Home › Forums › Support Forum › Still Malware after installing GOTMLS
This topic contains 9 replies, has 3 voices, and was last updated by Ken Pachmayr 11 years, 4 months ago.
-
AuthorPosts
-
May 24, 2013 at 8:21 am #716
Went to Securi (which originally identified javascript malware).
Known javascript malware.
Details: http://sucuri.net/malware/entry/MW:SPAM:SEO
t=”;}}x[l-a]=z;}document.write(‘<’+x[0]+’ ‘+x[4]+’>.’+x[2]+’{‘+x[1]+’}</’+x[0]+’>’);}nemoViewState();What do I do now?
May 24, 2013 at 8:41 am #717Did you run a Complete Scan on you whole site using my Anti-Malware plugin?
Does it find any Known Threats (in RED)?
May 24, 2013 at 8:45 am #719Hi Eli, and yes, I ran a complete scan. It found a couple of threats, and I had your software remove them. After that I did a check on Securi’s site, and it showed the same issues it did before I installed your plugin.
May 24, 2013 at 8:49 am #720orgot to add, it also found this:
Known Spam detected.
Details: http://sucuri.net/malware/entry/MW:SPAM:SEO
<p class=”nemonn”>By APNWLNS <a href=”http://apnowloans.co.uk/” title=”Payday Loans”>payday loans</a></p>May 24, 2013 at 9:16 am #721Yes, those are both part of the same threat, and one that that I have see many times before. I have just updated the Definition and changed your scan range to include the root of this site (not just the blog directory).
Could you please download the new Definition Update, and change the Scan Directory to scan the whole site, then try a Complete Scan again?
Let me know if this still does not work.
Aloha, Eli
May 24, 2013 at 9:47 am #722Your interface doesn’t allow you to scan the whole site. At least not in the interface I installed as a plug-in on WordPress. Am I missing something?
May 24, 2013 at 10:00 am #723This is on [your registered domain], right?
If you have just downloaded the latest Definition Update then you should now be able to change that first option on the settings page to scan the whole site and not just the blog directory.
Please let me know if I that is not working. I would be willing to login to your WP Admin if you want to email me your login into (don’t post it here on the forum, of course, just reply to the email).
Aloha, Eli
May 24, 2013 at 11:49 am #724Hi ELi -
I updated, and ran another scan. It found one threat on the site, but it didn’t seem to clear the Securi Scan (I ran one on the entire site (checked out OK), but when I an a check on the blog directory, it showed the same two spam and malware issues. Why is that?
June 30, 2013 at 5:48 pm #763I have the same problem. Site is already blocked by Google. I updated WordPress. Did a quick scan and complete scan. Yet I can still see the malware when I go to:
anastassov.net/about and do a Source view. There are other pages, but I cannot figure out how to get to the malware that appears here.
Need Helpl.
June 30, 2013 at 6:03 pm #764I found the malware hiding in the header.php file in the Theme/Basic/ directory. Not sure why it wasn’t found when I downloaded the file to my desktop and ran my malware software, and not by GOTMLS, but was found when I ran online scanner: SURCURI.NET, but it only reported the directory /about/ which in wordpress didn’t exist.
Putting the malware in the header.php makes almost every page seem like it is infected when it displays.
I will keep and use this software. I donated.
-
AuthorPosts
You must be logged in to reply to this topic.