screenshot of malware being detected by avg antivirus softwareI just helped a friend remove this hack from their website. It is not too bad as long as you stay calm and work through it slowly.

Systems affected:

Windows PC and using Google Chrome or IE Internet Explorer

Symptoms:

Home page looks normal but when the posts are clicked the post briefly is displayed and then the browser diverts to a Malware site.

Solution:

Disclaimer: See full instructions in the mediatemple wiki link below. I have summarised them below but they are more extensive if you follow the instructions from the mediatemple wiki. This is only an overview.
http://wiki.mediatemple.net/w/WordPress_Redirect_Exploit

Login to your admin area of your WordPress website.

Install plugin called WP-PHPMyAdmin http://wordpress.org/extend/plugins/wp-phpmyadmin/

Go to the left sidebar -> Tools –> Click PHPMyAdmin

Go into the database and click on wp_posts in left column

Click on browse from top area

Click on the pencil icon to edit a post entry which will display the post content in a box. Look through the content and if you see the

piece of code as shown in the image below you have been hacked.
Showing an screenshot of a database entry that has the hack in a post

To remove the hack you now need to first identify the website address being used in the example above.

If there is another variation then change the bottom code with the web address you find. These are some of the others being used:

Screen Shot 2013-04-20 at 11.42.51 AM

Remember to use the web address you found above in place of the one mentioned below in the example.

Click on the Tab called ‘SQL’ paste over what was there before with this code and hit ‘Go’

If the website link in question was used correctly you should get a result like this

Affected rows: 3130 (Query took 0.2428 sec)

Good luck and I hope this helps some people out.

P.S. More posts by others on the same issue:

http://lifeinthefastlane.com/2010/08/under-attack/