Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Wordpress Site Malware Hacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Wordpress Site Malware Hacked

Unread postby miloflembo » August 25th, 2011, 9:02 am

Hi Guys, the other night my Wordpress site was hacked and google placed a warning on the site about Malware troubles. I dont have much experience in this field of getting rid of malwares.

I have spoken to my host and they have tried to restore from backups but the problem persists. What is there to do now on removing the problems.

I have copied over what the exploit scanner has told me on my wordpress dashboard.

bhadmin/wp-app.php:1457
Used by malicious scripts to decode previously obscured data/programs explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION']
bhadmin/wp-app.php:1462
Used by malicious scripts to decode previously obscured data/programs explode(':', base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'
bhadmin/wp-includes/class-IXR.php:303
Used by malicious scripts to decode previously obscured data/programs $value = base64_decode($this->_currentTagContents);
bhadmin/wp-includes/functions.php:190
Often used to execute malicious code if ( doubleval($bytes) >= $mag )
bhadmin/wp-includes/class-snoopy.php:678
Often used to execute malicious code // I didn't use preg eval (//e) since that is only available in PHP 4.0.
bhadmin/wp-includes/js/tw-sack.js:1
Often used to execute malicious code .argumentSeparator)}};this.runResponse=function(){eval(this.response)};this.runAJAX=function(urlstring
bhadmin/wp-includes/js/scriptaculous/unittest.js:476
Often used to execute malicious code eval('with(this){'+test+'}');
bhadmin/wp-includes/js/scriptaculous/controls.js:786
Often used to execute malicious code this._collection = eval(js);
bhadmin/wp-includes/js/json2.js:1
Often used to execute malicious code .replace(/(?:^|:|,)(?:\s*\[)+/g,""))){j=eval("("+text+")");return typeof
bhadmin/wp-includes/js/prototype.js:495
Often used to execute malicious code is.extractScripts().map(function(script) { return eval(script) });
bhadmin/wp-includes/js/prototype.js:599
Often used to execute malicious code if (!sanitize || json.isJSON()) return eval('(' + json + ')');
bhadmin/wp-includes/js/prototype.js:1533
Often used to execute malicious code return eval((this.transport.responseText || '').u
bhadmin/wp-includes/js/prototype.js:3257
Often used to execute malicious code eval(this.matcher.join('\n'));
bhadmin/wp-includes/js/tinymce/tiny_mce.js:1
Often used to execute malicious code eturn""+e},parse:function(s){try{return eval("("+s+")")}catch(ex){}}});t
bhadmin/wp-includes/js/tinymce/plugins/wpdialogs/js/popup.js:1
Often used to execute malicious code cuteOnLoad:function(s){this.onInit.add(function(){eval(s)})},storeSelection:function(){this.editor.win
bhadmin/wp-includes/js/tinymce/plugins/wpdialogs/js/popup.dev.js:152
Often used to execute malicious code eval(s);

And there are many more problems involved. It says the malwares are in alot of the "eval" codes you see on these lines above and also in a few others. Im not sure if you guys can help with wordpress but i have google searched everywhere and Im beginning to get very worried. Any ideas or wisdom you could offer me?

My site is www.theblumile.com (sorry shoulda put that first)
Miles
miloflembo
Active Member
 
Posts: 1
Joined: August 25th, 2011, 8:58 am
Advertisement
Register to Remove

Re: Wordpress Site Malware Hacked

Unread postby deltalima » August 25th, 2011, 1:34 pm

Hi miloflembo,

Im not sure if you guys can help with wordpress


The forum is dedicated to the removal of Malware from personal computers and so we cannot work on server issues.

I'm sorry we can't help further.

This topic will now be closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware