rogueads.unwanted_ads?11 problem

This threat looks like it was injected into your theme. Are you saying that my plugin removes this threat but then it returns a short time after that, or is it that my plugin is not finding this remaining threat at all?

If you have an infected file, probably the header.php file in your theme, can you send it to me via email attachment?

eli At gotmls DOT net

Hello,

Thank you for the reply. I believe that the plugin doesn’t find the threat but i am not really sure. I am sending it now. hello At geargreed DOT com

sent

Hi @sporbillis,

You should check your plugin, the malware also injected hidden plugin named “index”. Before you delete the folder, make sure you’ve unregister the plugin on MySQL. Also check your file and folder permission and make sure they’re 0755 folder and 0644 file at least.

I added this new threat to my definition updates so my plugin will now remove this threat for you automatically. If you just delete some of those files while they are still included by other files then it could cause your site to crash.

Hi Eli

In your previous response you said:

“I added this new threat to my definition updates so my plugin will now remove this threat for you automatically.”

How do i start that process to remove this malware, please?

Thanks

Lee

Install my Anti-Malware plugin (GOTMLS), then register to download the latest definition updates. Once the definitions are updated you can run the Complete Scan and then click the Automatic Fix button if it finds any Known Threats.

Hi, the malware generates 2 php files, these are located in the folder wp-includes, the files are wp-feed.php and wp-vcd.php the latter contains the scripts, before deleting these files you must delete the code that generates, it is stored in the functions.php of your theme, usually from line 184, look for the label that says something like // send_wp_theme_tmp?>

From that line to the beginning you must erase, and save changes, that will help you!

PS: remember to create a backup of your site and the files that you are going to modify.

Greetings.

• This reply was modified 5 years, 11 months ago by pptorresblade.

@pptorresblade,
Your description of how to fix this issue is only applicable to one variation of this threat, and it is also rather dangerous to suggest that people delete these files because it could very easily cause their site to crash (even with your insufficient warning, which does not explain what needs to be removed).

Also, please note that this topic has already been marked as resolved because my plugin will successfully fix this threat without breaking your site ??

Hi!
I have a similar problem.
A site I manage (www.grupomancheno.com) is redirecting clicks in some menu directory to another page outside, I checked with the Sucuri tool and it found the same malware (rogueads.unwanted_ads) so I installed your plugin, registered and scanned it.

It found a “known threat” in the theme (mist) (I assume is the rogueads…) but when I press the “Automatically Fix SELECTED Files Now” button, a popup window (Examine results) is displayed and it seems to be doing something for a long time, I just dont know if it is working, nor if it is normal.

I’d like to know how long will it normally takes to fix the threat.

Regards!

First of all, this topic is resolved, and you have confirmed that stating that my plugin did actually find this threat. You should have started a new topic for your problem, which would have been called “Automatically Fix button does not seems to be working”, in which you would ask “Now long will it normally takes to fix the threat?”

I would then tell you that is not normal, it should fix all threats in less that 60 seconds or else state why it could not do so. I would then ask if you clicked on the “taking too long button”, and what error messages might have been displayed there (or in your error_log files, or in the browsers Console)?

I have also responded directly to your inquiry on my own site so please just reply to that and leave this thread closed.

Excelent! Resolved! Best plugin ever!!