Malware from 3.0.2 still visible in source

Hi
I have the same problem.
Yesterday i remove my wordpress and all plugins than installed new versions and solve my problem by that

Hi,

v3.0.3 should remove most instances of the malware code, but if that doesn’t happen, make sure you have the latest version of the plugin and try to revert its settings from the plugin’s settings page, then clear any cache your WordPress site might be using.

Hi Jose,

Thanks for coming back to me.

From what I can see, clicking on Revert to Default and then Saving inside the FancyBox settings has indeed fixed the issue.

Thanks

Damien

The ISIS malicious code keeps coming back for me even after upgrading to 3.0.6. How did Damien et al “Revert to Default” and “then Saving inside the FancyBox settings” ? I don’t see any options like that? If I activate the plugin then I see Settings but no option to revert?

One of admin found the injection in WP db itself. he ran The ran a sql query to remove the entry containing the injection.

mysql> use ******_live;
mysql> delete from wp_options where option_id = ‘42131’

That seems ot fix otherwise the injected code was even hiding the rest to defaults. Pretty horrible took 3 days to cleanup the mess.

For dorrisday23, or anyone else wondering, when you go to Settings > Fancybox for WP, there is a button called Revert to Defaults. Click that, then click Save.

I am on v 3.0.6 of Fancybox. I am not sure if it is there on earlier versions.

Clicking ‘Revert To Defaults’ removed any malicious code on my side and I did not have to do anything within the database.

Damien