Aurizen

Hey guys,

I’ve been hit with the same virus/hack. It was done on several of my sites including static and ecommerce sites. It’s not just a WP issue.

I noticed that none of my local files were infected. I would upload clean copies and like you said, the hack would re-appear. After a lot of research, I switched all my FTP accounts.. I destroyed all users, I recreated my host control panel passwords from a computer with a fresh install, and then recreated all my FTP users with really really strong passwords. IT WORKED.

I’ve got 3 computers at home, one of them is my web design biz machine, and I’m very suspicious that it’s been compromised. That’s how all my clients websites ended up with the virus.

I’m not using the that computer anymore, I’ve installed new updated virus definitions on my other computers and carefully transfered all work files. I plan to wipe my biz comp and start fresh.

This FTP hack can also be researched under “Iframe Hack”

Sometimes the best answers are the simplest. I was concerned at first that it was the host, but it happened to sites that I had a a variety of hosts.. FTP programs do not encrypt logins and passwords. If you’ve got a trojan chances are your ftp was logged.

Good Luck.
Cris