Donations keep this Plugin alive! If you value this Plugin I urge you to donate as much as can so that I can keep it up-to-date and make it better. The more money I get, the more time I can devote to it, the more you benefit.
Get instant updates to new definitions files as new threats are discovered.
*All fields are required and I will NOT share your information with anyone.
*All fields are required and I will NOT share your information with anyone.
The malware that I am cleaning doesn't seem to have any function other than to allow the index page to load, then one other page, then it hangs until a 504 error displays.
Can anyone suggest what the malware might be? I can't find any info about it.
It probably does more than that but I would need to see the whole code to tell you more. You can send the whole infected file directly to my email address.
My site was working, but slow and couldn't reach all pages, getting many 504 errors. Hostgator advised all PHP pages were infected with malware, although online testing, including Google showed no malware. Why was the malware not found online?
I went into CP and looked at some PHP pages and all had long code at the top of each page. I deleted all the code by hand then a few hours later all PHP pages had the same code again!
Not knowing what to do I found this site and downloaded the plugin, made a donation to get full benefit and the plugin found 400+ pages infected. I then cleaned them and exported the site and will load to a new server as 4 other sites are also infected.
If I download infected files can I install on my Localhost and then use the plugin to clean them or will my Localhost become infected?
Thanks for an excellent plugin!
You can download the infected PHP files safely but you must make sure not to execute them with PHP. If the code in those files gets executed then it could infect your local machine. I would suggest cleaning all the sites in-place, on the server. You can install and use my plugin on multiple site, just use the same email address to register them all so that they are on the same account.
Many thanks for your reply.
Yes, I discovered that I can use the plugin on multiple sites with my code. As I clean each site I compress the clean files to a .zip and download them to my computer. After cleaning one site it is not being reinfected, which is good news.
A great plugin and I will make another donation when I have done the 6 sites on the server.
cpanel has an antivirus included and it found some viruses that anti malware didn't found:
public_html/foldername/errors.php: quarantining……done
public_html/foldername/images/patterns/views.php: quarantining……done
public_html/foldername/images/patterns/kam.php: quarantining……done
public_html/foldername/js/mail.php: quarantining……done
name of viruses are respectively:
Win.Trojan.Hide-1
Win.Trojan.ld-34
Win.Trojan.Mailer-10
Win.Trojan.Mailer-10
Can you email those files to me? I need to see the malicious code in those files so that I can add them to my definition updates.
May I ask, what cpanel antivirus you used? Site Doctor? …Thanks.
The partial snippet of code that you sent me does not help if I cannot see how it ends, but based on how it starts off I am pretty sure that this threat is already in my definition updates. Please send me the whole file as an attachment so that I can be sure or get it added to my definition updates if it is something new.
Hello, thank you for plugin (i've donate). I dont understand why Sucuri still say i've MW:JS:GEN2?web.js.script-injection.003…
You site is actually clean now but Sucuri caches their scan results, so you just need to click the link at the bottom of the page that says "Force a Re-scan" to clear the cache.
Note at the bottom of the Sucuri scan results:
*Cached results from more than 2 days ago.
Thanks for your plugin. I've just donated another $29.22 to add the plugin to another two sites. I will continue to donate for each site I add the plugin to. Thanks for your efforts.
Just started using your plugin and it already found some issues.
Donation coming your way. Thanks!
Donated
Thanks for this awesome plugin.
Hi Eli,
I have donated via PayPal. Sent you email.
Thanks so much for this plugin.
This plugin has been helpful for me in the past. I just donated. Hoping it's helpful for me again. Thank you for what you are providing!
Perfect! Gracias!
Hello!
Excuse my English I speak Spanish!
Really very good, I congratulate you.
How many sites can activate with a donation of 29 dollars?
Best regards
As many sites as you want, as long as you register them all under the same email address
Happy to donate. Keep up the great work!
Donated
Thanks
Donated via paypal email because paypal wouldn't let it got through the normal way,
Thanks for developing this pluggin
Got it. Thanks for your donation
I may be premature in asking this because the scan is still going, but Google has provided a list of the infected pages on our website. Your amazing, brilliant scanner has picked up numerous problems and fixed them but none of them are on the pages that Google says are the problem pages.
I'm scared that we are going to miss the pages that Google says are the problem pages.
Google will only tell you about Pages (URLs) that are showing malicious content. My plugin will find the files (PHP code) that is responsible for that content being displayed. Once the files are clean then you can request a review in your Google Webmaster Tools account and Google will rescan those URLs to make sure they are clean and then remove your site from their blacklist.
OMG. Your scanner worked. We are back on Google. I paid someone $50 to help me clean our sites and he didn't get any result. And I paid someone else and he didn't get a result. But your scan did it. It found the infected files and cleaned them with one click. It took 4 hours to scan only about 100 pages but it was worth it. You are a champion.
Hi
I just get registered and made donation but, i still see no key in the plugin setting page and "Download new definitions" has no effect ("Download the new definitions (Right sidebar) to activate this feature" still in red)
Any help ?
I see your donation for $14.89, Thanks for that
If the Manual Updates are not working then you should check your firewall settings.
If you are referring to the Automatic-Update feature then you need to have donated above the default level (at least $29+).
How do I get all my sites working.
Thanks
42
…if you need more help please describe your situation in more detail.
This answer is great!
Can I install de same plugin in other web site?
Yes, you can use this plugin on as many site as you want.
Just get a new key for each site and register them all using the same email and they will all be under the same account.
how I can register a new site ?
The same way your registered your first site. Install and Activate the plugin, then go to the Anti-Malware Settings page in your wp-admin, click on "Get FREE Key", and submit the registration form. Just remember to use the same email address that you used to register your first site if you wan them to be in the same account.
Just wanted to say that your plugin saved me from the hearth attack. Thank you so much, just donated $29.
Greetings!
have you developed anti malware for Joomla!
Pandu
No, sorry, This plugin is currently only available for WordPress. You can however put any files that you want to scan into a directory on your WordPress site and the plugin can then scan them for you
Thank you.
Wow, I was overwhelmed and I happened on your plugin. I had found some but I don't know php and some of the php code seemed odd to me. Sure enough, you flagged it!! Stats from my site:
5202 Scanned Files
1074 Scanned Folders
Found 4 Backdoor Scripts
Found 22 Known Threats
Now just to get my site off the blacklist. Ugh.
Thanks for you generous donation
Hi great plugin just donated a small amount of $10, how do I make all features available for my site? Thank you…
Thanks for your donation
Donating a total of $14+ will unlock the Brute-Force Protection in the Firewall Settings.
A total contribution of $29+ would unlock all features, including the Automatic Updates which makes the Core Files Definitions available too.
Hello,
I can't download the updates after generating a key when i click on download it will redirect me on scan page which does not show the key and ask me to generate a key again.
Please help me what should I do ?
also please tell me is there any other source to donate this plugin ? because we dont have PayPal service here in our country.
Thanks
The two most likely reasons for the definition updates not being installed are either: you have a post size limit specified in your php.ini file that is too small for the initial updates; or you might have another firewall plugin installed that is blocking the updates.
I'm sure that the Automatic Update method would work for you but I am sorry that I don't have any other means of accepting donation besides PayPal.
If you would like me to troubleshoot the definition updates on your site you could send me your wp-admin login, directly to my email address, eli AT gotmls DOT net
Hey, good morning,
Awesome plugin
One question can I get a receipt for the donation ?
Thaks for your time
Thanks for your donation, I don't send invoices or receipts but I think you can print the transaction details from PayPal as a receipt
A scan I just did of my site showed that it was clear of malware, however, when I visit it… my antivirus warns me that the site is infected. I confirmed this on another computer. Why is this? I thought your program would catch it.
I don't know what type of warning you got from your Anti-Virus software but your site looks clean now. The warning you got was probably related to a blacklist which can sometimes take a little longer to clear up even after you have cleaned your site.
I added some html pages to the white list but they keep coming up in the threat. I would like to know if there is something that is a threat or if it is a false positive.
Also, my definitions are set to auto update but they don't. I had to update them.
Have the definitions set to auto update is the reason that your custom white-list get's overwritten. The auto update feature installs the most current definition every time a scan is initiated, so you won't see them getting installed until you start a scan because they are not needed until then.
As for those HTML file that you are trying to white-list, can you send them to me so that I can see if they are false positives?
I have optimizedpress on my hosting account with WP. A bunch of pages for OP show they are a known threat because there is js after the body. It seems that this script should be there changing some fonts on the page. I was wondering if you can verify its a false positive.
That theme does but the script tags after the closing of the body tag
which should be reserved for hackers and bad programmers 
Just edit those files that are same and move the scripts inside the body tag, where they should be, and then it will not look like hackers injected that code
Thanks. Not sure what genius came up with that idea…. lets put code outside the body.
Eli: I donated and registered a site but then put the second site under a different email before realizing it. Can you help me move the site under my donated account?
Thanks
ss
You can just login to gotmls.net with the password that was sent to that second email address and then transfer that registration to your first email
Hi, I meant to donate the $29 to to BETA test the new Scan Core File feature and get Automatic Definition Updates.
I donated $14 by mistake
Can I pay donate the difference? I want to try it out and if ths works I will donate for each installation I make on each wordpress site I have.
Thank you so much
Azu
Yes, you can just make another $14+ donation and it will unlock that feature for you
Hello! Plugin is fantastic and I've donated for sure. Issue is the "Automatically Fix Selected Files Now" isn't working for me. Then I tried to press the designated button for it it was taking too long and I keep getting this error:
Not Acceptable!
An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.
Can I get some help on this please? If I can get these errors fixed, it would be amazing. Thanks!
It sounds to me like your Mod_Security settings are blocking my plugin from fixing those files. You need to talk to your hosting provider about changing the settings for Mod_Security to allow these requests or else whitelist your IP address to that you can at least fix those files.
I am using your plugin from the beginning of my blog. Recently Google has warned me about malicious content on my website. But after scanning the site it's not showing or detecting anything new. But Google has not removed the warning. Can you please suggest me what to do?
Sometimes Google take a long time to update their cached results for a site and this delays the removal of that warning you are getting. Re-check the date on the last threat that is shown in the Security section of your Google Webmaster Tools. If it is today's date then you may have a new threat on your site, have you downloaded the latest definition updates for my plugin?
Greetings.
I'm having an odd problem at one of the sites where I've installed your fabulous plugin.
I log in to the site click the "Anti-Malware" button.
It says on that page "Get FREE Key!"
I click on that and it immediately displays the key and also displays "Download new definitions!"
i.e. It doesn't present me with the usual form to fill in with name and email address.
So I click the "Download new definitions!" button and nothing happens.
Something seems to be TRYING to happen, but it never does. Eventually, the page times out.
Unlike the other sites that I've registered with a KEY, this site always asks me to get a Key.
Your advice on this would be appreciated. Thanks.
Best Wishes,
PRODOS
Melbourne, Australia
It sounds like that site was already registered. The same Key will be regenerated for that site every time you Get the Key, but it cannot be saved unless the definitions are downloaded. The problem is that you don't seem to be able to download the definitions on that site. I'm not sure why it's not downloading on that site, and this suggestion is kind of a lame workaround, but have you tried the Automatic Updates? When the manual download and save fails for whatever reason the Automatic method always works. Just click "Get FREE Key" as usual but then check the "Automatically Update Definitions" box at the bottom of the Scan Setting page and then click Save.
Thanks Eli,
That worked!
Best Wishes,
PRODOS
Hey, i have donated but i can't scan the Core File Changes – but why?
Thanks for your donation. You just need to check the box for Automatic Updates at the bottom of the AntiMalware -> Scan Setting page in your wp-admin and then click Save. Then you will have the definitions for the Core Files.
thank you so much!! you are a virtual hero
i need help. My host (hostgator) have restricted all my sites, and now i cannot even access to my WP admin, so i cannot make your plugin run …. (is there a way you can help me via ftp access only ?) – thanks
It's hard to work on this kind of thing when you cannot access your sites. How many sites do you have on that account?
Maybe they can restore access to one site for you so that you can use my plugin to clean them all up.
well.. i've managed to migrate the sites one by one to other servers, so i can have access again to WP panel, and use your plugin to clean them up..
Thanks for your help, and by the way, i just paid the 29$ via paypal today for your plugin which sound to work really good !.. Thanks a lot again for your work !..
PS : Hostgator is just a big Axx Hxxx and don't help you at all when you are in trouble with malwares or attacks. They just close your site and that's it. And then they try to sell you their security services, … for very expensive ..! Good business for them !.. So I decided to move all my sites to other servers … Bye bye, i am not going into this fake business ..
Thanks for this tool, it has identified several issues. However, when I run the quick scan on themes it skips all of the subfolders. I don't see any settings where I can update the quick scan. Is there a way to update this?
The Quick Scan was designed to be a fast and short scan of the most likely locations for Known Threats. It runs under a single PHP process so that it finishes quickly but that means it has memory and timeout issues so I defaulted the scan_depth to 2 so that it would not drill down too deep and get stuck half way through a scan. You can manually override the scan_depth by adding the URL parameter at the end of the Quick Scan path (try adding &scan_depth=3 to the end of the URL, if that work then maybe try 4 or 5).
my url got malware/virus , if open desktop web i didnt see any different but when i open my url via mobile phone, the url keep direct me to adsvertisement web, i already use your plugin to scan but didnt detect any malware/virus ? any step i miss ?
rescan , it is work ! thanks. solved
Hi,
After most recent update I no longer can download new definition updates. It says, "Your Installation Key is not yet Registered!". But as I found out in my profile in Gotmls it is registered and active.
Can you please look into this issue?
Thanks and have a great day!
Thanks for the login. This is a multisite and I don't have network admin access so I cannot fix it for you but I did figure out what the problem is and I just released another update that should fix this for you.
Please download version 4.15.19 and let me know if that does he trick.
I am having the same problem. It says my key is registered on here, but the plug keeps the message not registered. I am not using multi site and i am already updated to 4.15.19
Sorry for the confusion, 4.15.19 didn't fix it so I release 4.15.20 which has been confirmed to fix this issue. Please recheck for plugin updates and download 4.15.20 to resolve this issue.
Eli,
What about multiple sites. not to complain because Im happy as a pea. but I have several personal websites. Can I use the same key? or do I must I donate for each of them? just asking. BTW great plugin. World needs more people like you!
TIA.
Sam
Thank you!
Each site generates it’s own key, but you can register each site key under the same email address so that they are all on the same account. Then you can make one lump-sum donation for all sites on that account.
I don't see where I can add this to my other 2 sites. I have a few plugins that I did pay for and there is always a license key on top that I just paste my code to, and it activates it on the site. I don't see anything like this for the other two sites I have no idea how to do it. Can you instruct me please?
Thanks,
Lynn
Each site must be registered with it's own unique Installation Key, but if you use the same email when registering multiple sites then they will all be registered under the same account.
Thank you for a great plugin. The depth of your technical expertise puts me and my clients at ease. Great work. Please keep it up.
Excellent software..I really thank ELi and the people who made this great work..
a great sigh of relief!
Hi Eli,
My 2 cents collaboration, Spanish howto:
http://www.webempresa.com/blog/item/1641-detectando-y-limpiando-malware-en-wordpress.html
Thx & regards
That's great! Thank you very much for writing that howto in Spanish
Eli, thanks for a great service. Another donation on the way
The fix isn´t working.
The scan finds 306 knwon threats, but when I press "Automatically fix selected files now" it thinks for 3 seconds and says "Nothing selected to be changed" and "Done!" and nothing happens
Are you certain these are "Known Threat", in red, and these are check-boxes at the beginning of each line that are all checked?
If you are still having this issue can you send me a screen-shot?
Thank you for sending me a login to your site. Something on your site is blocking my plugin from submitting the "Fix" form. I upgraded my plugin on your site to the BETA version that I am about to release. The new version of my plugin includes a workaround for this scenario and you should be able to fix the malware it finds now.
Please run another Complete Scan and let me know how it goes.
Hi Eli,
I'm a little confused about the Scan level setting.
If it is set to -1 does that scan all of the folders on a particular domain folder or does it scan all the folders of all the domains in my account on a shared server?
If not, how is it possible to do a complete server scan of all sites at one time?
Does the plugin need to be installed on each individual domain and run separately?
Also are folders outside of public_html scannable or vulnerable to attack?
Seems like a great plugin, would like to make the most of it,
Thanks
The Scan Depth is how far down to drill into directories looking for threats, not how far up to start looking.
I have set The Scan Level for your domain to start scanning one level higher, this should get you into the public_html directory where you can scan all your sites at once, but you need to Download the latest Definition Update for this change to take effect.
It is possible for hackers to take control of a server at the root level (outside you home directory) but there is not much you can do about that unless it's your server.
Let me know if I can be of any further assistance.
Help, I have used the program, registered the key and made a donation. The scan will only complete to 66% and it seems to have really, really slowed down my site. I do not know where to begin to correct this.
I really appreciate your plug in and need support. Thanks Maymay
Have you tried the Complete Scan? it does not task your sites resources as much as the Quick Scan.
When it stops at 66% is there an error message?
If you want to give the your WP Admin login I can try it myself and see what's going on.
how do I contact you directly with that info?
Just reply to this email notification, it's from my address, nobody else reads it but me. Or send a new email to: eli AT gotmls DOT net
Is there a way to schedule scans? Maybe an upgrade or cron job I could run? I've got too many sites to have time to go in and run this constantly.
There is no way to schedule a Complete Scan at this time but that is a feature that I am working on. However it would be a pretty poor band-aid to just keep scanning and cleaning your sites over and over when what you really need is to get them all completely clean and patch the hole that is letting these hackers reinfect you.
Two things that might help you right now are: (1) I could get my plugin to scan all of your sites at once from just one admin page if all your sites are on the same server, (2) If you find out how the hacker is planting scripts on your server then you can stop him (or her) from continually re-infecting you.
Hey Eli;
Just loaded up your plugin and ran a scan – I've got 21 potential threats – mostly well-known plugins and wp-includes js files.
Shall I send them to you via the plugin to check?
Thanks!
Austin.
There are a lot of .js files that come up as Potential Threat just because the use the eval() function. These are usually ok but I leave that general rule in there in case you have a threat on your site that you cannot find in the Known Threats. If you are sure that these are all ok then you can whitelist them in my plugin and send me your reason in the form provided then I will get to adding them to my global whitelist when I have time. Honestly, I am very busy right now and whitelisting potential threats in .js files is about the lowest thing on my list of priority list. This being a free plugin, financed only by your donations, I do what I can to make it the best it can be, focusing on new threats first and then important features and enhancements.
I have barely used this plugin for 8minutes and I'm like wtf is this. This is the best plugin I have ever come across on wordpress and you really deserve lots of kudos for this. Do you do freelance work?
Thanks for the kudos. I do freelance but I'm very busy at the moment. Feel free to email me directly if you need anything and I see what I can do.
Hi Eli. I have just stumbled on your plugin. Google blacklisted my blog couple of days ago and the problem listed was a code injection that was linked to a website called earnmoneydo or something like that
"
I have tried to look for this code but couldn't find it. I have run your plugin and I have deleted 4 known threat. Does that mean its a safe now even though the code wasnt included in the one your plugin found?
Kind regards for your help.
If you removed the Known Threats that my plugin found then it probably fix. Now you need the Google to refresh the cache they have of your site so that they drop that warning. The best way to do that is to request a review in the Malware section of your Google Webmaster Tools account.
I noticed last week that when I looked up my website on google I get a warning message that says "this site might be hacked." I ran a site scan and got this:
Known Spam detected.
Details: http://sucuri.net/malware/entry/MW:SPAM:SEO
I ran your antimalware plug-in on my site and it didn't come back with anything.
MW:SPAM:SEO is a generic label for a broad range of malicious ads. Although my plugin can find and automatically fix many of then there are always new variants that come out that need to be added to my definition update. If you can provide me with WP Admin access to your site then I will find this new threat and add it to my definitions so that it can be automatically removed like the rest.
Thank you so very much. Is there an email where I can send the log in info to?
I got the login you sent me, thanks.
The problem was just that you had not downloaded my latest definitions update. Once I did that and ran a Complete Scan it started finding a Back-door redirect script embedded in hundreds of WordPress core files. The Complete Scan took about 25 minutes to scan over 20,000 files on your site and found a total of 820 malicious scripts. I had it automatically remove these injection from the infected files and your site does not appear to be infected any more.
It looks like it may have been a vulnerability in your "irresistible" theme that let this hacker into your site. You should delete that theme if you are not using it.
Hello. My site has Virus http://babygamesonly.com/
How i can remove it ?
I take it you have scanned it with my Anti-Malware plugin and found no Known Threats? If my plugin does not find anything you can send me your WP Admin login and I'll look for it myself.