Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • January 13, 2016 at 9:45 am #82769
    Adam
    Participant

    I got an email last October from my service provider indicating that I have 8 files with malicious software and I should contact Site Lock to have them removed. There were some negative comments about Site Lock on the web so I didn’t take the email seriously but I discovered very recently that if you do a Google search and my site comes up, there is a message saying it may have been hacked. I went into webmaster tools and looked at the Security tab and it said I had no issues. I contacted my service provider who reiterated that the following 8 files are infected (same ones as in their October email) and they seem to want me to delete them. I list the files below 2 of which are Catchbox files. Any suggestions on how I should proceed? I’m concerned that Catchbox may not work if I start deleting files. My web skills are limited. I wrote the site in WordPress and can do basic stuff but nothing more. I got expert assistance to add some bells and whistles.

    /public_html/wp-includes/images/smilies/themes.php: {HEX}php.cmdshell.unclassed.344.UNOFFICIAL FOUND
    /public_html/wp-includes/images/wlw/credits.php: JCDEF.PHP.CMDSHELL-01.UNOFFICIAL FOUND
    /public_html/wp-includes/images/wlw/gettext.pl: {HEX}PHP.C99-7.UNOFFICIAL FOUND
    /public_html/wp-includes/images/wlw/widgets.php: SiteLock-PHP-SHELL-md5-djx.UNOFFICIAL FOUND
    /public_html/wp-content/themes/catch-box-pro/functions.php: LONGDEF.PHP.Spam-Links-009N.UNOFFICIAL FOUND
    /public_html/wp-content/themes/catch-box-pro/colors/css.php: JCDEF.PHP.CMDSHELL-01.UNOFFICIAL FOUND
    /public_html/wp-content/themes/twentyfourteen/genericons/font/sidebar.pl: {HEX}PHP.C99-7.UNOFFICIAL FOUND
    /public_html/wp-content/plugins/contact-form-7/includes/second.php: SiteLock-PHP-SHELL-md5-djx.UNOFFICIAL FOUND

    Adam

    January 13, 2016 at 11:59 am #82781
    Mahesh
    Participant

    Hi @Adam,

    It seems your site has been hacked. Please completely reinstall the WordPress, themes and plugins.
    As mentioned above in the infected files list, the theme doesn’t have the file called css.php and function.php may be compromised too.

    Let me know if re-installation fixes your issue.

    Regards,
    Mahesh

    February 2, 2016 at 4:47 pm #84436
    Sakin
    Keymaster

    @aplackettsympatico-ca: Hi Adam,

    Hacked site is really hard to recover. So, you need to be very careful about your site WordPress Core, Plugins and Theme updates. Update it as soon as you get it so that you don’t get hacked.

    You might want to check with your server and also check this article that I wrote http://sakinshrestha.com/wordpress/fix-if-your-wordpress-site-is-hacked/

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • The topic ‘Remove Malicious Code in Catchbox Pro Files’ is closed to new replies.