Javascript infection Wordpress - http://jvslink.com/jv

Viruses and worms
1

Hello,

Avast displays an alert when visitors go on one page of my website.
This javascript code is probably the bad one :

I don’t know where and how it came in my website. When I reinstall Wordpress, the script is not present anymore but a few hours later, it’s BACK !!

What should I do ?

Thanks !

2

See this malicious Iframe link: hxtp://fukipolet.tkbio.com.ar/repportage/jtraysp/runconsciouslyi.php
There was an unexpected error when trying to retrieve the response

polonus

3

Now, for the same “infection”, avast displays an other error : HTML:Script-inf.

What should I do to remove this ?

Thank you!

4

Here is the content of the Iframe :

document.write((“

5
How to Remove the Malware Here are some steps that may help you clean up your WordPress installation after a hack attack that resulted in malware being injected into your installation. Change all your passwords (including FTP, cpanel/plesk access passwords immediately). You should also overwrite the secret inside the wp-config.php file ( http://codex.wordpress.org/FAQ_My_site_was_hacked ) Backup your website. Most hosting companies will keep daily backups so you may not have to do anything. Just make sure that there is a backup copy (as recent as possible) available. For sites hosted on services like Rackspace, you can create instand snapshots of your VPS. Check .htaccess file for compromise (more information here) Check if your database is compromised with malicious scripts and iframes. The following SQL code will help to mine out posts that are in the WP install. ```

1
SELECT * FROM your-table-name WHERE your-table-field-or-column LIKE ‘%<iframe%’


You should you-table-name to whatever the names of the tables are in your database and the columns appropriately and then you can see if any injections are there in the database or not. You can then drop the entry you want.
Download the latest version of WordPress here and update your install.
Make sure the third party plugins/themes you use have good reputation.</blockquote> (quote info StopTheHacker)

polonus
6

Nameserver Domain Result: Blacklisted in multiple real-time domain blocklists.

There are also DNS issues: Link to test with errors:
http://dnscheck.sidn.nl/?time=1404130693&id=1757893&view=basic&test=standard

Name server ns1.forhst.com
Reverse address for 77.66.47.228 (228.47.66.77.in-addr.arpa.) not found.
Nameserver ns1.forhst.com (77.66.47.228) does not respond to queries via TCP.
Name server ns2.forhst.com
Reverse address for 77.66.47.228 (228.47.66.77.in-addr.arpa.) not found.
Nameserver ns2.forhst.com (77.66.47.228) does not respons to queries via TCP.

polonus