Strange Malware warning coming up on my site, please help! (10 posts)

  1. girlgonegeekblog
    Posted 5 years ago #

    So i've scanned my site using google safe browse and it came up clean. I also have WP Security scan and use that and my site doesn't come up with malware or viruses. BUT this warning came up when I went to my blog today and it's the same warning others have gotten.

    screenshot: http://www.girlgonegeekblog.com/wp-content/uploads/2011/08/Screen-shot-2011-08-21-at-6.53.03-PM.png

    The weird thing is that the warning says the site "newportalse.com" is suspicious BUT there isn't anything on the warning on girlgonegeekblog.com (my site). When I scan newportalse.com it comes out suspicious, when I scan my blog girlgonegeekblog.com it's fine.

    Does anyone know why is this popping up?

    BTW I'm still green to wordpress.

  2. esmi
    Forum Moderator
    Posted 5 years ago #

  3. Daniel Cid
    Sucuri.net Support
    Posted 5 years ago #

    Your site is compromised with malware (one of the .js files). Details here:


    It seems to be related to the timthumb.php infections we are seeing lately. So it might be something you want to check in your theme (or plugins).


  4. entreprenewer
    Posted 5 years ago #

    I'd love it if someone identified which plugin was introducing this malware to our sites... this is FRUSTRATING

  5. esmi
    Forum Moderator
    Posted 5 years ago #

    It's unlikely to be a plugin doing this. A hacker can enter at any point on a server.

  6. girlgonegeekblog
    Posted 5 years ago #

    I'm beyond stressed!

    Basically I found the timthumb.php and deleted the bad code from that and deleted the theme. I forgot that I never deleted the first theme downloaded but wasn't using (so so stupid).
    The bad java was: l10n.js

    Then secrui said my site was clean. BUT even after that I couldn't even access my wordpress dashboard because I kept getting malware warnings.
    The site popping up in the malware warning went from portalse.com to custom-wordpress.com. (before screenshot: http://www.girlgonegeekblog.com/wp-content/uploads/2011/08/Screen-shot-2011-08-21-at-6.53.03-PM.png)

    Then I found out there was still some malware in config.php and I removed that, but still no good.

    I also saw on a few posts that the bad code may be in a few places. I fear I have to reupload my blog. I'm not that good with wordpress and code, I only started this on wordpress.org about a month ago.

    I have my original wordpress.com xml from about a month ago. I also have several exported versions of my wordpress.org site. Will the wordpress.org stuff I downloaded from the dashboard > tools > export > export all, include any of the bad malware from the plugins and theme?

    Any suggestions for some really good and either free for reasonably priced anti virus plugins/software for wordpress?

  7. girlgonegeekblog
    Posted 5 years ago #

    thanks dd@sucuri.net!

  8. girlgonegeekblog
    Posted 5 years ago #

    I don't know if my site is clean or still has malware floating around somewhere. Any suggestions on how to fully scan every inch of the site to check for it. I'd be willing to pay for a anti virus/security software/plugin that isn't too expensive (indie blog) to get the job done right and keep malware off my blog. I've lost tons of hits these past few days.

  9. Mike
    Posted 4 years ago #

    I wrote a script that removes malicious code from javascript files so you don't have to do it by hand - you can remove other unwanted files like upd.php manually - perhaps you find my post useful: http://wordpresskeeper.com/knowledgebase/remove-mwjs2368-malware-from-your-wordpress/

  10. MrGamma
    Posted 4 years ago #

    If it helps, Google is very lenient with malware compared to the others. It is pretty slow to come around as well.

    For instance Sucuri might find malware right away, because the scanner is on demand, while Google only scans sporadically.

    Bing is reasonably harsher, as they might block you for extended periods of time, and they might block you even though no-one else is. Not sure why but it might have something to do with the different level of threats.

    The point is, all the malware scanners, whether it's a search engine, or on demand scanner,, have a tendency to find different problems.

    So you should pay attention to them all, most likely, especially if your clients or visitors are using another search engine like Bing.

    Hope that helps.

Topic Closed

This topic has been closed to new replies.

About this Topic