+5 votes
222 views
How to remove malware Admedia / Adverting iFrame Infection

in Linux / Unix by (552k points) | 222 views

1 Answer

+3 votes
Best answer

Remove malware Admedia / Adverting iFrame Infection in wordpress

Remove malware Admedia / Adverting iFrame Infection in wordpress

On my server I have detected a malware that when I enter some pages google tells me that I have malicious content, specifically my linux server with debian has plesk installed and on all the pages under a certain vhost, that is, master domain and associated subdomains is happening to me . As always I have started to check the web where this happened to me. I checked wordpress and it was updated, I checked the plugins and they were all updated, in principle I did not see anything. By ftp I downloaded the entire web and I passed an antivirus to all the code and I detected that in the javascript files of almost all plugins there was a malicious code in the last line, it started with a comment like this   / * e8def60c62ec31519121bfdb43fa078f * /  and then a code like this ; window ["\ x64 \ x6f .... I have armed myself with patience and I have eliminated this code in all the javascript, in total my antivirus had detected 10.

After a while I went back and was all infected, and all the websites, after searching for information by Google I detected that there is a new vulnerability, malware Admedia / Adverting iFrame Infection, apparently due to an outdated plugin in a certain wordpress, through this infection is spread to other websites in wordpress and other cms that are in the same vhost, I had a hard time removing it, and thanks to a comment from a user in this post I could fix it:  https://blog .sucuri.net/2016/02/massive-admedia-iframe-javascript-infection.html

It is based on locating infected javascript files with find

find -name "* .js" | xargs grep -E "\ / \ * [a-z0-9] {32} \ * \ /" -l | sort

Add thirsty using a pattern a comment on the next line

find -name "* .js" -exec sed -i "s / \ / \ * [a-z0-9] \ {32 \} \ * \ // \ n & / g" '{}' \;

And in the end it removes the malware code or malicious code in the infected javascript files with the instruction

find -name "* .js" -exec sed -i "/ [a-z0-9] \ {32 \} /, / [a-z0-9] \ {32 \} / d" '{}' \;

Once this is done, if we perform the check with the first instruction, there will be no infected files and finally we will have cleared the problem.


by (552k points)

Related questions

+3 votes
1 answer
asked May 26, 2019 in Linux / Unix by backtothefuture (552k points) | 291 views
+3 votes
1 answer
asked Nov 18, 2019 in Mac by backtothefuture (552k points) | 359 views
+5 votes
1 answer
asked Oct 10, 2019 in Mac by backtothefuture (552k points) | 385 views
+5 votes
1 answer
+3 votes
1 answer
asked May 26, 2019 in Linux / Unix by backtothefuture (552k points) | 325 views
Sponsored articles cost $40 per post. You can contact us via Feedback

Most popular questions within the last 30 days

10,659 questions
10,791 answers
510 comments
3 users