WP site infected with malware

x19topgun

Newbie
Joined
Mar 3, 2009
Messages
32
Reaction score
7
Guys/Gals,

I've got a wp site thats infected with some malware, when I view the index page source code I can see the <div> tags containing the malware but I can't find it looking through the appearance>editor ...

Any suggestions on how to find it / get rid of it?

Thanks!
 
Id check in cpannel rather than in editor. More chances to go with. Also there you start with index and see where everything goes and comes from. Till then, keep your site in under maintainance, or you risk getting sandboxed. Good luck !
 
Yes, try checking all your files by FTP and check the database with the posts/pages. It will be more likely to wind it.
 
Don't you have a backup of your file?

Just incase you don't then try out this website http://sucuri.net/
 
the infected div is prolly coming from include, so check them out
 
Yeah you must not have had your wp version updated, I have about 20 clients with about 150 wp sites and we have this happen often. Most of the time, we can just look at the files using ftp and you should be able to see some extra files added like 8108.php or ones like that look at the date as well if some files dont look like they belong in the public html.. Also look in other folders of the ftp..

It is a pain... but we got to make sure wp versions are updated often..
 
this is easy just make a backup of the site as a zip file. download it then in windows 7 or xp extract all the files to a directory.
-in windows go to control panel / folder options
-click on search

then check the radio box "always search filenames and content"

it should look like this

searchOptions.png

now go to the folder you extracted the files to.

If its a website the malware links to simply type in the website url that your website is redirecting to in the upper right search field of windows (in windows xp the search field should be on the left hand side) your pc should now go trough all the files and find the one containing the code.

open the file in notepad and press ctrl+f again type or paste the website addy the site is linking to in the find field.

notepad should highlight the link in blue .

now simply remove the line of code or comment out using <!-- tag and --> tag.


if its a javascript injection finding the code could be difficult.

for javascript malware scanning use http://sitecheck.sucuri.net/scanner/

it should give you the code causing the malware alert again aplly the above methods and search for the code,remove and save ..... hope this helps
 
Back
Top