WP 2.6 blog infected by trojan

  • I recently upgraded my WP 2.4 installation to version 2.6, hoping to get rid of some malicious code which seems to be infected somewhere. The blog is here:

    www2.skiforeningen.no

    (Please do not try unless your PC is properly proteced by virus protection!)

    But refer for instance to the diagnostics given by Google safebrowsing:

    https://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=https://www2.skiforeningen.no/

    An HTTP connection to 61.155.8.157 is opened by the browser, and my problem is that I can not find out where this happens.

    Here is what I did upgrading from 2.4 to 2.6:

    First – following upgrade suggestions and deleted wp-admin and wp-includes, unzipped the fresh code but kept the wp-content with themes and plugins. As the trojan was still there afterwards, I also tried to delete wp-content and replaced it with wp-content from the tar file. The trojan is still here.

    I have tried to search the entire wordpress directory structure for the text “61.155.8.157”, but no results.

    Any tips will be appreciated helping me to get rid of the trojan. Maybe someone has been struck by this trojan previously?

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘WP 2.6 blog infected by trojan’ is closed to new replies.

Tags