Pharma Hack detected by MScan – Pharma Hack cleanup

Home Forums BulletProof Security Pro Pharma Hack detected by MScan – Pharma Hack cleanup

This topic contains 1 reply, has 1 voice, and was last updated by  AITpro Admin 8 months, 3 weeks ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #34442

    AITpro Admin
    Keymaster

    Email Question:
    Hi,

    BPS has detected the following while scanning:
    DB TableDB ColumnDB Row IDPattern Match
    wp_options option_name 999999 PharmaHack
    I have tried searching in the database for:
    – SELECT * FROM wp_options WHERE option_id=999999
    – SELECT * FROM wp_options WHERE option_value=999999

    Got nothing in the database as reported by BPS. Am I looking at the right place?

    #34443

    AITpro Admin
    Keymaster

    Option ID 999999 is just used as a placeholder of sorts since the PharmaHack creates its own Database options.

    If you select the View checkbox next to the PharmaHack you will see this cleanup help info:

    Pharma Hack cleanup/removal steps
    Edit your theme’s header.php file and delete this code: <!--?php include 'nav.php'; ?-->
    Delete this file in your theme’s root folder: nav.php
    Login to your web host control panel, login to your WP Database using phpMyAdmin and delete these DB option name Rows below from the DB Table and Column shown above. Note: You may or may not see all of these DB option name Rows so just delete any that you do see.
    wp_check_hash
    class_generic_support
    widget_generic_support
    ftp_credentials
    fwp
    rss_7988287cd8f4f531c6b94fbdbc4e1caf
    rss_d77ee8bfba87fa91cd91469a5ba5abea
    rss_552afe0001e673901a9f2caebdd3141d

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.