Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malware/malicious code

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

malware/malicious code

Unread postby Tooga » January 22nd, 2020, 8:49 am

Good day,
Three days ago, when I wanted to access the dashboard of my wordpress website and I entered "holidays-xyz.com/wp-admin/" to access the login page, I got the following error:

This site can’t be reachedholiday-xyz.com’s server IP address could not be found.
Search Google for holiday xyz admin
ERR_NAME_NOT_RESOLVED


I contacted my webhosting provider "inmotionhosting.com " and they made a shell scan. I now received an email with the results as follows:
(see below the email copy)

"Good day Jose,

Thank you for your patience as the scan completed. I'm happy to be able to assist you today.

Unfortunately, the scan did identify some malware/malicious code. The file found in the scan is as follows:

/home/gotooga1/public_html/tele-tooga.com/public_html/wp-content/plugins/wppas/templates/js/ace/mode-php


I recommend reviewing this with your developer or a security specialist. This link to our Support Center article may also assist you:

http://www.inmotionhosting.com/support/ ... rom-a-hack

If you'd like, we can quarantine this file for you, however, we are unaware of how the site will function without this file being accessible, just let us know, if you'd like to pursue that option. Although, if you have a known, clean cPanel backup, then you can upload that to the server and then we will be able to assist you with restoring that backup.


Please let us know if you have any further questions; we are more than happy to help.

Best Regards,
Forrest Ro.

InMotion Hosting
888-321-HOST (4678) Available 24/7
https://www.inmotionhosting.com"


As per the above email, the file found on the scan "/home/gotooga1/public_html/tele-tooga.com/public_html/wp-content/plugins/wppas/templates/js/ace/mode-php " , is very,very long, but just at the begining of it has a line of code {return{token:"comment.doc.tag.storage.type",regex:"\\b(?:TODO|FIXME|XXX|HACK)\\b"} , which looks suspicious(but I do not understand anything about hacking) - Below see it

"ace.define("ace/mode/doc_comment_highlight_rules",["require","exports","module","ace/lib/oop","ace/mode/text_highlight_rules"],function(e,t,n){"use strict";var r=e("../lib/oop"),i=e("./text_highlight_rules").TextHighlightRules,s=function(){this.$rules={start:[{token:"comment.doc.tag",regex:"@[\\w\\d_]+"},s.getTagRule(),{defaultToken:"comment.doc",caseInsensitive:!0}]}};r.inherits(s,i),s.getTagRule=function(e){return{token:"comment.doc.tag.storage.type",regex:"\\b(?:TODO|FIXME|XXX|HACK)\\b"}},s.getStartRule=function(e){return{token:"comment.doc",regex:"\\/\\*(?=\\*)",next:e}},s.getEndRule=function(e){return{token:"comment.doc",regex:"\\*\\/",next:e}},t.DocCommentHighlightRules=s}),ace.define("ace/mode/css_highlight_rules",["require","exports","module","ace/lib/oop","ace/lib/lang","ace/mode/text_highlight_rules"],function(e,t,n){"use strict";var r=e("../lib/oop"),i=e("../lib/lang"),s=e("./text_highlight_rules").TextHighlightRules,o= "

I will appreciate your help in solving the issue


Jose Fernandes
P:S: As a matter of interest:
The website "holidays-xyz.com"(where i can not access the wp-admin page) is hosted with a vps2000 , where I also have other websites. of which one of them is "tele-tooga.com(where the file "mode-php " is located. ???????
You do not have the required permissions to view the files attached to this post.
Tooga
Active Member
 
Posts: 1
Joined: January 22nd, 2020, 7:42 am
Advertisement
Register to Remove

Re: malware/malicious code

Unread postby mAL_rEm018 » January 22nd, 2020, 1:31 pm

Website Security / Infections

Unfortunately our forum does not handle these type of problems.

May I draw your attention to ALL USERS OF THIS FORUM MUST READ THIS FIRST topic, which you should have read before posting for help.

The section here, explains why we do not offer help for such problems.

You may find the following resources to be helpful ...

... other than that, we're sorry, but we can not offer you any further assistance with this matter.

This topic is now closed.
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2312
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 87 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware