As many of my readers may know, in the past few weeks my site here was not working correctly. Some off-the-wall hacker infected this blog with a JS/Wonka Trojan and it caused all my visitors to be taken to ad sites, videos sites and many other places rather than having the opportunity to read here what they came for.
It’s too bad those kinds of people are in the world, but its one of the main reasons I created this blog. I wanted to be an honest voice on the Internet. I wanted to be a person people could trust and not worry about being scammed or hurt.
But back to the “Trojan” story, I called my host provider and they suggested I back up my blog database and scan it to see if I could find the Trojan. I had never done this before so I learned something new and added to my technical abilities.
So what the hackers meant for evil, God meant for good! “So THERE you evil hackers!”
Anyway, after I found out my database was clean, I started searching Google for answers. Now there is a lot of “Google bashing” going on these days concerning Adwords, PPC and search engine ranking algorithms and how Google treats internet marketers -but- when it comes to accessing helpful information, Google is the best.
So I typed in “how to remove JS Wonka trojan from Wordpress” in the search box and one of the listings was:
http://www.marcosorfila.com/site/?p=325
There I found the solution to my problem.
Basically this JS Wonka Trojan script is installed on the header.php page of the blog. It will appear something like this:
/head>script>document.write(unescape(’%3C%73%63….A_LOT_MORE_CODE_HERE….%261B%264D0tdsjqu%264F1′)
To remove that line from the “header.php” file, I logged in to Wordpress as user admin, went to “Design > Theme Editor”, edited the “header.php” file and removed the suspicious line. Be careful not to remove the “/head” tag at the beginning, just the script.
I am thankful for Marcos providing this information on his blog and I’m thankful to Google for having this listing available. It saved me a lot of unnecessary frustration. You can see the comments I made to Marcos here:
http://www.marcosorfila.com/site/?p=325#comment-978
So if you have this problem on your website, this should help you solve it quickly.
Popularity: 14% [?]
Tags: how to remove JS Wonka Trojan, how to remove JS Wonka Trojan from Wordpress
April 12th, 2010 at 4:56 pm
Thanks for the info. It saved me an awful lot of time and stress.
April 21st, 2010 at 3:35 pm
I had this on one of my wordpress sites and your posting helped me eliminate it. How did it get there ?
Thanks.
Brad
!@##$$ Evil Hackers !!!!
May 31st, 2010 at 10:26 am
thanks !!!!!
it´s works for me
greetins from argentina
September 3rd, 2011 at 11:11 am
Worked.