Solved

Malware detected on my site - screenshot attached. zg3owjjnzqwn.ghara.pw

Posted on 2014-04-29
6
274 Views
Last Modified: 2014-05-01
I have a Wordpress site that is now showing I have Malware.  Any ideas on how to fix this?

Content from zg3owjjnzqwn.ghara.pw, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.
0
Comment
Question by:livewirewebsolutions
  • 3
  • 2
6 Comments
 

Author Comment

by:livewirewebsolutions
ID: 40030327
here is the screenshot.
0
 

Author Comment

by:livewirewebsolutions
ID: 40030329
oops, here is the screenshot now.
Screenshot-2014-04-29-14.25.56.png
0
 
LVL 70

Accepted Solution

by:
Jason C. Levine earned 500 total points
ID: 40030386
Read my article for more information:

http://www.experts-exchange.com/Web_Development/Blogs/WordPress/A_10806-Recovering-From-and-Preventing-WordPress-Site-Hacks.html

In this case, I would pay for Sucuri or Stop The Hacker to come in and fix the malware and also scan your site for vulnerabilities.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 110

Expert Comment

by:Ray Paseur
ID: 40030551
You're in good hands with Jason.  I would only add that most WP malware arrives because of vulnerabilities in plugins or similar add-on code.  So check to make sure everything you're adding to the base WP package is up to date and approved by WP!
0
 

Author Comment

by:livewirewebsolutions
ID: 40030715
everything is up to date.  My host company said that a file called wp.php was infected.  They removed the file.  See comments below.

Maldet scan:
--
cP/vz31-md/2109 root@162.211.82.64 [/home/joyce/public_html]# maldet --scan-all .
maldet(10490): {scan} scan completed on .: files 26699, malware hits 0, cleaned hits 0
--

ClamScan:
--
cP/vz31-md/2109 root@162.211.82.64 [/home/joyce/public_html]# clamscan -ir *
wp.php: PHP.Webshell-2 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 2992278
Engine version: 0.97.8
Scanned directories: 751
Scanned files: 26666
Infected files: 1
Data scanned: 568.83 MB
Data read: 463.17 MB (ratio 1.23:1)
Time: 94.942 sec (1 m 34 s)
--

wp.php: PHP.Webshell-2 FOUND << Is showing as an infected file.

I've moved that file and removed it's permissions:
--
cP/vz31-md/2109 root@162.211.82.64 [/home/joyce/public_html]# mv wp.php /root/support/busted/

What do I do now and how do I inform Google that it's been removed?
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 40030727
You removed a symptom, not the infection. Wp.php is not a core WordPress file so the attackers will be able to exploit you again. This is why you need a specialist to evaluate your site and ISP to figure out how this is happening.  

If you don't take those steps, you are just going to get hacked over and over again.

To remove any Google actions, log in to Webmaster Tools.  You will be able to request a removal from there.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
The purpose of this video is to demonstrate how to exclude a particular blog category from the main blog page. This is can be used when a category already has its own tab, or you simply want certain types of posts not to show up on the main blog. …
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question