Topic: wp-tmp and wp-feed – Download this free Anti-Malware Plugin for WordPress.

This topic contains 2 replies, has 2 voices, and was last updated by Terence Wilks 6 years ago.

Viewing 3 posts - 1 through 3 (of 3 total)

Author

Posts
April 12, 2018 at 6:04 pm #2069
Terence Wilks
Member
GOTMLS identified wp-tmp as a problem containing an ad injection script and offered a fix. However, it did not identify one of the underlying issues that kept rewriting wp-tmp.php which was in the template functions.php; I’ve included the code at the end of this entry.

I removed that from functions.php but it seems as though there is other code somewhere that I have yet to locate that is rewriting that functions.php code.

If anyone has run across this before I’d love to hear from you.
- This topic was modified 6 years ago by Anti-Malware Admin. Reason: Malicious code removed
April 14, 2018 at 7:50 am #2074

Anti-Malware Admin
Key Master

I removed the malicious code that you posted here because of all the malicious links in it. Plus, it was reformatted for the forum and missing the PHP brackets and other content that was in that file so it was not very useful to me. I could tell that it was very like the code I would have expected in your functions.php file and that is already in my definitions so I am not sure why it was not found on your system. It would help me if you could email me that infected file directly so that I can check it and update my definitions if needed.

April 14, 2018 at 7:13 pm #2075

Terence Wilks
Member

My issue turned out to be a whole stack of false PNG files in the Upload area that contained @eval statements. When I cleaned out wp-tmp.php and functions.php from my template the @eval statements were allowing script injection. If you can’t get your website clean using this plugin then delete all of the file types from the filter so that it can see into PNG, JPG, etc files. I haven’t found the initial entry point yet but I’m assuming it was a plugin.
Author

Posts