bmerigan
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: wp-feed.phpThere’s should be enough info here for you to find and remove it.
Just remember accessing your webpage reinstalls it if you’ve not removed every malicious file.Forum: Fixing WordPress
In reply to: wp-feed.phpSome good info here:
https://www.rastating.com/malware-being-distributed-with-wordpress-plugins/amp/Forum: Fixing WordPress
In reply to: wp-feed.phpWhen the files are changed, the malicious code also resets the modified date back to what it was, so you can’t tell that way.
Forum: Fixing WordPress
In reply to: wp-feed.phpI doubt you need “any other idea”. The issue and solution are listed in the replies to the original issue in this topic.
Look at the start of functions.php, there is likely a malicious file being “included” there.
I’ve seen both class.theme-modules.php and class.plugin-modules.phpThe files you should check for and delete:
wp-feed.php
wp-vcd.php
wp-tmp.php
Remove code from the start of all the functions.php files.
Delete multiple copies of class.theme-modules.php or class.plugin-modules.phpYou must check every folder and check every functions.php you find.
- This reply was modified 8 years, 2 months ago by bmerigan.
Forum: Fixing WordPress
In reply to: wp-feed.phpMy experience was from downloading a theme from a ‘free’ site instead of from the original creator/source.
The site I got it from was dodgy, and only supplying infected themes.My experience was that I installed an infected theme which contained the malicious code and files.
Forum: Fixing WordPress
In reply to: wp-feed.phpAs I said earlier, these files too:
Multiple copies of class.theme-modules.php
And remove a bunch of code from the start of all the functions.php files.Check ALL of the functions.php files in the theme, and delete ALL of the class.theme-modules.php
These can be found in multiple locations in a theme. If the theme is loaded before they are all removed then the other files come back.Forum: Fixing WordPress
In reply to: unknown ad popups on my wp websiteI’m assuming the please and thank-you is a language barrier thing…
Don’t worry, I checked very thoroughly.
Forum: Fixing WordPress
In reply to: unknown ad popups on my wp websiteYep.
I have that 0.1% niggling feeling of doubt, but pretty sure it’s all cleaned up now.Forum: Fixing WordPress
In reply to: unknown ad popups on my wp websiteI found this infection in my WordPress site. It came from a theme which I installed from an unofficial source. (live and learn I guess).
It logs the IP address of authenticated users and won’t show the ads to those uses. Smart.
The malicious files I found in my wp-includes directory:
wp-feed.php (This file contains the IP addresses of authenticated users)
wp-vcd.php
wp-tmp.php
The files I found throughout my theme:
Multiple copies of class.theme-modules.php
A bunch of code at the start of most functions.php files.- This reply was modified 8 years, 5 months ago by bmerigan.
Forum: Fixing WordPress
In reply to: wp-feed.phpI found wp-feed.php in my wp-includes directory.
It is part of a malware infection. That file contains the IP addresses of users who have logged in to the WordPress site. It doesn’t show the injected ads to users who have authenticated.The files you should check for and delete:
wp-feed.php
wp-vcd.php
wp-tmp.php
Multiple copies of class.theme-modules.php
And remove a bunch of code from the start of all the functions.php files.- This reply was modified 8 years, 5 months ago by bmerigan.