SiteCheck Signatures

  1. Home
  2. Docs
  3. SiteCheck Signatures
  4. malware-entry-mwjs1211


Description: Encoded javascript malware to load the "Fake AV" virus from
multiple domains.

After decoded, it load iframes from sites like,, etc.

Affecting: WordPress-based web sites.

Clean up: Malware is hidden at the header.php inside the themes directory.

Malware dump: