The MW:BLK:2 is just a generic label that sucuri assigns to that type of infection, it refers to a blacklisted domain used in your site’s code.
If you click on the details and is says 31wp.org then you would need to look for script references in your site’s HTML that point to 31wp.org. Sucuri has labeled the jquery.js URL at that domain as a malicious threat but that URL does not seem to be working any more anyway so I think your site will be ok. Just just the page content for script tags and make sure your theme does not refer to 31wp.org in the header.php or footer.php files.
Sorry but I did not get your email.
The MW:BLK:2 label that you first asked me about refers to a blacklisted domain which is used in your Newspaper theme’s header and footer to load remote scripts from fastestwaytocome.com.
These external scripts were probably hacked to redirect traffic to those other sites.
First check the origin install files for that theme that you downloaded from their site to see if those script references were injected into your copy or if there were an intentional part or the theme’s design. Then remove those scripts from the header and footer to see if that stop the redirects.
Also, please send me a copy of those infected header and footer files. You can email me directly:
eli AT gotmls DOT net
This sounds like it could be a direct SQL injection. the hacker might have access to alter your database without having access to your servers filesystem. You can try changing your DB_PASSWORD and updating your wp-config.php file to match the new password in the hopes that the hackers cannot get back in but if they have root access to your DB server then you would need to move to a more secure host (unless your current hosting provider can make you DB more secure on their server).
That is not a link to a malware definition, that is just a generic label that sucuri assigns to that type of infection.
Can you please give me some information that will enable me to help you with this issue (infected URL, link to sucuri scan results, or you installation key for this domain)? Feel free to contact me directly if you do not want to post this on my public forum.
Thanks for the suggestions. I do have those ideas in my mind to incorporate into a future release but there or other more pressing updates that I am currently working on right now.
In the mean time, maybe I can help you figure out why it’s taking so long to scan your site, it should never take 5 hours to scan a site unless there is something wrong on your server. Are there any folders that the scan seems to be spending a lot of time in or does the scan seem to freeze up on any particular folders?
Can you send me a screenshot of the scan process while it is part way through a scan?
The version of this file that I just downloaded from the WordPress Plugin Repository is clean and my plugin does not flag it as a threat, so if it is marked as a Known Threat on your site then it may have actually become infected. Please send me the version of this file that you have so that I can check it for you.
That error seems to be pointing to W3TC (the caching plugin) have you tried disabling caching and deactivating W3TC?
There could also possibly be some malicious script that is pretending to be W3TC but it would not be on a fresh new installation of WordPress unless your whole server is compromised. How many sites do you have on this server and are they all installed in subdirectories under a main/parent site?
It must be hitting a PHP memory_limit while trying to index those files. You could try increasing the memory_limit value in the php.ini file on your server. If that does not work then maybe you could find another way to organize those files or purge all the older files if you don’t need them.
Yes, the first issue with the html-bulk-edit-product.php is resolved.
Thomas,
I am not sure why the ukd_designer/uploads directory could not be scanned on your server. I suppose it is possible that the files in that folder might not be able to be indexed if there are more than 65,535 of them but otherwise it should scan it. Please try the scan again and let me know if it still gives you the read/write error.
My plugin did find and fix known threats on your site and quttera says it’s clean too now.
Thanks for reporting this bug. I did have an error and one of my new virus definitions that was causing it to find false positives in core files but this error was resolved this morning and a new definition update was released to fix the problem. Please let me know if you have any further issues of this kind and I will look into it right away. Thanks again for bringing this to my attention.
Thanks again. I have added this new file to the definition update. Thanks too for the suggestions, I am also working on improvements and appreciate any and all feedback.
I removed the malicious code that you posted here because of all the malicious links in it. Plus, it was reformatted for the forum and missing the PHP brackets and other content that was in that file so it was not very useful to me. I could tell that it was very like the code I would have expected in your functions.php file and that is already in my definitions so I am not sure why it was not found on your system. It would help me if you could email me that infected file directly so that I can check it and update my definitions if needed.
Just check the box Automatic Updates and then click Save and the Core Files definitions will be automatically installed.
Thanks for the file. This was a new variation of an old threat so I fixed the definition to match this variant and released a new definition update.
Please let me know if you find any more that I missed 
