I get Avast warnings about JS:Small-C on two Wordpress blogs I set up for someone else, and which, of course, they’ve not updated WP versions in almost a year. I am trying to help them solve the issue.
In a previous thread on this topic, Mentalist suggested a way to delete the malicious code, but I could not make it work.
I went into the header.php folders both via C-Panel/File Manager AND with my FTP client (I use Core FTP Lite)…
I found the following code, as suggested by mentalist:
<?php wp_head(); ?>
However, I cannot find ANY indication of the malicious code whether I access via either FTP or C-panel:
document.write(unescape('%3C%7 --- and etc
Help!
FYI, both blogs use a custom template created with Artiseer, if that is relevant. The blog sites are at:
hxxp://drpeelittle.com
hxxp://dancingfrogranch.com
Any suggestions MUCH appreciated!
Malcolm
This would appear to be a hacked site as a result of an exploit of a vulnerability in old versions of wordpress. Ensure that you have the latest version of any content management software. It also looks like the favicon.ico file and possibly any custom 404 error page may also have been hacked.
The obfuscated script you mention is almost certainly what is being alerted on.
In both your cases obfuscated script in the HTML page transferred to end user is located immediately between tags and . So it is worth to check both code generating and sections.