site generating or hosting a virus (2 posts)

  1. kayakid
    Posted 7 years ago #

    When I open the site in IE 7, my anti-virus detects Mal HIFRM-3 and EXPL ANICMOO.GEN in wordpress.htm and curs.htm in the cache. After about 15 seconds, the page open in the browser morphs into something looking like a blank acrobat reader. The menu bar even changes.

    Since the file is php generated (as I understand it), I have no idea where to look for or where to clean.

    I clear the caches, reload and see the same behavior. It does not seem to effect other browser tabs.

    Luckily, I am still developing this site, so it is in a sandbox that is not advertised.

    Thanks in advance.

  2. gazouteast
    Posted 7 years ago #

    Delete the whole re-install from the server after saving your wp-contents folder to your local system - also before deletion, download your wp-config file and wp-settings file from wp-admin

    Virus scan etc your wp-content folder and clean as advised by your AV software (it might find nothing)

    Compare the file dates of your wp-content folders' files to those of your plug-ins, themes, and wp original files (the copies from before upload) - look for very recent file date and size changes - inspect those files for script injects.

    When your wp-content folders and files are "clean" change your database and FTP logins and passwords

    Re-upload WordPress
    Upload your cleaned wp-config and wp-settings files back to admin

    Copy up any files you customised (from your saved WP-content folders)
    Copy up clean plugin and theme copies from your original downloads

    Run the install, configure plugins and themes

    Your database will still be there.

Topic Closed

This topic has been closed to new replies.

About this Topic