Last updated: October 06 2021
If you’re researching on how to clean piterreceiver.ga malware, you may consider our free site check.
Need help? Let us clean your site.
If your Google Ads are currently suspended we recommend our Platinum plan, which will include malware cleanup and Ads support:
This contamination may affect both database and web files, so I would recommend to:
a) Check other sites hosted on the same hosting account.
If malware infection is widespread, each site should be isolated, to prevent cross-site contamination.
b) Perform a site cleanup for each WordPress instance, checking plugins, theme and core files.
To fix a hacked website, follow these steps:
2. Disable MySQL remote access, especially if you’re using Plesk.
Look for “String.fromCharCode”, “piterreceiver”, and “store.piterreceiver.ga”.
Insert the following script inside pack.php file and place it inside your root folder. This way you can pack all PHP and JS files, which can be cleaned locally.
Search and replace tools for malicious strings inside multiple files: dnGrep, grepWin, VisualGrep, PowerGREP.
- As a precaution measure, look for “piterreceiver”, “String.fromCharCode”. This way you will know if other tables are infected as well.
Injections usually target wp_posts and wp_options tables.
The following SQL commands may be used to clear any malicious JS:
- Check users with administrator privileges.
Search and replace database tool for malicious strings: Better Search Replace, Search Replace DB ver. 4.
This way, any infected cached pages listed on Google will be updated.
Make sure other sites hosted on the server are secured and isolated.
More info: https://wordpress.org/support/plugin/shapepress-dsgvo/
Safe plugin version: https://downloads.wordpress.org/plugin/shapepress-dsgvo.3.1.23.zip
Make sure the following table entry is cleaned ‘sp_dsgvo_integration_matomo’.
Try our Free site check.
Malicious domains: piterreceiver.ga, belonnanotservice.ga, dorbluess.bar, cleverysystems.best, drake.monster, demetravertando.best, dorbluess.best, anwapfile.bar, anwapfile.monster, checkrobotics.club, checkrobotics.com, cleverysystems.bar, cleverysystems.best, demetravertando.bar, demetravertando.best, zigmundred.bar, zigmundred.best, keltonchain.bar.
188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199 ( Nice IT Services )
illustration by @Dom J.