Malware

  • Hello everyone,

    I am really struggling with a website that has malware. It started a few weeks ago where the site would just go down, i wouldn’t even have access to WordPress. I needed to contact the ISP to replace core files in order to give me access again.

    Once back in i scanned the site with imunify and it found lots of infections, after cleaning out all the malicious code i ran the scan again and it was clean. I then scanned with wordfence and it was clean. I then scanned again half an hour later with imunify and 35 new infections, scanned again with wordfence and no infections.

    My eset anti-virus also thew up a warning when visiting the site JS/Agent.RRO was found.

    So something is re-infecting the site and I have no idea how to solve this, your help would be greatly appreciated.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Take a look at this article: https://www.ads-software.com/documentation/article/faq-my-site-was-hacked/

    It is possible that the attacker has created a user account. Check whether there are any users there who are unknown to you – especially administrators.

    You should also change all passwords – not only of the users in WordPress, but also of the hosting.

    Check via FTP to see if there are any unknown files there. Delete these if possible.

    Overall, this type of cleanup could be time-consuming. It would be easier if you imported a backup from the time before the hack. Delete all files and the database in the hosting beforehand. Only then can you be sure that you have a really clean system.

    Also take a look at this article: https://developer.www.ads-software.com/advanced-administration/security/hardening/

    Thread Starter matthewdaleedwards

    (@matthewdaleedwards)

    Thanks for getting back to me.

    I have reset all passwords the first time this happened a few weeks ago so that has not helped. No odd user accounts in word press or ftp.

    I dont have a local copy of the site and the host only keeps 20 days of backups and I know the first time this happened was over 20 days ago so i dont have an option to restore a clean copy.

    I dont unerstand why WordFence and other scanners i have used detect no malware but if i use Imunify in Cpanel it detects more and more with every scan, its obviously continuously replicating. And becasue WordFence isnt detecting anything i cant repair or delete the files.

    Have followed as many articles as i can find but nothing seems to be a permanent fix.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.