Hi,
My wordpress french blog (http://blog-mincir.com/blog)
gives me unstoppable alert message from avast…
http://editions-lg.com/TcGt/AvastAlert.jpg
I have made the update of my wordpress version but
problem is still there.
What should I do to fix the problem ?
Thanks in advance for your helps and to use easy
words (my english sucks). 
Regards
Ludovic
INFECTED - blog-mincir.com/blog - see attached screen shot (click to enlarge)
Malware entry: MW:JS:2368 - http://sucuri.net/malware/malware-entry-mwjs2368
malware found here: blog-mincir.com/wp-content/themes/landing-page-robot/js/jquery.js
VirusTotal - jquery.js - 4/44
http://www.virustotal.com/file-scan/report.html?id=5ecfbc2214e9159d9d8309bf4700935334d8a3c7408f7db999a20d8f2a439377-1315484131
Ok thanks but… what should I do ?
I am a total beginner in such problems.
Thanks to tell me step by step what to do.
Ludovic
Something is trying to connect to that IP address 91.196.216.20 which happens to be in Russia, so I don’t know if that is intentional, image1.
See http://www.mywot.com/en/scorecard/91.196.216.20 and http://blog.sucuri.net/2011/08/wordpress-sites-hacked-with-superpuperdomain2-com.html, this one is in relation to a number of wordpress sites being hacked because of the timthumb theme I believe. So you site might be one.
I also get another alert coming from jquery.js (a javascript that creates an iframe), image2. Though I’m not sure on this one as I have seen this jquery.js file detected elsewhere and it is meant to be a common javascript query file, but that doesn’t stop it being hacked.
Hi ludovic,
There is some issue with the Wordpress theme here: http://www.blog-mincir.com/wp-content/themes/landing-page-robot/
Wordpress internal path: /home/ludovicg/public_html/blog-mincir/wp-content/themes/landing-page-robot/index.php (that was and is exploitable) via
the following iFrame hack that was performed:
http://blog.unmaskparasites.com/2009/04/29/another-type-of-iframe-hack-php-exploit/
Your website seems now cleansed, and has been given the all clean by Sucuri.
Also been given clean here: http://siteinspector.comodo.com/public/reports/317897
And here: http://wepawet.iseclab.org/view.php?
hash=1b90191c0a38178dd3d9fa6fc2d4101d&t=1315485883&type=js
and here: http://www.google.com/safebrowsing/diagnostic?site=www.blog-mincir.com/blog
Did you cleanse, then back-up and finally update your Wordpress software?
Then stay safe and secure, which is the wish of,
polonus
Your website seems now cleansed, and has been given the all clean by Sucuri.Strange......i still get infected when scanning ;)....ehrm...one more scan and it is clean ???
Information for Website Owners http://stopbadware.org/home/webmasters
Tips for Cleaning & Securing Your Website http://www.stopbadware.org/home/security
Protect your interwebs with Sucuri http://sucuri.net/signup - http://sucuri.net/
Hi,
I just remplace the infected jquery.js
file with which one a received when I
installed at the beginning. ;D
Really thanks for your help.
Regards
Ludovic
Pondus,
Sucuri says clean: web site:
http://blog-mincir.com/blog
status: Verified Clean
web trust: Not Blacklisted
Did you cleansed your browser cache?
polonus
@Pol… reply #6 explains it ;D
You’re welcome.
Confirm, no avast alert now when I visited the site again.