Malicious code removal

C5.6.4.0 PHP7.1
I have had some malicious code injected into one of my sites (encouraging download of a media player and I can’t seem to remove it using the editor.
I get the following message:

“aID”:“57”,“arHandle”:“text”,“cID”:“132”,“error”:false,“bID”:“244”} We will support it soon! Click 2k/4k to download videos first. Pro $ 2.99 / month 1000+ embedded vimeo player sites supported Support video downloading in more resolutions e.g. 4k, 2k, 1080p, etc. Support for downloading private videos Support for extracting audio Unlimited downloads Simple, one click to download Get

Any ideas how to clean this out?


You could try searching the database for part of that string of text to see where the injection has been made and go from there.

If the editor cannot delete it, could be its an HTML block, just a thought.

Yeah I checked my php templates and all looks as I had them. Extra code has introduced new styles which I cant see on the server. Not sure how they are being served? Doesnt look like a package clash or javascript problem.

Can you share the domain address so I can take a look at the problem?

Website is

It is this and appears in each block:

<div id="popupMenu"></div>
<div id="backMask" class="backMask">
<div id="pop" class="pop">
<div id="notice" class="notice">
<div id="notice_in" class="notice_in">
<div class="notice_in_svg">&nbsp;</div>
<div id="notice_in_span" class="notice_in_span"><span>We will support it soon! Click</span> <span id="external_ffmpeg" class="external_ffmpeg">2k/4k</span> <span>to download videos first.</span></div>
<div id="dialog" class="dialog">
<div id="dialog_close" class="dialog_close">&nbsp;</div>
<div id="dialog_in" class="dialog_in">
<div id="pro" class="pro"><span>Pro</span></div>
<div class="dialog_line">&nbsp;</div>
<div id="feature_explain" class="feature_explain"><span id="fee" class="fee"> <span>$ 2.99</span> <span> / month</span> </span>
<div id="feature_list" class="feature_list">
<ul id="feature_list_ul">
<li><span>1000+ embedded vimeo player sites supported</span></li>
<li><span>Support video downloading in more resolutions e.g. 4k, 2k, 1080p, etc.</span></li>
<li><span>Support for downloading private videos</span></li>
<li><span>Support for extracting audio</span></li>
<li><span>Unlimited downloads</span></li>
<li><span>Simple, one click to download</span></li>
<button id="dialog_get" class="dialog_get">Get</button></div>

Have you looked at your theme templates to see if this somehow been hardcoded into them.

SOLVED Turned out to be an unused addon so I removed it and can delete extra code without error message.

1 Like