WordPress.org

Support

Support » How-To and Troubleshooting » [Resolved] WARNING MALWARE DETECTED

[Resolved] WARNING MALWARE DETECTED

  • Hi all,

    Just a quick question. I have been told that there is a problem with my site and that a Malware has been detected. I presume this is a virus.

    Is there an easy way to find out the cause of this virus…..

    James

Viewing 11 replies - 1 through 11 (of 11 total)
  • what is your url?

    The URL is http://www.surreybeekeeper.co.uk

    Thanks for the help.

    James

    I have scanned your site with sitecheck.sucuri.net/scanner and malware has been detected in the following file:

    http://www.surreybeekeeper.co.uk/wp-includes/js/l10n.js?ver=20101110

    Maybe you could try deleting this file and seeing if it makes a difference?

    Maybe you could edit the file to remove the malware – Scan the site for yourself to get full information on where the malware is located.

    Hope this helps.

    James Gander

    Thanks James, really appreciated.

    I will just have to locate that particular file as have no idea what it might be. Can only think it is an image I must have uploaded.

    Will take a look, thank you.

    James

    Ok, hope it works. I think the file is a javascript file, rather than an image, which could have been uploaded through a theme or plugin, or you site might have been hacked. Can I suggest that once you’ve deleted the file you change any administrator passwords just to be on the safe side.

    Let me know if you have any success.

    James Gander 🙂

    Thanks James,

    Just to help me find this javascript file can I find it using the URL that you sent through to me?

    That might speed up the process.

    Thanks

    James

    You’ll need an FTP connection to delete this file easily.

    If you have one, log on to the server and navigate to “/wp-includes/js/” then delete the file called “l10n.js”

    Hopefully that should do the trick.

    If you encounter any problems with the site after deleting the file let me know and i’ll post the version of the file without the malware included, as well as instructions on how to re-create the file.

    Hi all,

    Just gone into my FTP and deleted that file. Does there appear to be a virus on the site when you go in now?

    Thanks for your help thus far.

    James

    I did not get any warning

    Great, thank you for letting me know. Much appreciated.

    James

    This attack could have infected more than just that file. So far these four WordPress files could have been infected in this widespread attack. Please examine these four files before taking any action on them.

    /wp-config.php
    /wp-settings.php
    /wp-includes/js/l10n.js
    /wp-includes/js/jquery/jquery.js

    Also these malicious files could be uploaded/created. All of these below can be safely deleted/removed.

    /wp-admin/common.php
    /wp-admin/upd.php
    /wp-admin/js/config.php
    /wp-content/2b64c2f19d868305aa8bbc2d72902cc5.php (or similar)
    /wp-content/themes/[theme’s name]/temp/eab9c5e9815adc4c40a6557495eed6d3.php (or similar)
    /wp-content/upd.php

    Possibly also:
    /wp-content/uploads/feed-file.php
    /wp-content/uploads/feed-files.php

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘[Resolved] WARNING MALWARE DETECTED’ is closed to new replies.