Still Malware after installing GOTMLS

Home Forums Support Forum Still Malware after installing GOTMLS

This topic contains 9 replies, has 3 voices, and was last updated by Ken Pachmayr Ken Pachmayr 3 years, 6 months ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #716

    Went to Securi (which originally identified javascript malware).

    Known javascript malware.
    Details:
    http://sucuri.net/malware/entry/MW:SPAM:SEO
    t=”;}}x[l-a]=z;}document.write(‘<’+x[0]+’ ‘+x[4]+’>.’+x[2]+’{‘+x[1]+’}</’+x[0]+’>’);}nemoViewState();

     

    What do I do now?

    #717
    Anti-Malware Admin
    Anti-Malware Admin
    Key Master

    Did you run a Complete Scan on you whole site using my Anti-Malware plugin?

    Does it find any Known Threats (in RED)?

    #719

    Hi Eli, and yes, I ran a complete scan. It found a couple of threats, and I had your software remove them.  After that I did a check on Securi’s site, and it showed the same issues it did before I installed your plugin.

    #720

    orgot to add, it also found this:

    Known Spam detected.
    Details:
    http://sucuri.net/malware/entry/MW:SPAM:SEO
    <p class=”nemonn”>By APNWLNS <a href=”http://apnowloans.co.uk/&#8221; title=”Payday Loans”>payday loans</a></p>

    #721
    Anti-Malware Admin
    Anti-Malware Admin
    Key Master

    Yes, those are both part of the same threat, and one that that I have see many times before. I have just updated the Definition and changed your scan range to include the root of this site (not just the blog directory).

    Could you please download the new Definition Update, and change the Scan Directory to scan the whole site, then try a Complete Scan again?

    Let me know if this still does not work.

    Aloha, Eli

    #722

    Your interface doesn’t allow you to scan the whole site. At least not in the interface I installed as a plug-in on WordPress. Am I missing something?

    #723
    Anti-Malware Admin
    Anti-Malware Admin
    Key Master

    This is on [your registered domain], right?

    If you have just downloaded the latest Definition Update then you should now be able to change that first option on the settings page to scan the whole site and not just the blog directory.

    Please let me know if I that is not working. I would be willing to login to your WP Admin if you want to email me your login into (don’t post it here on the forum, of course, just reply to the email).

    Aloha, Eli

    #724

    Hi ELi -

     

    I updated, and ran another scan. It found one threat on the site, but it didn’t seem to clear the Securi Scan (I ran one on the entire site (checked out OK), but when I an a check on the blog directory, it showed the same two spam and malware issues. Why is that?

    #763
    Ken Pachmayr
    Ken Pachmayr
    Member

    I have the same problem. Site is already blocked by Google. I updated WordPress. Did a quick scan and complete scan. Yet I can still see the malware when I go to:

    anastassov.net/about and do a Source view. There are other pages, but I cannot figure out how to get to the malware that appears here.

    Need Helpl.

    #764
    Ken Pachmayr
    Ken Pachmayr
    Member

    I found the malware hiding in the header.php file in the Theme/Basic/ directory. Not sure why it wasn’t found when I downloaded the file to my desktop and ran my malware software, and not by GOTMLS, but was found when I ran online scanner: SURCURI.NET, but it only reported the directory /about/ which in wordpress didn’t exist.

    Putting the malware in the header.php makes almost every page seem like it is infected when it displays.

    I will keep and use this software. I donated.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.

Comments are closed.