Got hacked ? Please help
 

Hello

Today, my website http://www.whateverfree.com/ opened a popup to http:xxwww.downloadmusicfreenow.com/ twice :bang:

I searched on the Internet and found some posts about jquery trojans but I can't find it on my site. Below is what I did.

1. Download public_html to my pc and search all file type (*.php and *.js) included files in sub directories. The keywords I searched: "downloadmusicfreenow.com", "base64_decode", "jqueryc", "jquerys".

2. Search all database via phpMyadmin "downloadmusicfreenow"

3. View Source of website and search "downloadmusicfreenow"

4. Download all .js loaded and search "downloadmusicfreenow"

But I can't find anything. Please help :bang:

I checked your site http://sitecheck.sucuri.net/results/...teverfree.com/ and it looks clean.
If you're using Firefox, I have the same problem with it randomly opening new tabs to spammy websites. It doesn't matter which website I'm on at the time.

I know my sites are clean and I've done various virus and spyware scans which all came up clean. I suspect it's Firefox as it stopped happening when I switched to Chrome.

Maybe you have a different problem, but it sounds the same as mine.

Neil

Hello
Just found a site that for Javascript unpacker and here is the result
I can see the site downloadmusicfreenow.com on report but I don't know where it is ? in which file ?

Could someone please help ?

OK
I saw something like code belowThen I disable the plugin named: "Async Social Sharing" and scan the site again, the url downloadmusicfreenow.com disappear

So the problem came from "Async Social Sharing". I installed this plugin on my other website and just checked it with no same problem. That's mean whateverfree.com got hacked ? and hacked insert this script to my site ?

@NeilUK
You can check your site with this http://jsunpack.jeek.org

Now I must download and replace all files, plugin to make website clean ? that's terrible :(