Please help, I am unable to remove Propeller Ads/ Pop-up Ads

I see that the site automatically opens this site on a popup / new window to a different website. If this is not rendered by any plugin, it is surely a malware in your theme / plugin code.

On a closer look I see this code in the header of your page source:

<script src="//luvaihoo.com/tag.min.js"></script>

You will need to check if this code is rendered from theme or any other plugins.

Please make sure :

1. You are having the latest update of plugins and themes installed on the site.

2. Remove unwanted plugins from FTP access, if you are unable to remove it from WP admin.

3. If you are using proprietary themes, make sure you do not get this from sites claiming to give you a licensed theme for free. (Nulled themes). These inherently end up with malware.

If your site is using proprietary / commercial themes like this one
https://themeforest.net/item/newser-a-multiconcept-magazine-theme/16496557

You will need to ask for support from the theme author there at its purchase place or official support channel of the author.

Hi,
I did not see any ads on your site. I believe it was the cache issue.

Please click anywhere on site, you will see pop-up ads.
When you do Inspect Element of home page there is link embeded “https://onmarshtompor.com/afu.php?” which link is opening and creating pop-up.

@nagpai I am using limited plugins (only 9) which are updated and trustworthy.
I had purchased this theme 2 years back and now also downloded lastest version of this theme and uploaded but still the code gets come from somewhere.

FTP into your site and rename your plugins directory and the current theme (newser?) by adding a few characters to the plugins directory name and then the theme’s name. This will force a switch to a default theme where you can then test everything to find out if there’s something in your WordPress core or the database causing this problem.

I’ll then want you to install something like IthemesSecurity and maybe WordFence… They are the two security plugins I run on my sites and they behave well together. You will probably need to create a new empty plugins directory so you can do that as you rename the old plugins directory. I don’t want that old plugins directory re-enabled as I’m not comfortable with what I’m seeing there.

Once you’ve proved things are testing okay or have moved forward to determining where the problems still are… Let us know what is going on and we’ll proceed from there.

If you think the problem is gone you can re-enable that theme if you wish and if it’s corrupt you’ll probably find out right quick or the security plugin will tell you about the problem.

Do let us know what you find.

@jnashhawkins First of all I did as you said- added few words to plugins directory name and then the theme’s name after that all plugins started showing The theme directory “newser” does not exist and same for plugins.
Then I was unable to install any plugin and theme. So again I rename it’s old name but all plugin not showing in wp-admin now and website is not opening.

I’m looking at the site right now…

Looks fine to me and I’m not seeing any ads at all.

The theme is now Twentytwenty and the plugins list looks the same as before or close to it with… Akismet OLD(?), Contact Form 7, and Yoast SEO.

Sucuri seems to say the site is clean…

Your posts and content looks fine.

I’d install something like IthemesSecurity and Wordfence in tandem as those two plugins behave well together.

I’d then start building my site back by installing a theme I like or else staying with the Twentytwenty theme which looks fine for me.

If you start getting ads again… the people at Propeller Ads offered to assist and we are here to help also.

I’d also recommend running some kind of cache controller type plugin like my favorite W3TotalCache or else cache enabler. Your web host likes to run with a proxy server out front which is a great idea in my book… running one of the cache plugins will help control that a little better which will help your new content and site changes show up faster and without the ‘hiccups’.

Let us know if you need anything else and that’s a right cool site contentwise!

• This reply was modified 3 years, 10 months ago by JNashHawkins.
• This reply was modified 3 years, 10 months ago by JNashHawkins.
• This reply was modified 3 years, 10 months ago by JNashHawkins.

@drwordpress2020 @jnashhawkins I want to share something that will help you to understand more to guide me.

Problem- The propeller Ads plugin is getting activate automatically even I tried deleting it many times. Sometimes my role automatically changes into a contributor from an administrative role. Then I need to rechange it by Cpanel.

1. I have contacted my host (Bluehost), they have done everything from their end including file malware scanning but nothing helpful found by them. They suggested contacting the WordPress support team as the plugin is a third-party tool.

2. I have contacted Support of Propeller Ads, they are blaming and insisting to contact the WordPress team. They are not ready to help.

Please do the needful.

Currently, I have logged out from the plugin through wp-admin, and thus you will not found pop-up ads now on the website but they will activate after some time automatically.

• This reply was modified 3 years, 9 months ago by worthofblog11.

Please reply,
I have done everything from using the WordFence security plugin to changing the wp-admin URL and password and changed hosting password but although nothing working for me.
Also removed codes from the header and deactivated propeller ads plugin many times.
But after few hours it gets activate and appears automatically on my site.

The Propeller ads team saying-
To put the file “forpropeller.txt” into the root directory of my site.

It should contain following text: Xz!vzcV3AT@hc&@^4$CiSQD%6tmPqR&c5kyLLnZ^jovqmsN3VwJh7RXgiLD7o^X5kJfP#H9y^4T3KCMCve7D$Pfb!B^qQxyhR#WRdL&E2mE!nwBXA23Ggsv*gTmw#6c

Is it safe to do it?

I am not sure why they are asking to put that code when you actually want to remove Propeller ads from the site.

By any chance does your site have any caching or backup plugins that show the propeller ads code even after you remove the plugin from the website?

I would recommend getting the site checked by some security expert.

Currently, I am not using any kind clear cache plugin. Will it help me if I use it?

@nagpai I archived your reply. Thank you for helping but do not recommend users send details to the plugins team.

@worthofblog11 It really, truly sounds like your site is well compromised and hacked.

Please remain calm and give this a good read.

https://www.ads-software.com/support/article/faq-my-site-was-hacked/

When you have successfully deloused your site then consider giving this a read too.

https://www.ads-software.com/support/article/hardening-wordpress/

@nagpai When I changed the login URL and Password, they added two files and I am sure from Cpanel: propeller.txt and Anti-Adblock file. They also added the same Anti-Adblock code in the header.txt file of the theme.
I removed and it becomes normal and again after a few hours plugin got activate automatically.

@nagpai they help desk of propeller ads asking for proving ownership and saying

Please put the file “forpropeller.txt” into the root directory of your site.
It should contain following text: Xz!vzcV3AT@hc&@^4$CiSQD%6tmPqR&c5kyLLnZ^jovqmsN3VwJh7RXgiLD7o^X5kJfP#H9y^4T3KCMCve7D$Pfb!B^qQxyhR#WRdL&E2mE!nwBXA23Ggsv*gTmw#6c

I am scared of it.

putting such text file will not compromise your site security,
it will just prove that you have rights for the site and can put files to its web root.

Its same as other services ask to authorize your account to confirm site ownership. Filenames are different of course.