Malware Detected by Chrome

Im having the same problems.

I had to replace every js file, and now, it now, it only appears when I try to access to the admin panel (/wp-admin/).

When I use Sucuri, it says “WordPress version outdated: Upgrade required”, but I have 3.3.1 version. I have tryied re-installing it, but I was unlucky. Any help?

I think is a problem relates to the theme. I don’t why, but I think the theme was also infected.

Updated: I managed to solve “WordPress version outdated: Upgrade required” problem, I just uploaded again my theme. However, It still appears the malware warning when I try to enter to the admin panel.

Besides, if I try to add a new post, my antivirus (Eset Nod32) detects a trojan: Agent.Nef Trojan.

What is happening?

A quick look on Google lists Agent-nef as a Windows based Trojan that steals credentials and provides a back door into the system. It sounds like a serious threat.

I just finished cleaning all the infected files off my site as well. Just FYI, I also found malicious code on my site in a “theme” called “config”. The folder had three .php files in it – yup, main, and configs. Be on the lookout for those also, just in case…

I got it with the 31.184.242.102 “harmful” google chrome hack today. Here is a great site with the fix: https://redleg-redleg.blogspot.com/2012/02/malware-hosted-on-31184242102.html?showComment=1329285003052#c5421789068641877560

@human2 that website has the virus. My antivirus doesn’t let me enter in that web.

@fellowito The website/page ref by human2 does not have the virus, however the post does have a listing of the javascript used in the hack. The listing is benign but the listing must be triggering a warning from your AV software.

Would appreciate knowing what AV software you are running so I can check into it.

Also never ever ignore a warning from your AV software, and never ever take some random poster’s word for it that his site is not malicious!

redleg

@redleg-too thank you for getting back, my AV is Eset Nod32.

I have news, the problem is in some plugins. Even I tried re-installing them (delete and then install), the malware warning still appears. It’s quite frustrating.

In all the sites I have seen so far the hack has been some obfuscated javascript added to the end of some/all of the legitimate javascript files on the site. Since the listing of the code triggers you A/V I will try posting just a snippet here the code starts out

var _0x80d0=["\x64\x67

and then those \xdd goes on forever.

Sorry, I don’t know what do you mean.

I know it’s some kind of code added in some files, but I’ve uploaded again all the wordpress files and my themes files, and plugins with problems, have been replaced too, always using new files. So, I don’t know what other things I must replace.

I am new to this forum so not familiar with the rules but you you post you URL and I will take a look at the site. You can use a service like https://goo.gl/ to mask your URL.

Oh, ok, sorry, my mistake.

https://goo.gl/Vhw6J

Anyway, the problem only appeared in my admin panel, and right now I think it’s solved because I deactivated two plugins.

I am not turning up anything so hopefully it is all behind you. Appreciate the info on the alert from Eset Nod32 on my blog. Guess I need to figure out away to put the code examples in my post so that they do not trigger a warning!

Good Luck

dionsis wrote:

I’ve ran Bulldog Internet Security, Spybot S&D and A Squared looking for anything on the machine.

Any other scanners reccomended?

Malwarebytes and SuperAntiSpyware.

@redleg-too anyway, maybe u have found the code, but where is it? I mean, I’ve replaced a lot of .js files, but I still have the problem. In what files are that code?

MickeyRoush wrote:
Malwarebytes and SuperAntiSpyware.

Cheers Mickey

Fellowito wrote:
@redleg-too anyway, maybe u have found the code, but where is it? I mean, I’ve replaced a lot of .js files, but I still have the problem. In what files are that code?

Replacing a lot isn’t enough. It needs to be every JS file. That means a fresh copy of the WP-ADMIN and WP-INCLUDES (delete the entire folders unless you’ve customised) then in WP-CONTENT you need to reinstall plugins and clean any JS your theme is using.

Double check all folders 755 and files 644 permission etc etc as per links already given above