Solved

Malware detected on my site - screenshot attached. zg3owjjnzqwn.ghara.pw

Posted on 2014-04-29
6
271 Views
Last Modified: 2014-05-01
I have a Wordpress site that is now showing I have Malware.  Any ideas on how to fix this?

Content from zg3owjjnzqwn.ghara.pw, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.
0
Comment
Question by:livewirewebsolutions
  • 3
  • 2
6 Comments
 

Author Comment

by:livewirewebsolutions
ID: 40030327
here is the screenshot.
0
 

Author Comment

by:livewirewebsolutions
ID: 40030329
oops, here is the screenshot now.
Screenshot-2014-04-29-14.25.56.png
0
 
LVL 70

Accepted Solution

by:
Jason C. Levine earned 500 total points
ID: 40030386
Read my article for more information:

http://www.experts-exchange.com/Web_Development/Blogs/WordPress/A_10806-Recovering-From-and-Preventing-WordPress-Site-Hacks.html

In this case, I would pay for Sucuri or Stop The Hacker to come in and fix the malware and also scan your site for vulnerabilities.
0
ScreenConnect 6.0 Free Trial

Explore all the enhancements in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI, app configurations and chat acknowledgement to improve customer engagement!

 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40030551
You're in good hands with Jason.  I would only add that most WP malware arrives because of vulnerabilities in plugins or similar add-on code.  So check to make sure everything you're adding to the base WP package is up to date and approved by WP!
0
 

Author Comment

by:livewirewebsolutions
ID: 40030715
everything is up to date.  My host company said that a file called wp.php was infected.  They removed the file.  See comments below.

Maldet scan:
--
cP/vz31-md/2109 root@162.211.82.64 [/home/joyce/public_html]# maldet --scan-all .
maldet(10490): {scan} scan completed on .: files 26699, malware hits 0, cleaned hits 0
--

ClamScan:
--
cP/vz31-md/2109 root@162.211.82.64 [/home/joyce/public_html]# clamscan -ir *
wp.php: PHP.Webshell-2 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 2992278
Engine version: 0.97.8
Scanned directories: 751
Scanned files: 26666
Infected files: 1
Data scanned: 568.83 MB
Data read: 463.17 MB (ratio 1.23:1)
Time: 94.942 sec (1 m 34 s)
--

wp.php: PHP.Webshell-2 FOUND << Is showing as an infected file.

I've moved that file and removed it's permissions:
--
cP/vz31-md/2109 root@162.211.82.64 [/home/joyce/public_html]# mv wp.php /root/support/busted/

What do I do now and how do I inform Google that it's been removed?
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 40030727
You removed a symptom, not the infection. Wp.php is not a core WordPress file so the attackers will be able to exploit you again. This is why you need a specialist to evaluate your site and ISP to figure out how this is happening.  

If you don't take those steps, you are just going to get hacked over and over again.

To remove any Google actions, log in to Webmaster Tools.  You will be able to request a removal from there.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The purpose of this video is to demonstrate how to exclude a particular blog category from the main blog page. This is can be used when a category already has its own tab, or you simply want certain types of posts not to show up on the main blog. …
The purpose of this video is to demonstrate how to update a WordPress Site’s version. WordPress releases new versions of its software frequently and it is important to update frequently in order to keep your site secure, and to get new WordPress…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question