Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Z
Z
Zkirsanov2017-04-27 11:52:44
Malware
Zkirsanov, 2017-04-27 11:52:44

Can't find "virus" in Wordpress, what's the plan?

Good afternoon!
There is a caching plugin. It creates a cached page, but pulls up a line with external links to it. There were 4 links in total. 2 of them I killed (were encoded in base64). There are 2 more left. I found in the database that they are formed by an SQL query:

Request
SELECT * FROM `information_schema`.`PROCESSLIST` WHERE (CONVERT(`ID` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`USER` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`HOST` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`DB` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`COMMAND` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`TIME` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`STATE` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`INFO` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`TIME_MS` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`ROWS_SENT` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`ROWS_EXAMINED` USING utf8) LIKE '%dlandroid24%' OR CONVERT(`TID` USING utf8) LIKE '%dlandroid24%')

Server: localhost » Database: information_schema » View: PROCESSLIST
Appears in the cached page.
<div style="display:none"><a href="http://dlwordpress.com/">Free WordPress Themes</a>, <a href="https://dlandroid24.com/">Free Android Games</a>

And there are 2 such lines, for 2 external links. I was prompted to find a file with permissions 777, but I xs how to look for it. I started learning php, mysql, etc., and I want to figure it out and fix it myself. But I can not.
Tell me where to dig? For example here:
http://5best.rf

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
Sanes, 2017-04-27
@Sanes

Try to check with antivirus. For example AI-bolit

Report
S
SunHere, 2017-06-08
@SunHere

Let's just say that it's not even a virus, but a harmless insertion of your link from distributors of free templates (you know where free cheese happens). Antivirus may not even see this.
I would advise you to carefully study the theme files, especially footer.php
If it does not work out, then you need to carefully study everything. https://kwork.ru/configuration/8190/udalyu-levie-v... - you can use the services to remove such wickedness

Similar questions
A
Anatoly Gulyaev2015-03-09 04:26:14
How to safely download files from an infected laptop? 5Reply
R
Roman Belinsky2015-03-14 22:47:21
The topic of the coursework is to write a Trojan to track a user in VK? 4Reply
D
denis26012017-03-23 12:57:36
Viruses on the site, redirect files, can't find the source? 1Reply
A
Anton2015-03-30 14:02:43
Site infection, what to do next? 3Reply
R
Runis2017-04-02 16:34:57
Is the Windows folder in ProgramData a virus? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question