J2Store plugin malware Topic is solved

[jdmoet3]

Hi, I have been using J2Store for my ecommerse needs.

However, all of sudden I get a message from my hosting company saying my site has malware and will be taken offline in 7 days. When I go through safeguarding maleware check, these file show up as having a problem. See iamge below.


1 - is the only way to access these files via an FTP program?
2 - if I delete them (the site might break), will that solve the issues?
3 - an update is available, will paying for the update overite these file?

Many Thanks.

[Webdongle]

Deleting the files from the server will not wreck your site viewtopic.php?f=714&t=946026

[mandville]

are you sure it has malware? is your file scanner being to aggressive? are you using an insecure version ? https://www.j2store.org/blog/general/j2 ... y-fix.html

[jdmoet3]

Hi,

I'm not sure what either.

My hosting company Siteground sent me an email adviising of malware. The only offer of help was to pay $199 to a patner company of theirs called Sucuri https://sucuri.net/website-security-platform/signup/. Does this sound right?

Here are some of the files they say are infected.

Code: Select all

URL	
Malware found in the URL: https://noordinarybookshop.co.uk/index.php?option=com_content&view=article&id=45&Itemid=163	

Malware found in the URL (for Google's UA): https://noordinarybookshop.co.uk/	

Malware found in the URL: https://noordinarybookshop.co.uk/index.php?option=com_j2store&view=producttags&tag=appalonia&Itemid=162	

Malware found in the URL: https://noordinarybookshop.co.uk/index.php?option=com_j2store&view=checkout&Itemid=190	

Malware found in the URL: https://noordinarybookshop.co.uk/index.php?option=com_users&view=remind&Itemid=101	

Malware found in the URL: https://noordinarybookshop.co.uk/index.php?option=com_content&view=article&id=259&Itemid=101

I have a few system backups, would it better restore to an earlier date?

Thanks

[mandville]

i would check the j2 forums for any similar incidents of this,
i also see that its picked up google UA code as malicious!?!

Malware found in the URL (for Google's UA): https://noordinarybookshop.co.uk/

i would ask the host to recheck their virus scanner or to enable it so you can run a scan with a different company.. securi offer a free scan along with other comapnies

go in via ftp/cpanel and clear your tmp folder and get them to recheck

[jdmoet3]

@mandville - Thanks very much for the quick response.

Unfortunately, Its virtually impossible to get in touch with Siteground on this issue. When I fix the issues they ask me to request another scan of the site. No other contact details.

I will follow your advice as soon as I can get past their automated systems.

Thanks again.

[Webdongle]

...

I have a few system backups, would it better restore to an earlier date?

...

Not if you've been hacked. You could have backed up hack files.

[jdmoet3]

Thanks for all your help.
I have had to pay a company to purge the site of the affected files.
Hope all will be good now.
Best...

[mandville]

i hope that during the cleaning process you got advised to update your site and any extensions.