Hosting privremeno suspendovao sajtove zbog virusa

Hello,

A routine scan of your account has found the malicious or infected files present.

/wp-includes/images/smilies/credits.php
/wp-includes/images/crystal/links.php
/wp-includes/images/crystal/cache.php
/wp-includes/images/wlw/capabilities.pl
/xxxxx/wp-includes/images/crystal/users.php
/xxxx/wp-includes/images/crystal/cache.php
/xxxxx/wp-includes/images/wlw/sidebar.pl
/xxxx/wp-includes/images/wlw/media.php
/xxxxx/wp-includes/images/smilies/gettext.php
/xxxxxx/wp-includes/images/smilies/pattern.php
/xxxxxx/wp-includes/images/crystal/link.pl
/xxxxxx/wp-includes/images/crystal/widgets.php

As a result, we have had to suspend your account, to avoid problems for site visitors or other customers. Please remove the malicious files, through FTP or the file manager. Also, databases must be checked for WP_CLIENT_KEY in the options tables and that entry must be removed.

We also strongly recommend that change your password through the control panel for the account, and most importantly, you need to make sure any applications in your account are completely up-to-date as far as versions, security patches, etc. are concerned. This applies not just to the core application, but also plugins, themes, modules, etc. ** If this is not done, your account will remain vulnerable to future attacks of this kind. **

Please take appropriate actions and reply back to us so that we can activate your account.

Sincerely,

Rashmi P

i ajd ove fajlove obrisem sto su označili ali nemam pojma sta da radim sa databazom.
to im i napisem oni mi kazu da ce opet skenirat sajt i posalju mi ovo

I have rescanned your account and still found the malicious or infected files ‘/xxxxxxxx/wp-content/themes/atahualpa/functions.php’. Please remove the malicious codes/files through FTP or the file manager and get back to us so that we can enable your account.

You can check the database by following the steps given below:

1. You can access the table wp_options in MySQL database through phpMyAdmin ( if you are using wordpress multisite it will be also on wp_10_oprions as well ) .
2. look into the rows of this table for strange encrypted values WHERE option_name like (“wp_data_newa”,“WP_CLIENT_KEY”) and delete the malware content in the table.

ja obrisem ovaj fajl iako po mojoj pretpostavci satn nece radit jer sam temi obrisala functions.php fajl

ali u ove redove u mysql gledam i nista mi jasno nije 5 sajtova mi čitav dan nedostupno sta da činim zna li ko?

Da izbrises lijepo sve i instaliras iznova a pre toga export sav sadrzaj http://www.sceko.com/wp-admin/export.php

Da redovno azuriras svoj wordpress i koristis sigurne teme, tj proverene.

Slazem se s @Sceko. Imao sam prije par dana jednog korisnika na serveru koji je slao ogromne kolicine SPAM-a, odnosno nije on … vec su mu digli nekakvu teme koja je bugovita … i cijeli site mu se napunio malware-a koji su uzrokovali onda probleme na serveru. Samo instaliraj sigurne i provjerene teme i nikako site ne nakrcat sa 10000 pluginova.

Ocito je problem u temi. Nadji temu bez tih malicioznih kodova i instaliraj ju, a ovu obrisi.

ako vec postoji “malicioznih kodova” onda su odradili posao tako da najbolje je iznova da odradi to. Da koristi proverene dodatke i teme.