Plugin Author
Eli
(@scheeeli)
Thanks for contacting me about this. It would seem that the malicious scripts are anchored into the site so the their removal causes the site to crash. I would love the opportunity to discover how they have done this so that I can release a definition update to combat this technique.
If you are willing to allow me access to your WP Admin so that I can fix this for you then please email me directly. You can send your login details to: eli at gotmls dot net
If your not willing to let me into your site please at least send me the infected files so that I can work on this issue for you.
Aloha, Eli
I would very much appreciate your assistance in this matter, but the site belongs to a client of mine, I believe he would allow access to you in order to fix this issue, allow me to speak with him tomorrow to get his approval, I will send you the info tomorrow, Thank You very much
Plugin Author
Eli
(@scheeeli)
Ron,
Thanks for make me an Admin user on the site. This was a pretty bad infection. The reason the site crashed after the first cleaning was because the infected files that were removed from the cgi-local folder were actually being required by the index.php files in the root. This was part of the hack so I added it to my definitions update and removed it.
I also removed a backdoor, an htaccess hack, and other known threats in 86 other files. I think it’s all clean now and it’s still there too ;-).
Can you confirm that it no longer redirects your iPhone?
