Title: problem with http://genericstts.com/init.min.js
Last modified: August 21, 2016

---

# problem with http://genericstts.com/init.min.js

 *  [efiga](https://wordpress.org/support/users/efiga/)
 * (@efiga)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/)
 * Hi i want to remove [http://genericstts.com/init.min.js](http://genericstts.com/init.min.js)
   from my wordpress site
    it’s show’s popup in my website
 * how to remove it please ? ?

Viewing 15 replies - 46 through 60 (of 61 total)

[←](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/3/?output_format=md)
[1](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/?output_format=md)
[2](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/2/?output_format=md)
[3](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/3/?output_format=md)
4 [5](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/5/?output_format=md)
[→](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/5/?output_format=md)

 *  [deniz87](https://wordpress.org/support/users/deniz87/)
 * (@deniz87)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150884)
 * Deactivate this plugin: GD Star Rating
 * Solved…
 *  [deniz87](https://wordpress.org/support/users/deniz87/)
 * (@deniz87)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150885)
 * [http://wordpress.org/support/plugin/gd-star-rating](http://wordpress.org/support/plugin/gd-star-rating)
 *  [Rudy64](https://wordpress.org/support/users/rudy64/)
 * (@rudy64)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150886)
 * Found it!
 * Gosh dang it! That hack of a “designer” used a nulled plugin on our site. The
   plugin is called “Coming Soon Pro” and sure enough, at the very bottom of the
   file, I found this:
 * <?php include (‘images/social.png’); ?>
 * And sure enough, social.png is a PHP file full of a confusing array of function
   names and Base64-obfuscated code.
 * Now I don’t trust anything this designer did, and I’m going to do a more intense
   search.
 * I don’t know what’s worse. A professional coder who knowingly installs nulled
   scripts, or a clueless amateur design hack who has no clue about server security
   and the respect of copyright!
 * Props to [@mreee](https://wordpress.org/support/users/mreee/) and [@delraycomputers](https://wordpress.org/support/users/delraycomputers/).
   And everyone else who chipped in. Thanks much!!
 *  [Rudy64](https://wordpress.org/support/users/rudy64/)
 * (@rudy64)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150887)
 * [@deniz87](https://wordpress.org/support/users/deniz87/): that plugin no longer
   exists. Go to that page you linked to, and click on “Description”. It was probably
   removed for having that vulnerability injected into it.
 *  [galanbr](https://wordpress.org/support/users/galanbr/)
 * (@galanbr)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150888)
 * As I said, some obfuscated code in image format.
 * Remove the false social.png image and the code for inclusion in the theme functions.
   php file apparently solved the problem.
 * Thank you to the friend, mreee by locating where.
 *  [Rudy64](https://wordpress.org/support/users/rudy64/)
 * (@rudy64)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150891)
 * This just shows that even using grep, the code was obfuscated so we would not
   find it. What I may do (when I’m back from my travels in a couple of weeks) is
   write a regular expression that would find the words “include” or “require” referencing
   popular non-text files such as .png, .jpg, .pdf, etc. in the same statement, 
   and use that with grep as a security tool. With this theme and plugins the designer
   installed, I cannot trust anything, and I find he sourced our theme from a nulled
   script source as well.
 * Anyone who uses nulled scripts deserves this, in my opinion. But when a third
   party, supposedly a professional, installs this in an otherwise legitimate setting
   such as ours, it opens us up to both severe server vulnerabilities and legal 
   liabilities for running stolen software.
 *  [Jignesh Boricha](https://wordpress.org/support/users/jigu4net/)
 * (@jigu4net)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150892)
 * Hi! to all
 * I have also solved this problem in my site today. Thanx for all you guys who 
   have posted their answers here.
 * I was having the same problem, I have tried out so many thing in past week. I
   have disabled all plugins changed theme but problem do continues.
 * At last I have decided to deactive all plugins and active them one by one and
   check for the script. I have found one plugin causes the problem, So I have debug
   the plugin. At the very end of the sript it includes a “Social.png” file and 
   found that it not used at all anywhere in my site. So I have simply deleted that
   image.
 * And then checked and guess what the problem is solved. So much relief this time.
 * I hope it may help you to you guys.
 *  [JeroenVerhoef](https://wordpress.org/support/users/jeroenverhoef/)
 * (@jeroenverhoef)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150894)
 * Dear all,
 * I ran into the same issue and I am wondering if you guys have already figured
   out which plugins have caused this issue. I don’t seem to have installed any 
   suspicious ones..
 * We have solved the issue by removing the social.png file and the reference from
   the functions.php file. It now is gone, but as far as we can see this is a pretty
   serious exploit.
 * It is probable that all admin passwords and db user passwords have been compromised
   as well as visitor data, so this is quite serious.
 *  [Rudy64](https://wordpress.org/support/users/rudy64/)
 * (@rudy64)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150895)
 * Yes, it is a serious exploit.
 * I would say that based on this discussion, two things are in common:
 * 1) The exploit has showed up in different plugins and/or themes, not any single
   one;
 * 2) Many of these were from illegally obtained “nulled” scripts, for which I have
   to say, if you steal software, you deserve what you get. As a former coder myself,
   I think those who use pirated, stolen software are as low on the food chain as
   those who null and distribute them to begin with. Sorry. Theft of intellectual
   property totally rubs me the wrong way.
 * There are ways the exploit can be injected into plugins or themes that come through
   official channels, as I found one plugin listed above which is now removed from
   the WP plugin repository (the support thread remains, but the plugin is no longer
   listed). It is rare, but it can happen. I always try to download either through
   the WP system, or directly from the publisher’s site. And yes, my clients pay
   if a license is needed for the product. That’s non-negotiable with me.
 * In my case, it was a nulled script. Someone had recommended we use this designer,
   who I think did this as a freebie favor for our site owner. The exploit turned
   up when the site quit loading (waiting for the non-responsive genericstts.com
   site to load). That was my clue something was wrong, but I didn’t see how wrong
   it was until investigating further. Turns out this designer not only used at 
   least one nulled plugin (Coming Soon Pro), he also used a nulled version of the
   Bolid theme by ThemeForest. Both were obtained from a directory that links to
   nulled WordPress themes and plugins.
 * So, in our case, this was put on our server without our knowledge, thinking we
   could trust this hack. He had no clue: he did not know his way around a typical
   WP installation. He bitched about our multisite setup being “some strange way
   you have this set up”, and the only way he knew to get a theme and plugins up
   was to upload the complete directory from his computer. Needless to say, he’s
   _persona non grata_.
 * I posted this simply as a warning to be careful when subcontracting or accepting
   the unknown work of others. Pirated (nulled) software is illegal, which opens
   the site owner up for all sorts of legal liabilities. And the exploit could have
   compromised our server and data integrity. Using this nulled garbage is a recipe
   for trouble.
 *  [kasem123](https://wordpress.org/support/users/kasem123/)
 * (@kasem123)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150896)
 * That’s What Happens when you mess up with **nulled themes** xD
 *  [JeroenVerhoef](https://wordpress.org/support/users/jeroenverhoef/)
 * (@jeroenverhoef)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150897)
 * I understand. The strange thing though is that we have bought the theme from 
   SwiftIdeas on Themeforest. They are premium template designers, I cannot image
   them using nulled scripts.
 * I only installed plugins from the official WordPress website and still we got
   affected by this exploit.
 * We have now shut down out complete server and are in the progress of deploying
   WordPress on another one. We will try to figure out by trial and error which 
   plugin installed this malware.
 * Do you have any clues on what the malware caused on your servers? It looks like
   all user accounts were compromised and a backdoor onto our server was made. Any
   idea of this what they were after?
 *  [Rudy64](https://wordpress.org/support/users/rudy64/)
 * (@rudy64)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150898)
 * [@jeroenverhoef](https://wordpress.org/support/users/jeroenverhoef/), our theme
   was from ThemeForest also, but the problem we had is that the designer we supposedly
   trusted had downloaded the theme and the bad plugin from a site that distributes
   nulled scripts, rather than doing the professional thing and paying for them.(
   I do not want to post that URL publicly.)
 * Personally I don’t like this theme (or anything from ThemeForest for that matter),
   but the site owner liked the layout of it and the features.
 * If you do find the plugin or theme is infected with this, please report it. If
   the plugin came through wordpress.org, there must be a way to report it so others
   do not get affected.
 * Our site was not yet live, and security is very strict (we protect the wp-admin
   directory with both password and IP restrictions), so we were not compromised.
   Still, I have reset everyone’s password to be safe, and I can easily restore 
   from an old backup since we only have half a dozen posts ready for the preview.
 *  [Nick Papazetis](https://wordpress.org/support/users/papazetis/)
 * (@papazetis)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150918)
 * Hi guys. I didn’t read all the answers you gave.
 * I found the solution here
    [http://siteber.com/how-to-remove-genericstts-cominit-min-js-malware-script/](http://siteber.com/how-to-remove-genericstts-cominit-min-js-malware-script/)
 * Take a look.
 * This is a malware because i install a nulled plugin.
 * I took my lesson now. Only original plugins guys.
 *  [Rudy64](https://wordpress.org/support/users/rudy64/)
 * (@rudy64)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150919)
 * I don’t think this so-called “designer” we used has any idea how much extra work
   he has created for me.
 * I thought I had scanned everything, yet I had to keep this theme in place since
   the designer directly modified the files in the theme, vs. doing it the proper
   way by putting modifications into a child theme.
 * Today I found another issue. I clicked one of the links in the menu bar, and 
   I got redirected to a totally unrelated video on YouTube (Justin Beiber tripping
   while playing basketball–a video title that attracts viewers in other words).
   This video, of course, is “monetized” and plagued with ads. Now I don’t know 
   if this is in the theme, or in yet another plugin which is tainted! (This menu
   link normally points to a “glossary” which is populated by a plugin.) Yet a second
   time I click the link, it goes to the proper destination. This behavior reminds
   me of how clever our “genericstts” exploit was–it would only appear when logged
   out.
 * Needless to say, I am at the point of scrapping the entire project and starting
   over. The only thing usable is the logo this guy made. I can redesign it similarly.
 * I personally know better than to installed nulled scripts, but ended up having
   this mess made by a third party dumped in my lap anyways…
 *  [Zak Chapman](https://wordpress.org/support/users/naimbic/)
 * (@naimbic)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/4/#post-5150926)
 * I think you have a Mal-ware into your Plugin or your Theme.
    If you can Log-in
   to your cPanel, go to File Manager and search for social.png, if found go to 
   its locations and right click then edit, if the image shows a code its a Mal-
   ware, if not it`s fine… case of php code: first delete social.png file then i
   suggest you download your theme or plugin that you found the social.png into 
   it and use a free software like “seek” or “[FileSeek](http://www.fileseek.ca/Download/)“
   for search into all files including *.php of the code that calling the socail.
   png, after find the code delete it, you are done. BTW change all your login information
   including DB…

Viewing 15 replies - 46 through 60 (of 61 total)

[←](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/3/?output_format=md)
[1](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/?output_format=md)
[2](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/2/?output_format=md)
[3](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/3/?output_format=md)
4 [5](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/5/?output_format=md)
[→](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/5/?output_format=md)

The topic ‘problem with http://genericstts.com/init.min.js’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 61 replies
 * 17 participants
 * Last reply from: [galanbr](https://wordpress.org/support/users/galanbr/)
 * Last activity: [11 years, 7 months ago](https://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/5/#post-5150927)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics