swachhsite

To know the root cause for the website error you need to check the file /wp-includes/functions.php . Check if you could see any injected code in the file. If the file is clean try replacing the wp-includes directory with the default wp-includes one( from www.remarpro.com), this will fix the issue. What is your website name. Are you able to login to the wp-admin?

It definitely looks malicious, in which theme did you trace it.Hackers target funtions.php, header and index mostly to display their spam contents on the site.

Not sure about the email id you need to send it to. Did you trace this malicious js script in you files. Check for the script under theme index, funtions.php and header.php files. Search for keyword ‘ viagra’ among all your website files. Is it effecting the website in anyway like redirection?

If you are unable to delete, change the perimission via cpanel or ftp, then contact your hosting service provider and request to delete the same. They wil be able to do it from their end. Also, check if there is any malware file outside root directory.

The source page for website looks fine, try switching to different theme and see if the issue persists. Didn’t your hosting service provider give any malware files scan list?

Since you are mentioning that unwanted files are being uploaded, its better to check for upload script in the website files. Even if hacker is using shell, he needs to have upload script with “multipart/form-data” used for php files. So search your files for the keyword “multipart/form-data”. if you get any hits, check and compare if its malicious.

If you find any .php files under wp-content/uploads/ then its probably malware, so check and remove them.

Also, I would suggest you to change the database, hosting passwords soon.

Thank You!

The js code you pasted looks genuine, however it looks like complete code was not copied. Mostly the malicious script will be injected at the top or end of the file in case of .js file. Since there was no malicious script at the top, I guess it was at the end. Glad to know that the issue is fixed.

If the malware script doesn’t show up in the website source page or if its not a known malware pattern then it may take time to update and then to be detected by the website malware scanners. Thanks for sharing the pattern, we can learn and search in our website files.

Your website source page looks clean. However, your website has been flagged ‘hacked’ in Google search result. You need to resubmit the website for Google verification and indexing.

[ Signature moderated ]

It looks like you have recurring malware issue. Checked the link you have provided, the harmful js script are found under theme header file (wp-content/themes/theme_name/header.php). This type of js script hosts a malicious url which is blacklisted by Google. Since the link keeps appearing in the website file, there may be other malicious script or file among your website files which is injecting this js script into the header files. You can use any rated security plugin like Wordfence to know more about malicious file. If it doesn’t help then you may need to contact vendor who can manually check and fix the site.

[ Signature moderated ]