ChrisGR70

Thanks, Zynthesist, Actually this happened back in June, and you told me about the same two files then. The core.min.js file was cleaned (I don't remember how, or by whom) and I reinstalled the Embed Plus for YouTube plugin, which appeared to fix the problem. What I don't understand is why Malwarebytes blocks the site yet it then says there is nothing to block. Does that mean the site is on a blacklist (so Malwarebytes blocks it) but Malwaarebytes Browserguard itself does not detect any malicious files, even though two are listed at virustotal.com. I take that to mean it is blocking the site for no reason - a false positive - and should be able to unblock it as there is no malicious ffile present. Do you have any explanation as to why Malwarebytes blocks it yet cannot find any reason to block it? Am I right in thinking that even though a file called core.min.js, or one called ytprefs.min.js, are listed as sometimes detected as malicious on virustotal.com, that does not necessarily mean the actual copies of files with those names are injected with malicious code on my site?

My website, abwoon.org is blocked by Malwarebytes but when I click through to see the site and click the Malwarebytes icon to scan the site, it says there is nothing to block. Please can this site be unblocked? Google Safe Browsing and Sucuri - both have the website marked as safe: https://transparencyreport.google.com/safe-browsing/search?url=abwoon.org&hl=en_GB https://sitecheck.sucuri.net/results/abwoon.org

I've deleted the youtube plugin and reinstalled it. I ignored the core.js.min file as you said it was clean - and now the website loads properly again. It's not being blocked by Malwarebytes browser guard or by AVG Web Shield. I think that's fixed it! I don't know if there are any scans that will show up any other malware, but it's great that it works for me now. Thanks for the help - I'd never have known where to look without it. Chris.

Hi Dashke, thanks. I'm confused if you say the file has been cleaned. As I look at the filesizes, the core.js.min is still 21KB on the server (the core.js is still 48KB) but on all the other wordpress sites I own core.js.min is only 4KB. I'll try deleting the Youtube plugin and reinstalling, if deleting it allows me to get logged back into the dashboard.

Thanks, Zynthesist. So now I'd like to remedy those, but not sure the best way to do it. I have only the simplest understanding of scripts like those, but would I be right in thinking that if the one on the server is a bigger filesize than the one one my backup, it has extra code injected, and that could be the trojan(s), within the javascript code? If I simply replace the bigger one with the smaller one, is that likely to solve the trojan problem, and if it does, will Malwarebytes immediately stop detecting it and stop blocking the site? Or is there a more logically safe and effective approach to take? I'm not certain that any file I use to replace with will be the latect or most compatible version of the file, or if it might break the way the original script is meant to function, if I use an out of date file. Secondly, many of the files have two versions, eg core.js (48KB) and core.min.js (21KB), with the second about half the size of the first. Is the .min version the same code but formatted without spaces and line breaks, to minimise the filesize? If so, should I assume the core.js is also injected with the same trojan, and should I therefore replace those as well? In fact, do I even need the larger core.js at all - can I delete the larger of a pair, if I have the .min version installed? My backup has only .min versions and the site works. Sorry, lots of questions :-)

I attach my log file. mbst-grab-results.zip

My website, abwoon.org is blocked by Malwarebytes but this is a false positive. Please can this site be unblocked? Google Safe Browsing and Sucuri - both have the website marked as safe: https://transparencyreport.google.com/safe-browsing/search?url=abwoon.org&hl=en_GB https://sitecheck.sucuri.net/results/abwoon.org