shopstyle4you Malware

  • Resolved hellf

    (@hellf)


    10 years, 4 months ago

    Hi all,
    I’m here for a problem with a website that i made with wordpress.
    I found a malware that create a list of link before <!doctype > only when is a sarch engine bot scan the site.

    in the webmaster’s google page under view like google i found this:
    Image

    and doing a site search with google (site://www.liftface.it) can see the link
    image2

    i have done a deep scan with anti-malware and found malicios in errorlog.php
    but te problem still.

    Do you know the particular malware and how i can remove?
    thanks very mutch

    https://www.ads-software.com/plugins/gotmls/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter hellf

    (@hellf)

    I have found this bastard.
    they are under /wp-includes/fonts/dashicons.cbu
    when i delete the file i’ll recive an error and the website don’t show anityng because say the dashicons.cbu was needed so i delete the content and all done right infact inside i found a base64_decode
    now all is ok…
    i’ll made another try wen all ok put this as resolved

    Plugin Author Eli

    (@scheeeli)

    can you send me that base64_decode code so I can add it to my Definition Updates?

    You can also try emailing the infected file to me ditectly: eli At gotmls DOT net

    Aloha, Eli

    Thread Starter hellf

    (@hellf)

    I have send to you the file, i have add even the file wp-settings.php for the row
    require( ABSPATH . WPINC . ‘/fonts/dashicons.cbu’);

    Plugin Author Eli

    (@scheeeli)

    Thanks, I added both of those to my definition update.

    Aloha, Eli

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘shopstyle4you Malware’ is closed to new replies.

Tags