Support » Plugin: Anti-Malware Security and Brute-Force Firewall » Site infection: MW:JS:GEN2?rogueads.unwanted_ads.1

  • Resolved mariuszo

    (@mariuszo)


    Hi Eli!
    Maybe you can help me find a solution for my problem: my website was infected with MW:JS:GEN2?rogueads.unwanted_ads.1 malware. I was using diferent security plugins trying to clean infection but no luck. I removed non standard core files, malicious code from theme function.php files, etc. Symptoms (random popup ads on menu items clicks) still existed.
    So i have instaled wordpress and plugins from scratches, only imported database copy.

    Now it looks like symptoms are gone but Sucuri scanner continously shows that website is infected: https://sitecheck.sucuri.net/results/matpol.no

    I have installed your plugin but scanner says it’s clean – no threats, no infected files.
    Additionally offline files search for infection scripts and phrases gives no result.

    Du you have experience with similiar issue or maybe you know what is going on? ๐Ÿ™‚

    Thank you in Advance!

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Eli

    (@scheeeli)

    Actually, your site is now clean. Sucuri caches their scan results so the link that you posted here was old and not relevant any more. I could see at the bottom of that page this note:
    *Cached results from the last 24 hrs.
    When I clicked on the “Force a Re-scan” link to clear the cache the site shows that it’s clean ๐Ÿ˜‰

    I knew that you are the only hope! ๐Ÿ˜‰
    Thx for explanation.
    I think your plugin (donate version) will stay permanently installed on my website ๐Ÿ™‚

    Cheers!

    getlusive

    (@getlusive)

    Hi,
    I’m hoping to get any help I could get as well. I used the plugin to scan my website and didn’t find the same script as Sucuri:

    https://img15.hostingpics.net/pics/895973Capture2.jpg

    <script type=”text/javascript” src=”//go.onclasrv.com/apu.php?zoneid=1453906″></script>

    https://sitecheck.sucuri.net/results/www.estetikatour.mobi

    Do you know how to remove the error found by Sucuri ?

    hi there,
    i managed to clean this kind of virus but what is strange to me is that this virus infects my themes even when i work on localhost. i download a clean copy of everything (WP, theme, plugins etc), then after i work on the new site for a while i realize that the virus code on the functions.php file appears and also the files on the โ€œwp-includesโ€ folder.
    i made a virus check with Avast on the whole computer and it didnt find anything.
    how can i find how this is infecting my files on localhost.
    i think i have it somewhere on my computer which infects my themes before i upload them to the internet.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.