Support » Plugin: Anti-Malware Security and Brute-Force Firewall » website still infected

Viewing 6 replies - 1 through 6 (of 6 total)
  • kalantor


    I have same problem i have send email and post topics in forums but still no answer



    We must wait someone to help us



    i has been over 30 hour so yeah we must wait :/



    If you’d like use
    It’s Japanese created malware scanner.



    Hi everyone, this is what I did to clean my website:

    I kept trying every wordpress plugin, most of them including this one showed me as clean but my site was still infected and redirecting.

    FINALLY I downloaded and installed “Bullet Proof Security” (just search for it in the wordpress plugins search, its free).

    When I did the Mscan in BPS (after doing their setup), I would get several “suspicious files” and “suspicious DB entries”. I went thru the “suspicious files” one by one, and deleted either the file or the plugin that they were a part of (deactivate then delete the plugin). Obviously, this can be done for non-critical plugins. If the plugin is critical for your website, then hopefully you have access to the original plugin source so you can re-install a “clean” one once your site is clear.

    I dont remember how many files/plugins I had to delete (5 or 6 I think) but eventually I killed the one that was infected (I checked for redirection after each plugin I deleted). I think the one infected for me was either WP-Optimize or Live Chat.

    So this is what I did and I am now clean. I run several security plugins now that hopefully harden me to having this happen ever again. Good luck.

    Plugin Author Eli


    I am sorry that you had to wait 14 hours for my reply, but I was asleep when you posted this. Please understand that I am only one person and I can only support my plugin when I am awake. I have reviewed the information you posted here and looked at your site. I can see this malicious script in your header in the midst of other scripts which are supposed to be there. This malicious script is already in my definition update, so I am not sure why it is not finding it on your site, but I would like to help you get to the bottom of this. If you have downloaded the latest definition and it the Complete Scan is still not finding it then there are two possibilities I can think of: either this script is further encrypted and obfuscated in some new way; or it’s now hiding in any of the file on your site, but rather stored in your database and dumped out in your HTML by some vulnerability in your theme or plugins.

    Can you please send you the header.php file for your active theme? If it’s not there I would need to know what other plugins you have installed.

    You can email files directly to me: eli AT gotmls DOT net

    I saw and replied to your post on my own forum asking for your domain, and you have not posted it there either. You said there that you have emailed me but I have no emails from you. Please try emailing me from another address and I will check my spam folder.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.