Website hacked – now showing as malware being downloaded

  • Please could you help me clean up my website that was hacked on 26.9.15

    When I went to upgrade some plugins today at top right corner of the admin page it showed a link to “Anal” which pointed to a directory created on 26 Sep full of html files with porn images.

    I also discovered a couple of users that had been created without my knowledge: admin and administrator with email address something like admin@localhost.

    I have since removed the malicious directory but whenever I try to go on the website I get a warning from Windows Defender to say “Malware detected”.

    I noticed that while the website loads pages in the bottom left corner appears a link to kfc.i.illuminationes.com – I understand this is a malicious code injection originating from servers in Latvia.

    I am going to upload via FTP the core files that I just downloaded from this website but is there anything else I can do to fix this?

    The url is https://smartfitnessmakeover.com but please be careful if you visit.

    Many thanks,
    Cristina

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter MCAlciati

    (@mcalciati)

    Following from my previous post I have now found another post discussing the infection by kfc i illuminationes dot com and have been following the same steps as the original poster but I can no longer access my header.php files on my server.

    Is there a way around this?

    Many thanks

    Hello,

    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Regards

    KC

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Website hacked – now showing as malware being downloaded’ is closed to new replies.