Prestashop Malware from Wordpress (editing index.php files and creating .ico)

[Diwad]

Hi guys.

 

 

We have problem with our website. Some time ago we created wordpress website on same server as we have our store. Probably because of some bugs in Wordpress and its plugins we got some kind of malware.

 

We already moved WP do other server and we changed FTP and direct admin passwords. 

 

It was sending spam from our server for few days until we realized and removed some of suspicous files. 

At the moment it is not sending any spam, but:

1. It edits index.php files in many folder adding some hexed redirects to ico. files which are html files with changed extension.

2. Creating .ico files 

3. Some time it tries to creates folders with spam content but we are removing it as soon as we see it.

4. It changes date of edit of index.php files so it is hard to find which file was edited without opening it.

 

Do you know some experts who could fix it without moving our store to another server?

 

Regards

Edited March 23, 2017 by Diwad (see edit history)

[El Patron]

Hi,  sorry you have this issue.

 

I  recommend this article and author also provides a cleaning service.

 

https://dh42.com/blog/prestashop-security/

[Diwad]

The problem is that I'm not from us and it is pretty hard to find an expert in those things.

 

Waiting for other suggestions.

 

Thanks anyways

[El Patron]

The problem is that I'm not from us and it is pretty hard to find an expert in those things.

 

Waiting for other suggestions.

 

Thanks anyways

 

the link supplied is an expert.  Heck I'm an expert at it....but it's not possible to debug via forum.  

[Diwad]

If you like to help I'm open to talk. I've sent you a message

[El Patron]

If you like to help I'm open to talk. I've sent you a message

 

hi, I can only help in community forum.  For private work you can click my signature.  But if you want hire someone to solve you issue that does this 'often' contact dh42 above as suggested.  thanks