• Hello,
    I have a sudden issue with what seems to be a virus. I am using wordpress for my website and, since today, I have a pop up page appearing when I try to connect on the website, unverf.com… Is it a virus in the website?? What should I do?? Thanks very much for your help

Viewing 7 replies - 1 through 7 (of 7 total)
  • First of all remain calm! It will take some work to get your site back to normal but everything will be okay, I promise! First you’ll want to follow this guide to recover from the hack. Once you are fully recovered you may want to implement some (if not all) of the recommended security measures.

    • This reply was modified 6 years, 3 months ago by Jan Dembowski.
    Thread Starter marionh92

    (@marionh92)

    Thanks, I am trying to follow the steps but there are a lot …
    I will keep you posted

    Moderator Jose Castaneda

    (@jcastaneda)

    THEME COFFEE MONKEY

    @javimarin90

    Please do start your own topic about this. If you feel that plugin is what is causing that let the plugin developer know. I will say this once and only once: It may sound like the same issue but there are a lot of variables to consider here. marionh92 never mentioned any plugins or even a theme. We don’t know that you are both using the same setup, the same server, the same anything. The only thing in common at this point is WordPress and we don’t know for sure it is the same versions you are both using. This is mentioned in the forum guidelines: https://www.ads-software.com/support/guidelines/#post-in-the-best-place

    Hey Guys, I found this related to this issue:

    https://blog.sucuri.net/2018/08/massive-wordpress-redirect-campaign-targets-vulnerable-tagdiv-themes-and-ultimate-member-plugins.html

    However, I found due to the nature of this malware each site cleanup has been different. This has worked for most.

    I used the ‘String Locator’ plugin to find “allyouwant” and “eeduelements” strings and removed the javascript (read the article) from those files. That stopped the redirect and notifications pop up for me.

    Then I cleaned the core/theme/plugin files using malware plugin named Anti-Malware and Brute Force. https://www.ads-software.com/plugins/gotmls/

    Then I ran Sucuri and Wordfence plugins to see if anything else had issues. Hope this helps someone.

    thanks!
    had the same issue with redirect to unverf…
    sucuri site check was showing malware detected: Javascript: db.allyouwant.online
    string locator didn’t find any %allyouwant%
    free version of the plugin anti-malware and brute force didn’t find it
    i located the malware javascipt in the database in posts table (post_content), 600+ entries which i removed
    sucuri site check now shows ‘clean’ and it doesn’t redirect ??

    I have this virus on my site. I’ve use String Locator and removed the entries, I’ve used a malwafe sniffer and deleted those files but I’m still redirecting.

    When you say you went into the database in posts table… how did you do this? I’m not too familiar with that side of it. When you were inside what did you look for?

    Ok, so I found out how to get to my database, but now what do I look for? How did you find the code to delete?

    Allyouwant and eeduelements?

    • This reply was modified 6 years, 3 months ago by johnsonalec41.

    @johnsonalec41
    You will need to start your own thread to get support on this before doing so I’d suggest following the article I linked to in my original post above.

    Best of luck with cleaning up your hacked site.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘virus’ is closed to new replies.