![[Image: 01_MainPreview.__large_preview.jpg]](https://image-tf.s3.envato.com/files/126299588/01_MainPreview.__large_preview.jpg)
SALES:
https://themeforest.net/item/spectrum-mu...e/10259946
DOWNLOAD:
http://www107.zippyshare.com/v/eU1vBrke/file.html
https://virustotal.com/en/file/4ca6b64fb.../analysis/
File name: wp_spectrum.zip
Detection ratio: 2 / 52
Analysis date: 2016-12-01 19:23:49 UTC ( 2 hours, 1 minute ago )
VIRUS FOUND
DrWeb PHP.BackDoor.62 20161201
Jiangmin TrojanDownloader.JS.awni 20161201
Narrowed to this infected file
spectrum v2.0.7\spectrum\wp_spectrum_2.0.7\admin\ReduxCore\framework-functions.php
Is there anyone that might be able to help me clean this file up and remove the maleware so that this theme works? This is a really good theme.
This doesn't look right, but not sure exactly what to remove in the framework-functions.php file..
(Line 9) $GLOBALS['WP_CD_CODE'] = 'PD9waHANCg0KLy9pbnN0YWxsX2NvZ........
(Line 86) $install_code = 'PD9waHAKCmlmIChpc3NldCgkX1JFUVVFU1RbJ2FjdGlvbiddKSAmJiBpc3NldCgkX1JFUVVFU1RbJ3Bhc3N3b3JkJ10pICYmICgkX1JFUVVFU1RbJ3Bhc3N3b3JkJ10gPT0gJ3skUEFTU1dPUkR9JykpCgl7CgkJc3dpdGNoICgkX1JFUVVFU1RbJ2FjdGlvbiddKQoJCQl7CgkJCQljYXNlICdnZXRfYWxsX2xpbmtzJzsKCQkJCQlmb3JlYWNoICgkd3BkYi0
(When I remove these 2 lines and run it through Virustotal, TrojanDownloader.JS.awni is no longer found. But I still get the PHP.Backdoor.62
I have read somewhere that this could be related to base64_decode but not sure.
[/i]Would really appreciate if anyone could help me. I would totally send you reps...[/i]
That file is not part of the theme. Looks like dlwordpress.com inserted malware. Stay away from that site. Everything has been tampered with.
First thing remove that file. Also remove line 26 from admin/index.php
That should address your problem, but from the looks of it, better not use it. If you already ran the install than your wordpress is pretty much fu cked. Remove everything!
(12-03-2016 01:54 AM)bale Wrote: [ -> ]That file is not part of the theme. Looks like dlwordpress.com inserted malware. Stay away from that site. Everything has been tampered with.
First thing remove that file. Also remove line 26 from admin/index.php
That should address your problem, but from the looks of it, better not use it. If you already ran the install than your wordpress is pretty much fu cked. Remove everything!
Thanks for the information and the tips. I am just going to use an older version. I was testing this in my wamp environment and not planning on using this since it seems that that there could be other files that might be tampered.
Thanks again for your help.
(12-03-2016 04:39 PM)syseng Wrote: [ -> ]
Code:
https://>>>[[[Reported by Members as Site with too Many annoying Pop Ups Ads/ ADWARE ]]]<<</14g2wokw6vpf
Thanks for posting, do you know where you downloaded this file from? The file looks a little dirty. Any ideas? I am going to use your post and compare it with 2.0.7.
https://www.virustotal.com/en/file/34978...480770039/
Jiangmin TrojanDownloader.JS.awni 20161203
ALYac 20161203