Tag Archives: malware

My wordpress blog got hacked!

Suddenly two of my blogs could not be viewed. It was blank and another one display the “Warning: Visiting this site may harm your computer!” when browse with Google Chrome.

What I did to recover..

1. Remove the injected script in infected files (this can be checked in the error log file)

2. Login to my wordpress and export all content and save it on my PC

3. Download all my images in wp-content/uploads folder

4. Totally remove the wordpress

5. Do fresh installation with latest wordpress version available in Fantastico

6. Upgrade wordpress to latest version available with auto update feature

7. Make sure I don’t use “admin” as username for my blog and password at least 8 character long consists of aplhabet, number and special characters.

8. Install only neccessary and trusted plugins and themes. Immediately update plugins if new version available

9. Import all the files with import feature in tools

10. Copy back all the images to wp-content/uploads folder. Better check first to ensure no unwanted files in the folder.

Other than that..

1. Scan PC for virus and malware

Kill those malwares/virus

Lots of new virus and malware nowadays. Keep your PC safe with these tools

AVG Free

Malwarebytes Anti-Malware

Another thing, try avoid using Internet Explorer. Google Chrome can better protect you from infected websites.

If you are using open source application like wordpress. Ensure that

  • you are using the latest version
  • your password is secure with at least 8 alphanumeric character with mix of special character and lower/upper case character
  • you are using 3rd party plugins/themes from only reliable sources
  • if possible try remove standard footer and header generated by the application (please read the terms first)

Other tips

  • Don’t login to your web application in public and unsecure place or PC’s like in cyber cafe etc
  • If you suspect your account was hacked, immediately change the password and inform your system admin or hosting/technical support

Updated: Don’t eve save password in FTP client application like Filezilla. They save your password in flat file and easily read by any other application

How to remove wuauclt in your processes list

I had problem with my other PC (windows xp) that ran very slow. I checked the processes running and found this wuauclt program is running. Tried to kill it but it reappear again.

I did some research on the net and found that the file is windows file for auto update and can’t be removed by kill it in the process list.

The solution is logon your PC via safe mode, find file named wuauclt.exe in c:\windows\system32. Rename it to another file name like wuaucltxxxx.exe. Then restart your PC as normal.