brandostick

Greetings Eli, sorry for the time in the answer.

I have the PHP 7.3 version on my server. I have updated the definitions on my sites and no threat is detected anymore ..

As always, I appreciate your excellent disposition to resolve the concerns and problems presented. You are without a doubt the best!

Thank you so much!

Greetings again Eli,

I am still very grateful for your willingness to solve my problem, today I have taken all afternoon to try to solve the problem but I have not been able to. I have tried to follow the steps you indicated, seeing the SSH option, I do not see any option to use the command you indicate, so I have downloaded the site on my pc to search for it manually, but I have not known how to do it.

I have Malwarebytes installed on my PC and the malware appeared in chrome, this is the window that opens from the infected websites.

I’ll give you the report for what it’s worth

Malwarebytes
http://www.malwarebytes.com

-Registration details-
Protection event date: 8/25/20
Protection event time: 18:21
Log file: 646b6efe-e721-11ea-a5d8-ccaf78a47f4c.json

-Software information-
Version: 4.2.0.82
Components version: 1.0.1025
Update package version: 1.0.29053
License: Trial

-System information-
OS: Windows 10 (Build 18362.1016)
CPU: x64
File system: NTFS
User: System

-Details of the blocked website-
Malicious website: 1
, C: \ Program Files(x86)\Google\Chrome\Application\chrome.exe,Blocked,-1,-1,0.0.0,,

-Website data-
Category: Trojan
Domain: win-your-prize-now1.life
IP address: 5.188.178.85
Port: 443
Type: Outgoing
File: C: \ Program Files (x86) \ Google \ Chrome \ Application \ chrome.exe
(end)

Honestly, I don’t know what else to do.

If for some reason you want my server data to expand your bank of viruses disinfected by your renowned plugin =) I am willing to provide the necessary data =)

In addition to making a well-deserved donation.

Anyway, I am attentive to any comments.

Again thank you very much!

Thank you Eli, for your quick response and interest in solving the problem.

When you mention “searching the code for any mention of” astra_head_top “do you mean exactly ..?

Sorry, my knowledge in the area is limited, but I try my best =)

I looked for the term “astra_head_top” in the theme’s function.php file, but it did not return any results.

I also did it in the header.php file of the theme and this appeared:

<head>
<? php astra_head_top (); ?>
<meta charset = “<? php bloginfo (‘charset’);?>”>
<meta name = “viewport” content = “width = device-width, initial-scale = 1”>
<link rel = “profile” href = “https://gmpg.org/xfn/11”&gt;

<? php wp_head (); ?>
<? php astra_head_bottom (); ?>
</head>

I share it because of the link that appears there, I am ashamed not to know where to look …

I don’t know if there is a way to search within the general files to find the code you mention.

Again, thank you very much!

Greetings again Eli, thanks for your answer and guidance,

This is the complete code that appears in Header.php of the active theme.

<?php
/**
* The header for Astra Theme.
*
* This is the template that displays all of the <head> section and everything up until <div id=”content”>
*
* @link https://developer.ww.wp.xz.cn/themes/basics/template-files/#template-partials
*
* @package Astra
* @since 1.0.0
*/

if ( ! defined( ‘ABSPATH’ ) ) {
exit; // Exit if accessed directly.
}

?><!DOCTYPE html>
<?php astra_html_before(); ?>
<html <?php language_attributes(); ?>>
<head>
<?php astra_head_top(); ?>
<meta charset=”<?php bloginfo( ‘charset’ ); ?>”>
<meta name=”viewport” content=”width=device-width, initial-scale=1″>
<link rel=”profile” href=”https://gmpg.org/xfn/11″&gt;

<?php wp_head(); ?>
<?php astra_head_bottom(); ?>
</head>

<body <?php astra_schema_body(); ?> <?php body_class(); ?>>

<?php astra_body_top(); ?>
<?php wp_body_open(); ?>
<div
<?php
echo astra_attr(
‘site’,
array(
‘id’ => ‘page’,
‘class’ => ‘hfeed site’,
)
);
?>
>
<?php echo esc_html( astra_default_strings( ‘string-header-skip-link’, false ) ); ?>

<?php astra_header_before(); ?>

<?php astra_header(); ?>

<?php astra_header_after(); ?>

<?php astra_content_before(); ?>

<div id=”content” class=”site-content”>

<div class=”ast-container”>

<?php astra_content_top(); ?>

I hope it is the one requested.

Regards!

Greetings Eli

Sorry for my absence, I have been mourning the death of a relative due to Covid.

I am returning to the topic of my problem, and I have checked the page at https://sitecheck.sucuri.net/ and I have this malware:

Known javascript malware: rogueads.unwanted_ads? 16

I was checking on that same page the other 2 websites that I have hosted on that server, and they all have the same malware ..

I have scanned all 3 sites using your software but I can’t find this specific malware, do you think there is something I can do about it?

Your program ignores several files, I think this problem is due to excessive time while scanning, do you think that there is the problem?

You can see the errors here
https://sitecheck.sucuri.net/results/https/www.chiksfashion.com

Thank you very much.

Following the steps that you indicated, I have already completed the website scan =)

I see 25 files were skipped and 3 read errors occurred while scanning, However no malware found = /

The site sometimes redirects me to other pages, sometimes not .. but I can also see that it does not allow me to enter the option to edit the theme.

Do you think something can be done in that case?

Alright, I’m going to start scanning again and I send a capture after 20 minutes, to see if we can find part of the problem.

Thank you very much again