Wordpress Malware Livestatsnet.services help removing
One of our sites was infected with LIVESTATSNET.SERVICES when anything was clicked on the site it would open another browser tab going to http://iyfsearch.com/?dn=livestatsnet.services&pid=9PO755G95
I am still tiring to get rid of all of it but this may help.
1. Verify your ftp credentials and download an ftp client. I recommend filezilla client
2. Verify that you have access to your database file and can edit it
3. Find and install ASTROGREP
This program will let you search the contents of files for strings of text
4. Create a folder then use your ftp client to download your wordpress folder to it…
5. Use astrogrep to search for the text livestatsnet it will be contained in code
in quite a few files mostly .js (java script files)
This is the Source you will see
6. Now that you know where the malicious code is open filezilla client and edit the files found by astrogrep delete the code including. You can use note pad or Free JavaScript Editor.
The source code may look like this
7. When all done, open your browser and browse your site…
refresh… and browse again…
if still there
8. If problem still persists… you may have a few complications…
1. you may not be able to see all the files in your ftp client so you may have to use your online editor given to you by your host provider
2. not all the editing might have been applied… which means use your online editor supplied by your host provider to verify the changes
9. If all is good… Now its time to make a few changes…
1. in your wordpress installation set your folder permissions recursively to 755 via ftp clinet
2. in your wordpress installation set your file permissions recursively to 644
3. change all your admin user passwords
4. delete user accounts or change user accounts passwords
10. If that didn’t do it… its probably in your database as well… backup your db… do a search for livestatsnet in your db… and delete it wherever you see it… if you mess up… just restore the db
0 comments:
Post a Comment