My website has become taken over by a virus that injects malicious javascript code into the index page causing a redirect to http://reddii.ru/traffic/sploit1/ and sometimes causing a redirect to a PDF file on http://reddii.ru/traffic/sploit1/.
Here is the code the virus keeps injecting:
I use wordpress. I just wanted to find out if anyone else has had this problem and what to do to stop the virus from keep injecting itself into my index file.
Hi sXi
I am crazy?? I am doing all I can to get my site back to normal and you call me crazy?
That’s right.
It is a direct copy/pasta from a discussion that concerned aspx sql injection, not WP.
That function is incomplete, and if you were the unsuspecting victim you’re attempting to portray yourself as you would have posted it in it’s entirety. Here are the following 2 dozens chars from the original - 2E7374617475733D27446F6E - and they’re proceeded by alot more.
The exact same post has been circulated in 4 different languages - verbatim - over the past couple of weeks, albeit by very few people for (IMHO) no other reasons than to:
Lure unsuspecting web users to follow the reddii link and inadvertently download the quite real and very infected PDF file that the site contains, and…
In an attempt to increase reddii’s Alexa rank.
I’m sure an admin will remove the links as soon as they see them.
Maximum Cash Discount on any plan with MAXCASH
Let me reply to you systematically:
Yes, I did a copy paste from the discussion because I have the exact problem. Also the java script which keeps on injecting itself in my index.php file is the same. The only difference being - I use WP.
I’ve no idea what you are talking about.
The same post has been criculated? I would not know that.
You’re saying I am trying to lure people to this virus which has caused me so many problems? Mate, don’t come to conclusions too soon.
Why on earth would I want to increase reddii’s ranking. If I could, I would put it in a rocket and send it forever to the Moon.
Please don’t take part in this discussion if you can not help.
The function you posted is incomplete - it would fail.
If you require help just post your own website address, version of WP involved, list of plugins/changes made recently, along with an explanation of what is occuring on your PHP based site.
You might be annoyed, but a copy/pasta from an aspx injection thread isn’t the same problem, and posting 2 direct links to a virus can only be detrimental to everyone.
If you’re averse to posting your website address, then what you need to determine first is WP version number and what (if anything) you’ve changed recently. Make a complete backup of your database as it may require cleaning and then check your user root and domain root for any files that appear out of place (such as something.txt or test.php, etc.) Don’t forget to check for .hidden files too.
Maximum Cash Discount on any plan with MAXCASH