie/Content/44dd7011_infoold.php
/public_html/wp-includes/SimplePie/HTTP/Parser_old.php
/public_html/wp-includes/SimplePie/XML/Declaration/Parser_backup.php
/public_html/wp-includes/Text/Diff/Renderer_bck_old.php
/public_html/wp-includes/Text/Diff/Renderer/inline_indesit.php
/public_html/wp-includes/js/thickbox/thickbox_backup.php
/public_html/wp-includes/js/mediaelement/controls_indesit.php
/public_html/wp-includes/js/tinymce/license_new.php
/public_html/wp-includes/js/tinymce/utils/form_utils_infoold.php
/public_html/wp-includes/js/tinymce/skins/3aa3d81d_noversion.php
/public_html/wp-includes/js/tinymce/skins/wordpress/images/video_ver1.php
/public_html/wp-includes/js/tinymce/skins/lightgray/fonts/tinymce_indesit.php
/public_html/wp-includes/js/tinymce/plugins/wpautoresize/plugin.min_bck_old.php
/public_html/wp-includes/js/tinymce/plugins/colorpicker/plugin.min_bck_old.php
/public_html/wp-includes/js/tinymce/plugins/compat3x/plugin_old.php
/public_html/wp-includes/js/tinymce/plugins/compat3x/css/dialog_new_prevv1.php
/public_html/wp-includes/js/tinymce/plugins/compat3x/css/dialog_new.php
/public_html/wp-includes/js/tinymce/plugins/wpview/plugin_infoold.php
/public_html/wp-includes/js/tinymce/plugins/hr/plugin_new.php
/public_html/wp-includes/js/swfupload/handlers_infoold.php

https://wordpress.org/plugins/better-wp-security/

Viewing 4 replies - 1 through 4 (of 4 total)

Thread Starter Jyn
(@jynmeyer)

10 years, 8 months ago

Updated to add that I manually removed the code inserted into these files, but I’m still not sure about what malware exactly your plugin detects?

dwinden
(@dwinden)

10 years, 8 months ago

@Jyn

I think you are (softly) barking up the wrong tree …

As of the iTSec plugin 5.0.1 release the Malware Scan feature leverages the Sucuri SiteCheck malware scanner.

They do have a disclaimer that says:

Disclaimer: Sucuri SiteCheck is a free & remote scanner. Although we do our best to provide the best results, 100% accuracy is not realistic, and not guaranteed.

dwinden

Thread Starter Jyn
(@jynmeyer)

10 years, 8 months ago

Right, and I understand that and did read that, but it seems to me that it isn’t even working 1% let alone 100%.
It caught 0% of the files in multiple areas so should I just figure that the malware scan is null, altogether, to use?

It gave me a 403 Forbidden Error when trying to scan so I’m not really sure what’s going on.

dwinden
(@dwinden)

10 years, 8 months ago

Contact Sucuri and explain them your issue.

dwinden

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Malware Missed in scan’ is closed to new replies.

Tags