How to Clean Malware

Numerous sites are recently affected by a new type of malware, loaded from Approx. 160 sites are already indexed by publicwww with this malware.

Try our Free site check.

Follow these steps to recover from this hack:

Step 1
Before applying any fixes, perform a full account backup, including web files and database. Any attempt on fixing the site may result in permanent data loss.

Step 2
Assess the malware impact
Review all the sites that share the same hosting account. If you have more than 2 sites, most likely all are affected by cross-site contamination. To prevent cross-site contamination and data loss, better have public access disabled for all the sites.

Step 3
Reviewing site components
Each site component needs to be carefully reviewed, making sure the latest version is being used. Preferably core files, plugins, and themes should be manually rebuilt offline, before deploying a safe clean version.

Step 4
Analyze files left from the previous site version
Any file recovered from the previous infected site version should be manually reviewed. Moreover, the plugin or theme should be checked for any security vulnerabilities. JS and PHP files are often targeted.

Step 5
Check for backdoors
Attackers often install malicious backdoor files, to regain access after an incomplete cleanup. Also, unauthorized users with admin privileges are created. And less often, malicious cronjobs or PHP processes are running in the background, creating bad files once in a while. Look for backdoor files, users, cronjobs, PHP processes, and newly created email and FTP accounts.

Linked malicious attack:

Need help? Let us clean your site.

Malicious subdomains:

Malicious URLs:

Other URLs:

Biz URLs:

String.fromCharCode: 104,116,116,112,115,58,47,47,115,112,101,99,116,114,101,46,99,111,102,111,117,110,100,101,114,115,112,101,99,105,97,108,115,46,99,111,109,47,102,105,110,101,46,112,104,112,63,112,105,100,61,52,51,54,50,38,116,105,100,61,54,56,57,54,52,38,99,105,100,61,53,53,53

Malicious IPs:,, ( Webzilla B.V. ), ( Verdina Ltd. ), ( PE Brezhnev Daniil ),,, ( PE Brezhnev Daniil ).

Other malicious domains related to this hack:,,,,,,,,,,,,,,,,,,

Twitter update from Denis @unmaskparasites

Subdomains related to this malware attack, that are hosted by the same network, Verdina Ltd.:

Domains related to this malware attack, that are hosted by the same network, DataWeb Global Group B.V.: