udayjoshi101292

Same issue like everyone. WE HAVE NOT INSTALLED THIS PLUGIN but automatically getting installed > activated and malware script getting added now and then. More than 20 websites are affected due to this injection.

It redirects to other site for 1st time and sets cookie on 3rd party domain so we can’t reproduce this issue on the same day even after clearing cookies.

Change the URL directly in the database at 2 places in wp_options Table.

Step 1. Login to phpMyAdmin of xyz.com.
Step 2. Click the link to your Databases.
Step 3. All the tables in your database will appear on the screen.
Step 4. From the list, look for wp_options.
Click on the small icon indicated as Browse.
Step 5. A screen will open with a list of the fields within the wp_options table.
Step 6. Under the field option_name, scroll down and look for siteurl. it will be abc.com
Click the Edit Field icon which usually is found at the far left at the beginning of the row.
Step 7. In the input box for option_value, carefully change the URL information to the new address. i.e Make it xyz.com in your case.
Step 8. Verify this is correct and click Go to save the information.
Step 9. Look for the home field in the table and click Edit Field.