trojan in body_class – how to remove?

  • villyskov

    (@villyskovgmailcom)


    8 years, 10 months ago

    if i remove body_class in my theme, then the trojan code is gone. It only appears in IE (not firefox or chrome)

    <body <?php body_class(); ?>>

    It is not coming from a plug-in, tried to disable them all.

    the <script> look like this
<div class="wntgbvcfqhh">dtdzel, kjlasksdjj, } if etc. </script>;

    How can i remove this?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator James Huff

    (@macmanx)

    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Thread Starter villyskov

    (@villyskovgmailcom)

    nav-menu.php
post.php
version.php

    was infected. It was easy to discover and fix with FileZilla.

    I downloaded the exact same wordpress version that was running, i my case 4.09. Upload -> Overwrite if file-size is different.

    could have found the same files with this terminal command:

    find . -mtime -150 -type f -iname "*.php"

    Now trojan is gone. I now want to tighten security with root as file owner and 644

    Moderator James Huff

    (@macmanx)

    And also please upgrade to WordPress 4.4.1 for the latest security fixes.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘trojan in body_class – how to remove?’ is closed to new replies.