Suspicious script running in woocommerce

  • Resolved Zak

    (@muhammadzak)


    5 years, 1 month ago

    after install woocommerce i noticed this suspicious script running onlinekey.biz/1f9f5ee62aefca3cb1.js when i disable Woocommerce it disappear.

    I deleted woocommerce files in my Wp-content files and replaced it with a fresh New Woocommerce files From the latest version that is release and i noticed that the script still there running!
    Is it a safe script or what is that?

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

  • Suspicious. Looks like Adware. See:
    https://forums.malwarebytes.com/topic/249608-onlinekeybiz-in-chrome/
    https://adware.guru/how-remove-onlinekey-biz/
    and several others.

    Not part of WooCommerce.

    Thread Starter Zak

    (@muhammadzak)

    but its only shown up in page source when woocommerce is enabled.. so that its connected to woocommerce plugin

    If you download a fresh WooCommerce plugin zip onto your hard drive and search it you won’t find this code.

    It may be coming from your theme or one of you plugins which is only injecting the script if WooCommerce is active. I should temporarily deactivate all plugins except WooCommerce and switch to a default theme. Do you see the onlinekey.biz script now? If not, reactivate theme and plugins one by one and check to try to identify where its coming from. When you know that, you can ask the relevant software supplier whether its supposed to be there. I don’t think it is.

    The net tells us that OnlineKey.biz is some kind of redirect virus which sends users to unsavoury or unwanted websites to promote products and services that you’d rather not. You may find it only works on certain browsers and operating systems which is why you may not notice its presence, though some of your customers might.

    Leave this thread a day or so and see if anyone comes in with a different view.

    Plugin Support RK a11n

    (@riaanknoetze)

    @lorro is correct – it’s not part of the core WooCommerce plugin ??. It might only activate when WooCommerce is active but it’s not coming from WooCommerce. It might also be worthwhile installing WordFence as it does a scan of your site and matches up the code on your site with the code hosted on the WordPress plugin repository – if there’s a mismatch, it’ll flag that immediately.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Suspicious script running in woocommerce’ is closed to new replies.