About the get_data_ya malware

  • Resolved RenderWarrior

    (@web4people)


    2 years, 3 months ago

    Hello!
    I found that malware script in a blog of a friend.
    As you told here https://www.ads-software.com/support/topic/global-zeeta-not-being-found-by-gotmls/, the script was generated in a single file (/wp-includes/header.php) but also in every function.php within my themes (master and child).
    Not sure if you need the code (I can send it to you).
    Also I found a class-wp-http-netfilter.php file full of IP addresses, but nothing on the files that requires it… probably they went in, used a script, removed it and left the ip list and the infected files.

    Does your plugin recognize this kind of malware? (I’m doing a scan, but probably I was faster and I found all the occurrences)

    Thanks a lot!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Eli

    (@scheeeli)

    What were the results of the scan and how long did it take (normally less than an hour for a Complete Scan)?

    My plugin should find this type of threat and remove it for you but there are sometime new variants that need to be added to my definition updates.

    You can send me the infected files that you found and I will check them.

    Thread Starter RenderWarrior

    (@web4people)

    the scan found nothing, but during the scan I was actively searching for the code within the files, so probably I removed everything before the scanner found something.
    How can I send you the code I found?
    thanks!

    Plugin Author Eli

    (@scheeeli)

    Please email the files directly to me as attachments:
    eli AT gotmls DOT net

    Plugin Author Eli

    (@scheeeli)

    Thanks for sending me that file. I confirmed that threat is already in my definitions, so it would have have found and removed it for you if you had not already removed it ??

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘About the get_data_ya malware’ is closed to new replies.