Title: malware with Last modified: March 14, 2020 --- # malware with * Resolved [kyodev](https://wordpress.org/support/users/kyodev/) * (@kyodev) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-with/) * contrary to what is said here: [https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-builder-plugin-affecting-over-100000-sites/](https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-builder-plugin-affecting-over-100000-sites/) the version 3.64.1 does not resolve the issue * I had the header.php infected, with a clean wordpress, theme and plugin * I had to delete the plugin to prevent a redirection to step.xxxx.com/r.php?id = * nothing in the database * see also: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10195) [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10196) - This topic was modified 6 years, 2 months ago by [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/). - This topic was modified 6 years, 2 months ago by [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/). Viewing 3 replies - 1 through 3 (of 3 total) * [Sygnoos](https://wordpress.org/support/users/sygnoos/) * (@sygnoos) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-with/#post-12544127) * Hi [@kyodev](https://wordpress.org/support/users/kyodev/) , * Please follow the instructions below: * 1) Cou please make sure you have updated the plugin to the latest version 3.64.1. 2) Inside the popup settings from ‘Custom JS or CSS’ [https://prnt.sc/rgcdqa](https://prnt.sc/rgcdqa) please remove all unknown codes and save the popup. * We are sorry for any inconvenience. * [Sygoos Support Team](https://wordpress.org/support/users/sygnoossupportteam/) * (@sygnoossupportteam) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-with/#post-12555687) * Hi [@kyodev](https://wordpress.org/support/users/kyodev/), * How are you today? We are wondering whether everything is fine on your end. Moreover, after the last update (3.65) which was implemented due to the security reasons, the custom JS scripts were deleted. This was intentional update which we had to do in order to keep the websites of our customers safe and secure. Please try to add them again and let us know in case of any questions. Our team is apologizing and we hoping that our customers can be understanding due to the circumstances. * Thread Starter [kyodev](https://wordpress.org/support/users/kyodev/) * (@kyodev) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-with/#post-12560294) * sorry for the response time (many work in France presently) * I did not delete the plugin correctly (I guess I used `wp delete` instead of ` wp uninstall`) * new test with the initial database and version 3.64.1 : * 1. `wp plugin uninstall --deactivate popup-builder` works fine and the database is properly cleaned * 2. manual method by removing js code is ok too * for information: my character string to search was: dest.collectfasttracks.com * \` wp db search ‘String.fromCharCode(104,116,116,112,115,58,47,47,100,101,115,116,46,99,111,108,108,101,99,116,102,97,115,116,116,114,97,99,107,115,46,99,111,109’ * \` grep -Iinrl ‘[https://dest.collectfasttracks.com/’](https://dest.collectfasttracks.com/’); wp-content/ wp-content/themes/xxx/header.php ` Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘malware with’ is closed to new replies. * ![](https://ps.w.org/popup-builder/assets/icon-128x128.gif?rev=2698840) * [Popup Builder - Create highly converting, mobile friendly marketing popups.](https://wordpress.org/plugins/popup-builder/) * [Frequently Asked Questions](https://wordpress.org/plugins/popup-builder/#faq) * [Support Threads](https://wordpress.org/support/plugin/popup-builder/) * [Active Topics](https://wordpress.org/support/plugin/popup-builder/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/popup-builder/unresolved/) * [Reviews](https://wordpress.org/support/plugin/popup-builder/reviews/) * 3 replies * 3 participants * Last reply from: [kyodev](https://wordpress.org/support/users/kyodev/) * Last activity: [6 years, 2 months ago](https://wordpress.org/support/topic/malware-with/#post-12560294) * Status: resolved