Support » How-To and Troubleshooting » Malware Removal

Malware Removal

  • I need malware remove from the site: blog.bronxlabschool.org please. I have no idea how to do this? Can WordPress do this?

    See below from a Sucuri Scan.

    Malware found on javascript file: http://blog.bronxlabschool.org/wp-content/themes/TheCorporation/js/DD_belatedPNG_0.0.8a-min.js
    Malware found on javascript file: http://blog.bronxlabschool.org/wp-includes/js/l10n.js?ver=20101110
    Malware found on javascript file: http://blog.bronxlabschool.org/wp-includes/js/jquery/jquery.js?ver=1.6.1
    Malware found on javascript file: http://blog.bronxlabschool.org/wp-content/themes/TheCorporation/epanel/shortcodes/js/et_shortcodes_frontend.js?ver=1.6
    Malware found on javascript file: http://blog.bronxlabschool.org/wp-content/themes/TheCorporation/js/jquery.cycle.all.min.js
    Malware found on javascript file: http://blog.bronxlabschool.org/wp-content/themes/TheCorporation/js/jquery.easing.1.3.js
    Malware found on javascript file: http://blog.bronxlabschool.org/wp-content/themes/TheCorporation/js/superfish.js
    Malware found on javascript file: http://blog.bronxlabschool.org/wp-content/themes/TheCorporation/epanel/page_templates/js/prettyphoto/jquery.prettyPhoto.js?ver=3.0.3
    Malware found on javascript file: http://blog.bronxlabschool.org/wp-content/themes/TheCorporation/epanel/page_templates/js/et-ptemplates-frontend.js?ver=1.1
    Suspicious conditional redirect on: http://blog.bronxlabschool.org

Viewing 2 replies - 1 through 2 (of 2 total)
  • 1) First, do you have a “clean” back-up of your site, if so, just restore it from that.

    2) If #1 doesn’t apply, do the following, check all .htaccess files, index.php files and any include files or theme files you may be using.

    3) Remove any code that you find in your “legitimate” files that matches any of the following (Note – this isn’t an all exhaustive list, it’s the most common issues I’ve seen):
    a. “eval(base64_decode(…..”
    b. “edoced_46esab…”
    c. “getMama…”
    d. “115,99,114,105,112,116….”
    e. “document.write(‘<iframe…..”

    4) Look for any php files in any image, css, upload, download, etc directories that would not normally have a php file in them. Check the file contents for base64 strings and thing that point to it being a php shell such as “FilesMan”, “c999sh”. If you find files like this, DELETE THEM.

    5) Once you’ve cleaned your site – UPGRADE it if you are not running the latest version to remove any possible publicly available vulnerabilities.

    6) Also I would recommend checking permissions; files should be at 644 and directories at 755 (this depends on your hosting company/server – this is the most common setting).

    7) Once you have completed all those steps, go to http://www.google.com/webmasters and if you don’t already have an account create one (Obviously if you have one – skip this step).

    8) Once you’ve created your account, add your site, then on the left hand side, click on “Health”, “Malware” . If they have you flagged, and you have cleaned your site, submit it for re-evaluation. This usually will take between 48-72 hours before you are cleared.

    Hope this helps!

    I’m glad I found this topic! Thanks for the how to, it’s really helpful! I also found some other tutorials on the web which helped me a lot.


    I went through all of them and finally I think I’ve got rid of the stupid malware and my blog works again. Now just waiting for Google to check it!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Malware Removal’ is closed to new replies.
Skip to toolbar