one day i sow that my testing site is redirecting with enabled plugin stm_vehicles_listing is redirecting to something like this
several diferent domains like
a.robotcaptcha6.info fox.trackstatisticsss.com joinsilverclubbb.com
Like always to track adn remove malware from wordpress i update wordpress to the latestes version ( or just press reinstall if you are one the latestet allready)
Second step update theme files
and finaly update all plugins,
AND…. all thees steps did not solved my problem the web page was still redirecting
i checked .htaccess ir was clean
wp-confing.php – clean
i was seaching and i found nothing in files, JavaScrip files and so on
so it must be not in files but it have to be in database, i searched for TRACKSTATISTICSSS in all datebase an i get only one row… that was so pleasent, finale i got it
it was in wp_option table
28 628 length..
Solution
- connect to phpmyadmin
- in sql enter script below
that is my search script you can use it
SELECT * FROM `c1aps4`.`wp_options` WHERE (CONVERT(`option_id` USING utf8) LIKE '%<SCRIPT%' OR CONVERT(`option_name` USING utf8) LIKE '%<SCRIPT%' OR CONVERT(`option_value` USING utf8) LIKE '%<SCRIPT%' OR CONVERT(`autoload` USING utf8) LIKE '%<SCRIPT%') OR (CONVERT(`option_id` USING utf8) LIKE '%TYPE=TEXT/JAVASCRIPT%' OR CONVERT(`option_name` USING utf8) LIKE '%TYPE=TEXT/JAVASCRIPT%' OR CONVERT(`option_value` USING utf8) LIKE '%TYPE=TEXT/JAVASCRIPT%' OR CONVERT(`autoload` USING utf8) LIKE '%TYPE=TEXT/JAVASCRIPT%') OR (CONVERT(`option_id` USING utf8) LIKE '%SRC=\'HTTPS://COUNT.TRACKSTATISTICSSS.COM/STM?V=L&V=4\'>%' OR CONVERT(`option_name` USING utf8) LIKE '%SRC=\'HTTPS://COUNT.TRACKSTATISTICSSS.COM/STM?V=L&V=4\'>%' OR CONVERT(`option_value` USING utf8) LIKE '%SRC=\'HTTPS://COUNT.TRACKSTATISTICSSS.COM/STM?V=L&V=4\'>%' OR CONVERT(`autoload` USING utf8) LIKE '%SRC=\'HTTPS://COUNT.TRACKSTATISTICSSS.COM/STM?V=L&V=4\'>%')