I need help accessing my site and regaining access!
My domain is hosted by squarespace. I reached out but wasn?t sure if they can help.

What shall I do? I been locked out for almost 10 days!
Also, how can I remove the malware and start having back ups for my site in case this happens again?

/home/biohard1/e-negocio.com.br/wp-content/themes/radiate/functions.php: SL-PHP-FILEHACKER-vd.UNOFFICIAL FOUND
/home/biohard1/e-negocio.com.br/wp-content/themes/opSmartTheme/functions.php: SL-PHP-FILEHACKER-vd.UNOFFICIAL FOUND
/home/biohard1/biohardware.com.br/wp-content/themes/twentyseventeen/functions.php: SL-PHP-FILEHACKER-vd.UNOFFICIAL FOUND
/home/biohard1/biohardware.com.br/wp-content/themes/opSmartTheme/functions.php: SL-PHP-FILEHACKER-vd.UNOFFICIAL FOUND
/home/biohard1/cerebroharmonico.com.br/wp-content/themes/twentyseventeen/functions.php: SL-PHP-FILEHACKER-vd.UNOFFICIAL FOUND
/home/biohard1/aprovesuastartup.com.br/wp-content/themes/Avada-Child-Theme/functions.php: SL-PHP-FILEHACKER-vd.UNOFFICIAL FOUND
/home/biohard1/aprovesuastartup.com.br/wp-content/themes/old_Avada/functions.php: SL-PHP-FILEHACKER-vd.UNOFFICIAL FOUND
/home/biohard1/marcoquerini.com.br/wp-content/themes/optimizePressTheme/functions.php: SL-PHP-FILEHACKER-vd.UNOFFICIAL FOUND
/home/biohard1/marcoquerini.com.br/wp-content/themes/Total/functions.php: SL-PHP-FILEHACKER-vd.UNOFFICIAL FOUND
/home/biohard1/marcoquerini.com.br/wp-content/themes/dazzling/functions.php: SL-PHP-FILEHACKER-vd.UNOFFICIAL FOUND

Looks as though our website has been hacked and some spammy links are appearing on certain pages.

I used the Sucuri plugin to located some of the code within the theme header php file and cleared it off the home page but it’s as if there’s hidden pages within the website and links in the header.

I am unsure of what to do next to completely remove this from the site.

As a precaution we have updated to more secure passwords.

Many thanks for your help!

I downloaded a scanner Sucuri plugin and it just says “Yup! You have malware!”
I see in the source code this long strip of code that is apparently the malware:
var DCNJZNLZIM = String.fromCharCode(18 - 8, 123 - 5, 101 - 4, 118 - 4, 38 - 6, 112 - 5, 108 - 7, 127 - 6, 35 - 3, .....

I have looked in the header file of my theme, footer, page etc. Disabled all plugins and it still remains there.

How can I track it down and remove it??

Thanks!

I used your awesome tool (-Thank you!!!) to scan the site and it didn’t have any auto-fixes. It just showed suspected files. I went through and removed all of the code line by line and kept going back to the site to insure that it still worked.

Upon completing the process I scanned the site and it’s still popping out links for everything from the pills to cleaning up your credit.

Any idea what I can do to fix it? This is all a little over my head.

Here’s the sites:
livingyogacenter.net
raybif.com

(I’ve only tried it on raybif so far because it’s receives a lot less traffic. I figured I’d do the yoga site after I successfully fixing raybif)

https://www.ads-software.com/extend/plugins/gotmls/

How and where do I edit the HTML files in BBedit for the following pages:

domainname.com/2011
domainname.com/2011/10
domainname.com/2011/10/postname

I can’t seem to find this anywhere in the FTP files….

Please help.