Malware attack on site.

[myallptcsites66]

I scanned my site with backup buddy plugin and it showed that my site was effected with malware entry mwjs488. After researching more on this malware i got to know from some source that javascript included from a .co.cc domain, used to distribute malware. I sent the support to .co.cc regarding this matter and they replied that "they scanned their whole site and it is safe and my site showing some malware code and I should remove that otherwise my domain will get banned". I just backed my database and installed the newly fresh wordpress on site. And again on scanning it showing malware entry mwjs488. I m fed up with this.
Source of malware info - http://sucuri.net/malware/malware-entry-mwjs488

Can you help me with this.???

 

[Livewire]

Looking to see what I can do, although I'm worried the content in question may be inside the database. There's a few hacks out for WP that actually infect the database first.

 

[Livewire]

I'm getting inconclusive results everywhere; the file that the sucuri scanner is reporting doesn't appear to contain -any- of the supposed "mwjs488" malware code. It's reporting it as part of the Anticipate Plugin - my guess is that file was compromised for someone else (or several people) at one time, and thus securi marked it as a viral file when in truth the file doesn't appear to be viral. The file in question is this one specifically: "wp-content/plugins/AnticipatePlugin/js/DD_belatedPNG_0.0.8a-min.js"

If you're 100% sure you've downloaded the wordpress from wordpress themselves along with all the plugins, the fastest way to confirm or deny that it has a virus is to find an online virus scanner that can scan a website (not a scanner like sucuri's but an actual virus scanner) and have it scan the website. You -could- always try viewing the page yourself, but I don't recommend this for the obvious reason that if it is indeed viral, you're then infected right off.

 

[callumacrae]

It's saying that this is the bad page: http://ptc-examiner.co.cc/wp-content/plugins/AnticipatePlugin/js/DD_belatedPNG_0.0.8a-min.js

It is wrong.

You might want to send them an email

 

[myallptcsites66]

@ Livewire: I used fantastico for installing wordpress....and all plugins are clean. And i hope that I got the wordpress files installed from wordpress itself. Well i jst scanned my site with virus total and it reported as safe while scanning with AVG it reported .co.cc domain as "surf with caution".

@ Callumacrae : I scanned that .js file which you reported as bad, with Kaspersky but it is safe. See the report below


Kaspersky File Scanner
Scanned file: DD_belatedPNG_0.0.8a-min.js

You're clean!

Kaspersky File Scanner has not detected any viruses at this time in the file you submitted.

However, only a fully-functional antivirus solution with regularly updated virus definitions can ensure comprehensive protection against malware. If you do not have an antivirus solution installed, you may wish to consider purchasing one today.

So what should be my next step regarding this matter.

 

[callumacrae]

Ignore it, send them an email if you want.

 

[myallptcsites66]

Ok i will send them an email and will see what happens.

 

[myallptcsites66]

Now they blocked my domain.....