Comments on: How to Remove reycross.com WordPress Malware http://www.kallasoft.com/how-to-remove-reycross-com-wordpress-malware/ Commercial-Friendly Open Source Software Development Fri, 05 Mar 2010 13:52:55 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Larry Furman http://www.kallasoft.com/how-to-remove-reycross-com-wordpress-malware/comment-page-1/#comment-2249 Larry Furman Mon, 28 Dec 2009 17:56:53 +0000 http://www.kallasoft.com/?p=1127#comment-2249 Find and sed are unix / linux tools. Have you tested this in a terminal wind on Mac OSX? What about MS Windows? Find and sed are unix / linux tools. Have you tested this in a terminal wind on Mac OSX? What about MS Windows?

]]> By: Larry Furman http://www.kallasoft.com/how-to-remove-reycross-com-wordpress-malware/comment-page-1/#comment-2248 Larry Furman Mon, 28 Dec 2009 17:56:24 +0000 http://www.kallasoft.com/?p=1127#comment-2248 Find and sed are unix linux tools. Have you tested this in a terminal wind on Mac OSX? What about windows? Find and sed are unix linux tools. Have you tested this in a terminal wind on Mac OSX? What about windows?

]]> By: Riyad Kalla http://www.kallasoft.com/how-to-remove-reycross-com-wordpress-malware/comment-page-1/#comment-2245 Riyad Kalla Sun, 27 Dec 2009 22:33:12 +0000 http://www.kallasoft.com/?p=1127#comment-2245 Jonathan I hope you guys got everything cleaned out OK? If you run the command given anyway, it's more or less a no-op if there are no matching hacked scripts so it's relatively harmless if you just wanted to run it to be safe. But if you already got things cleaned up then you should be OK. Jonathan I hope you guys got everything cleaned out OK? If you run the command given anyway, it’s more or less a no-op if there are no matching hacked scripts so it’s relatively harmless if you just wanted to run it to be safe. But if you already got things cleaned up then you should be OK.

]]> By: Riyad Kalla http://www.kallasoft.com/how-to-remove-reycross-com-wordpress-malware/comment-page-1/#comment-2244 Riyad Kalla Sun, 27 Dec 2009 22:31:46 +0000 http://www.kallasoft.com/?p=1127#comment-2244 Codrut, I'm not sure which part of WordPress generates the RSS feed content, so I'm not sure where to look to clear that out -- but you execute that line of code I provided from a Unix/Linux command line from the root directory of where your wordpress install lives -- it will scan *every* file looking for the pattern of the injected infected content and replace it with nothing -- effectively removing it. It should clean it out from wherever the RSS infection is taking place as well. Codrut,

I’m not sure which part of WordPress generates the RSS feed content, so I’m not sure where to look to clear that out — but you execute that line of code I provided from a Unix/Linux command line from the root directory of where your wordpress install lives — it will scan *every* file looking for the pattern of the injected infected content and replace it with nothing — effectively removing it.

It should clean it out from wherever the RSS infection is taking place as well.

]]> By: Malware attacks on WordPress http://www.kallasoft.com/how-to-remove-reycross-com-wordpress-malware/comment-page-1/#comment-2233 Malware attacks on WordPress Sun, 27 Dec 2009 14:21:42 +0000 http://www.kallasoft.com/?p=1127#comment-2233 [...] Riyad Kalla of the blog/website Kallasoft has written one helpful post How to Remove reycross.com WordPress Malware. [...] [...] Riyad Kalla of the blog/website Kallasoft has written one helpful post How to Remove reycross.com WordPress Malware. [...]

]]> By: Jonathan Soroko http://www.kallasoft.com/how-to-remove-reycross-com-wordpress-malware/comment-page-1/#comment-2232 Jonathan Soroko Sun, 27 Dec 2009 14:00:58 +0000 http://www.kallasoft.com/?p=1127#comment-2232 We seem to have been hit earlier - we discovered it in older posts only. And that accidentally by looking for an old post. But this is helpful - seeing another variation on the problem. JS We seem to have been hit earlier – we discovered it in older posts only. And that accidentally by looking for an old post.
But this is helpful – seeing another variation on the problem.
JS

]]> By: Codrut Turcanu http://www.kallasoft.com/how-to-remove-reycross-com-wordpress-malware/comment-page-1/#comment-2188 Codrut Turcanu Mon, 21 Dec 2009 20:04:52 +0000 http://www.kallasoft.com/?p=1127#comment-2188 Hey, I'm having similar problems... my RSS feed link got infected too Any idea how to remove that too? Also where and how do I include this text? [I'm not a tech guy] find . -name '*.*' -exec sed -i 's///g' {} \; Thank you Hey, I’m having similar problems… my RSS feed link got infected too

Any idea how to remove that too?

Also where and how do I include this text? [I'm not a tech guy]

find . -name ‘*.*’ -exec sed -i ’s///g’ {} \;

Thank you

]]>