Hi Ak71
I have had the exact same problem today on 2 separate sites on separate servers.
Did you follow the instuctions in the links above and did it solve the issue?
Thanks
Thread Starter
akedv
(@ak71)
i deleted all the wp-files, just kept some clean directories in wp-content (images & stuff) and wp-config.php & .htaccess, copied all the files from a clean & updated (local) mirror of the site, deactivated the 2 previously infected plugins, changed some stuff in .htaccess, changed some of the keys in wp-config.php.
did occure twice since yesterday, the last time about 5 mins after activating the 2click-social media plugin, but not anymore after deactivating these 2 “suspicious” plugins, all clean till now *fingerscrossed*
which theme are you using, which plugins installed/infected?
We started having problems a few days ago, but I couldn’t pin anything down other than a redirect virus of some kind.
This thread suggested http://sitecheck.sucuri.net/scanner/ which quickly identified the code infecting about 6 JavaScript files. It was the Java:Blackcole-A[Trj].
I opened each file and deleted the malicious code, which was tacked onto the end of each file. Once all the files had been updated, I cleared my browser cache (Mac Safari) and it looks like the site is back up again. Another scan by Sucuri confirmed the threat had been removed.
Additionally, all administrators on our site have changed passwords.
Thanks fbraswell, your advice worked perfectly.
I just used http://sitecheck.sucuri.net/scanner/ then uploaded fresh files of the JS files that were affected. Problem solved. Changed all passwords also.
