malware code on posts and pages

[wayne0881]

Hi All,

I have had my wordpress site hacked and code added to every page and post and others things edited too - the code is: dest.collectfasttracks.com/hjsers.js which has been added to every post/page.

I am using Malwarebytes which is what alerted me that something was up and Wordfence which highlighted every post and page was infected with the code.

Any ideas what to do next?

Fresh install or attempt to fix it myself?

Thanks All

[Maurice Naggar]

Hello Wayne.

This is a help section for Windows systems.  What sort of system hosts your wordpress site ?

Is that on a Windows system ?

Is that on your home machine ?  or a soho machine, running Windows ?

IF all is on a Windows system, I can help but I will also need some diagnostic reports as a starter.

[Maurice Naggar]

I should add some notes here.  I will not be able to help you on any fixing to Wordpress documents / files, or any SQL database, or other database of another sort.

I can help on a Windows system to guide you to check for malware.

[wayne0881]

Hi -

its hosted with Hostgator - ( I may have put this in the wrong thread)

[Maurice Naggar]

Then, I would simply suggest that you contact & check with Hostgator support.  Likewise, check with Wordfence support.

Is there anything that you need concerning Malwarebytes for Windows on your own Windows pc ?

[wayne0881]

I contacted Hostgator support they wern't interested unless I paid $200 for some package. 

 

[Maurice Naggar]

I'm sorry to hear that.

As  I noted before, if you have a Windows pc  & need help on it, I can guide you to check for malware on it.

[wayne0881]

any help would be good, that would help me check if its the system as well as my website. 

[Maurice Naggar]

Do keep in mind, we simply  ( at least here) cannot "check your website".

We here can only check a Windows pc  for malware.

I would like you to do a new scan with Malwarebytes for Windows.  One of the major goals here is to have it remove all that it detects.  If it finds anything that is.
Start Malwarebytes from the Windows  Start menu.
Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.
Then click the Security tab.   Look for the section "Automatic Quarantine".   Be sure it is clicked On   ( to the far right side)

Then scroll down to the section Potentially Unwanted items.   We need the next 2 lines   ( for P U P  & for P U  M)  to be set to "Always ( Recommended) ".
You can make the change by clicking on the down-arrow selection list-control.   We want all P U P  &  P U M to be marked for removal.

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.
Next click the blue button marked Scan.
When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.
Then click on Quarantine selected.
Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

 

 

Edited April 13, 2020 by Maurice Naggar

[wayne0881]

No Threats Detected - so all looks okay on system.

[Maurice Naggar]

Here is where you are not real clear to me, about,  just exactly where the Wordpress "site" resides.

Did you mean that the whole Wordpess situation runs on this here Windows machine ??

As I noted before, we cannot fix any Wordpess. 

[wayne0881]

the wordpress site resides on hostgator hosting.

[Maurice Naggar]

Thus it is not on this machine.

In which case, we cannot help you on the Wordpress infection that resides on that external server.

Sorry.   I will need to then mark this case for closure.

I do wish you all the best.   Stay safe.   and remember, Backup is your best friend.