Malware Detected by Chrome

Where are you hosted with?

We’re hosted under https://www.doublebweb.net/.

same in servage.net

https://www.google.es/support/forum/p/Webmasters/thread?tid=39907801f6c83cde&hl=en

It seems to be something with th JavaScript files

First steps is acting accordingly to that page :
https://codex.www.ads-software.com/FAQ_My_site_was_hacked

Next you can come back and things will get more “productive” ??

https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

https://sitecheck.sucuri.net/scanner/

Hi. Lynne and I are from the same site. I handle most of the technical stuff. We scanned using the sucuri tool at and we saw that it is in some of the plugins. I was able to remove most of it, but I don’t know how to access this jscript since it’s not in one of the plugins installed:

https://www.lynne-enroute.com/numlock/wp-includes/js/jquery/jquery.js?ver=1.7.1

It showed the malware code in it and if I just know what file that is, I can access it in the Editor and delete the malware code. Can anyone help me in what part of the WordPress admin I can look for this script?

Thanks in advance

That’s part of wordpress core. You don’t have access to it via the admin dashboard. You’ll have to grab it via FTP, edit it, and re-upload it.

I have this same issue now

Anyone managed a temporary solution?

Oh ok. Thanks for the feedback. I’ll get in touch with our hosting service about it

A lot of people also have the same problem, thread can be found at: https://www.google.im/support/forum/p/Webmasters/thread?tid=39907801f6c83cde&hl=en

Would be very interested to know of a fix that does not involve starting from scratch and reinstalling everything.

Does anyone know if WP have a virus/malware scanner inbuilt or as plugin?

I just had the same problem. It seems ALL the .js files in my installation were modified at 1:23 am this morning.

I learned this by doing a scan with sucuri.net

The following code was included at the bottom of each file.

[Code moderated as per the Forum Rules. Please use the pastebin]

I just downloaded all my wordpress installation… used notepad++ to run a search and replace in files …. then uploaded the whole thing again, overwriting all files from the server with the newly corrected files.

Sucuri.net re-scan.. and all clean..

This is a temporary solution as I am not sure where the hackers got in, or what caused the problem… so I am sure it will come up again..

If anyone else knows the source of the problem… please let us know!! ??

Hope this helps you all.

One of the most common ways these hacks start is a compromised FTP password that was picked up by malware on a Windows PC. I recommend the following:
– scan your PC for viruses and trojans,use more than one scanner
– change your FTP password
– don’t use Windows as an FTP client
– if you must use Windows, don’t use the same machine for casual surfing
– if you must surf from that machine don’t use Internet Explorer(especially old versions)

/peter

Fair play to Securi, had forgotten about that site

Was using Totalvirus.com and was showing the site as clean.

Back online properly again. If they got in by guessing my FTP password fair play to them, mine is 14 characters long and I don’t save passwords in Filezilla. I am at a loss at how all these malware can keep getting into my site.

Check your PC, you may have a key logger.
/peter

I’ve ran Bulldog Internet Security, Spybot S&D and A Squared looking for anything on the machine.

Any other scanners reccomended?