Infected with Easy fix available

Another wave of malware contamination sparked this week, similar to trackstatisticsss, stivenfernando and resolutiondestin.
So far aprox. 350 sites affected by

Need help? Let us clean your site.

To fix a hacked website, follow these steps:

Step 0
Backup site
1. Backup database and site files. If you can’t do it, ask your web host.
2. Disable SQL remote access, especially if you’re using Plesk.
3. Change SQL user password.

Step 1
Reset site URL
Restore site URL:
Easiest way would be to edit wp-config.php file via FTP or hosting dashboard ( replace with your own domain name ).

define( 'WP_HOME', '' );
define( 'WP_SITEURL', '' );
Step 2
Clean local files
All index.php and JS files may be corrupted as well.
Look for “String.fromCharCode”, “mndfhghjf”, “digestcolect” and “list.insertBefore(s, list.childNodes[0])”.
Insert the following script with pack.php file and place it inside your root folder. This way you can pack all PHP and JS files, which can be cleaned locally.

exec("find . -name '*.php' -o -name '*.js' | tar -cvzf php-js.tar.gz -T -");

Search and replace tools for malicious strings inside multiple files: dnGrep, grepwin, VisualGrep ( mac ), powergrep ( paid ).
Example of infected JS file:

Step 3
Database check
1. As a precaution measure, look for “digestcolect” then for “String.fromCharCode”. This way you will know if other tables are infected as well.
Attackers usually alter wp_posts and wp_options tables.
2. Check user list, change password for administrators

Step 5
Major update
Perform a major update, making sure core files, theme and plugins are up to date.
Disable any unmaintained abandoned plugins.

Step 5
Blacklist status & Google cache
Lastly, website should be verified with Google search console. A re-index should be performed, in order to refresh cached content.
This will prevent having infected cached pages listed on Google.

More details about this contamination:

Malware is hosted with, Domains are pointing to an Unified Layer server,, using and nameservers.
Samples can be found here:

Malicious URLs:
Malicious networks:,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Malware related to: digestcolect ->,,,,

Try our Free site check.