| Question: |
Hello. She stopped coming to the site. Address original.jilc.ru Located on the subdomain site jilc.ru which is all fine. Engine WordPress. Don`t know what it is. Please help |
| Question: |
Error code 403 |
| Answer: |
Hello. your sites are infected and sent out spam. the server ip was black listed because of the sites on your account. You need to clean the sites from viruses and carry out updates. now we`ll scan Your account completely and will provide a report for work. then you soobshaet from what ip you will be working and we will open for You the access |
| Question: |
well, that kind of nonsense. where. not that I haven`t installed it and not changed on the website. and when that a few months ago I removed everything and cleaned from viruses ( when it was the same problem sort of) |
| Answer: |
Then You have not fully complied with the cleaning or did not update. wait for scan results |
| Answer: |
this report smim.testvt.empire-host.ru/AI-BOLIT-REPORT-__-473997-16-08-2016_13-00.html |
| Question: |
removed part of the content ( just the sites which are no longer used) the rest is about to fail. no there is not any viruses and harmful content. everything as been used half a year ago so. VP engine itself on the machine being updated. |
| Answer: |
performed a re-examination |
| Answer: |
etcet http://smim.testvt.empire-host.ru/AI-BOLIT-REPORT-__-235050-16-08-2016_13-27.html in these files the malicious code. open and check the front line |
| Question: |
I do not understand WHAT kind of malicious code, and how to remove it ... |
| Question: |
home/smim/public_html/jilcru/wp-admin/includes/class-wp-style.for example rrvt file at this address does not exist .... how do I remove malicious code if this file is actually not at this address |
| Answer: |
take for example /home/smim/public_html/jilcru/wp-admin/includes/class-wp-style.php the file fully with malicious code, the virus |
| Question: |
this I understand, but at /home/smim/public_html/jilcru/wp-admin/includes/ file no class-wp-style.php, posmotrite themselves. I was looking for. it is not .. |
| Answer: |
there is certainly for You is the file public_html/jilcru/wp-admin/includes/class-wp-style.php |
| Question: |
/home/smim/public_html/original_JILC/wp-includes/class-wp.rrma here to delete this file ?? just malicious code which is there specified, the file is not found. Will the deletion of this file on the website`s performance |
| Answer: |
and You have opened the file itself public_html/original_JILC/wp-includes/class-wp.php this file is in standard distribution? we don`t know if it`ll affect rabotosposobnosti, you need to clear the sites from viruses |
| Answer: |
Affected, this is a system file of the website. |
| Question: |
how am I supposed to clean if I don`t know how.............. |
| Answer: |
Replace the file with original from the distribution. |
| Question: |
replaced. the rest of the links , it links to the plugins, most likely he sees a link to which is in the admin panel in the plugin settings and it thinks for harmful code. as the antivirus finds it everywhere harm. code even where it is not, he even found the malicious code in the old report .../home/smim/public_html/jilc.EN/AI-BOLIT-REPORT-__-894181-15-06-2016_09-32.htmlбред full. |
| Answer: |
please Wait. |
| Question: |
well, what is it?? I need my website.. |
| Answer: |
open the report, where it States don`t place the report file on the server, and do not let him direct links from other sites. Information from the report can be used by hackers to hack website, as it contains information about the server settings, files, and directories. that`s why he`s in the lists and not potamu that it is what a code account re-scanned |
| Answer: |
the sites still zarazeny http://smim.testvt.empire-host.ru/AI-BOLIT-REPORT-__-893493-16-08-2016_16-18.html in each of the marked files predonzani code some are all viruses for example highly doubt that the file /home/smim/public_html/original_JILC/wp/wp-includes/m.php belongs to. |
| Question: |
well I removed the infected files and changed them on the original ( before the last scan) and the report again says that these files are infected...... |
| Answer: |
when you have changed? the latest report |
| Question: |
when you say Replace the file with original from the distribution.I changed. and now in the report they appeared again, on the same address... |
| Answer: |
the kaky changed here is the file for example is also solid virus /home/smim/public_html/original_JILC/wp-content/themes/twentysixteen/css/css.php you opened this? it is in the original site? |
| Answer: |
do so now download the files to your computer independently verify antivrus https://revisium.com/kb/scan_site_windows.html then zagruzat them hosting unable to make backup to panel and download the one archive. or to contact them https://revisium.com , they can clear sites and install them protection. |
| Question: |
Oh yeah... when I spoke to him. they told me the price room. I`m not set on sites for a long time... often change passwords, access the comments on the website and so unavailable, and crack it could not... and somehow miraculously viruses are... when a month ago I had the same problem, I deleted it , then made a backup, and now it appeared that all infected... weird. |
| Answer: |
the sites must be updated regularly |
| Question: |
so, automatic engine upgrade worth it. and on another site update is disabled since the new version of VP I need a plugin not working correctly. And all the other sites are updated in the background. |
| Answer: |
all of the files you will reconsider , and not only those kotoyre we write in the ticket here`s the virus /home/smim/public_html/original_JILC/wp-content/plugins/ishare/images/files.php file a few months stat /home/smim/public_html/original_JILC/wp-content/plugins/ishare/images/files.php
File: `/home/smim/public_html/original_JILC/wp-content/plugins/ishare/images/files.php’
Size: 8389 Blocks: 24 IO Block: 4096 regular file
Device: fd04h/64772d Inode: 19550222 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 1525/ smim) Gid: ( 1525/ smim)
Access: 2016-08-16 16:06:57.552075509 +0300
Modify: 2016-05-21 19:56:30.000000000 +0300
Change: 2016-06-15 15:30:47.471115245 +0300 |
| Question: |
approx. will reconsider.. |
| Answer: |
ok
if you need another report, tell me, do |
| Question: |
Hello. Please scan again |
| Answer: |
running the scan, a report will be otpravlen into Your Inbox. |
| Question: |
Hello. Wrote on [email protected] they looked at the report on the scan and told me which files cause a strong suspicion. I deleted them. The rest of the files replaced. Left the files as I understand are not viruses, and their ads about obtaining the paid version of the plugins in the place of trial. Resume please job sites. |
| Answer: |
You can early it download itself on the computer, and wished to remove and to double-check the website |
| Question: |
I do not understand... I downloaded krevoy directory of the site, it made the test antivirusul from revisiona, took off their report, then the host has removed or replaced all that was needed ... |
| Answer: |
Specify which sites you have now is not working. |
| Question: |
original.jilc.ru and jilc.ru |
| Answer: |
the Request sent to the administrator. |
| Question: |
approx. then please mark this as ready |
| Answer: |
jilc.ru there is no lock. But it`s not working. What you do with it removed? |
| Question: |
strange ...it hasn`t worked ... |
| Question: |
well, as blocked original.jilc.ru so he jilc.ru stopped working |
| Question: |
maybe then backup from restore 16 jilc.ru |
| Answer: |
here`s that script? [20-Jan-2016 11:16:39 UTC] PHP Warning: require(/home/smim/public_html/original_JILC/wp-includes/pomo/mo.php): failed to open stream: No such file or directory in /home/smim/public_html/original_JILC/wp-settings.php on line 85
[20-Jan-2016 11:16:39 UTC] PHP Fatal error: require(): Failed opening required `/home/smim/public_html/original_JILC/wp-includes/pomo/mo.php` (include_path=`.:/opt/alt/php56/usr/share/pear:/opt/alt/php56/usr/share/php`) in /home/smim/public_html/original_JILC/wp-settings.php on line 85 |
| Question: |
folder pom at this address anymore for a long time.. go themselves in the root directory and view, I it a few days ago were removed. |
| Answer: |
right , it is not a site requires it. so not working |
| Question: |
um...what the hell .....it requires a folder called pomo , P O R N O ... wtf... |
| Question: |
well, I copied the folder with the subdomain 2bw.jilc.ru |
| Answer: |
we bring You the text of the error which vojnike IRDP zapusk e. it Oksana that the site asks the file (/home/smim/public_html/original_JILC/wp-includes/pomo/mo.php |
| Question: |
can please from that backup ( link above throwing ), extract the folder, when I unpack.. there are folders of sites do nei |
| Answer: |
now we koperweis backup |
| Answer: |
the website sarazen http://original.jilc.ru/AI-BOLIT-REPORT-__-458914-20-08-2016_11-45.html astronaute |
| Question: |
removed |
| Question: |
and jilc.ru what |
| Answer: |
it is also serusaem |
| Question: |
and I realized ..OK.. here`s how the file http://original.jilc.ru/AI-BOLIT-REPORT-__-458914-20-08-2016_11-45.html became infected ...if he got there a few minutes ago and it is clearly not I created...and as you know you have scanned for viruse...and this \"useless antivirus\" considered the report of his own program for the virus |
| Answer: |
http://original.jilc.ru/AI-BOLIT-REPORT-__-458914-20-08-2016_11-45.html this is a report and not infected file |
| Question: |
well, now there`s no infestation, I removed me revisora wrote what was the infected file 100% and which just about a failure where in the code an extra space or reportany character and he believes the infestation..I have a few days damn it all removed.. |
| Answer: |
otkroete. it is the result of the check after download the files from backup. and устран6ите what is in the report |
| Question: |
approx. realized please Khan Academy allows him more time to throw. (and I accidentally just deleted ..(( |
| Answer: |
it did not take off, it needs re-skanirovat |
| Question: |
Oh my God((((( again I removed is not a valid file and you added work( |
| Answer: |
no , not added scanning the automatic. it`s not a problem http://original.jilc.ru/AI-BOLIT-REPORT-__-410404-20-08-2016_12-14.html |
| Question: |
I currently remove those files which are infected, I just climbed in when the infected file and the original, they are not different |
| Answer: |
should legallity viruses and clean the files of the website in which malicious code |
| Answer: |
here`s another jilc.ru/AI-BOLIT-REPORT-__-217107-20-08-2016_12-21.html |
| Question: |
well, here`s how I do it..when I spoke with revision.. they told me to remove pieces of 14 php files, which themselves were malicious . I`ve now removed /home/smim/public_html/original_JILC/wp/wp-includes/class-wp-admin-bar_.php and the site died .. |
| Answer: |
why did you deleted without checking. remove have knowing what you are doing. not Udaltsova and move . if a file is important. that kzhe files can be simply infected. you just need adultt kad from file |
| Question: |
well, the thing is, no matter how much I climbed in the file and the original file, the codes are no different, even with spaces even used sarcev who is looking for the difference in texts ... |
| Answer: |
what are you comparing? |
| Question: |
with the original distribution VP |
| Answer: |
replace the file on your original. there neodin file. |
| Question: |
so, with the website jilc.ru understood. now what would you need the file recovered from the site original.jilc.ru which I deleted ... (wrote above) |
| Answer: |
It is original? |
| Question: |
it is not in the original... well, as I removed it, the site went off ... |
| Answer: |
this file you have |
| Question: |
/home/smim/public_html/original_JILC/wp/wp-includes/class-wp-admin-bar_.php this file was deleted. I have no.... likely have to became this backup-8.16.2016_19-51-13_smim.tar.gz in the root directory lies |
| Answer: |
file uploaded |
| Question: |
In this file, what the hell`s code, not php, not html and not css...part no malicious code ( I was looking for in the search kontrl +f |
| Answer: |
you sent it off for analysis? |
| Question: |
I sent revision on the analysis report which was doing a program that you got rid of me.... there is this file wasn`t deleted, it`s here you to me in the beginning of our conversation said..a few days ago.. or well, not you... and someone else from support |
| Answer: |
send this file |
