Posted on May 21, 2010 - by CDS, 4 Comments

Fix for HolasionWeb WordPress GoDaddy Virus

If you have a WordPress app version 2.9.2 hosted by GoDaddy, and have been experiencing issues lately, there’s a good chance you have the HolasionWeb Virus. To check, log into the WordPress admin. The first thing you might notice is that your admin panel may be all screwed up and look something like this:

If you’re seeing something like this, you probably have the virus associated with holasionweb.com (don’t go to this website, it is not safe). The virus plants a javascript from the holasionweb.com website in either the header or footer of your WordPress admin. Although the virus so far doesn’t appear to do much besides screw up your admin interface, it is still an alarming breach that should be handled immediately. Also note that if you are using a blog feed application, such as SimplePie, it will likely cause your feed to disappear completely. That is exactly what led to the discovery of this virus running on a clients website today.

How to Get Rid of holasionweb.com Infection

First thing, re-upload your wp-admin and wp-includes folders. This will fix your admin interface issues, but will not get rid of the virus. To get rid of it, I found this handy little program by http://www.sucuri.net (via http://www.dlocc.com) that effectively removes the malware.

1. Download the HolasionWeb Script Fix
2. Unzip and upload wordpress-fix.php to your WordPress directory.
3. Run the script by going to http://www.YourSite.com/wordpress-fix.php (note that if your blog is in a subdirectory, you would navigate to http://www.YourSite.com/subdirectory/wordpress-fix.php)
4. The detection and removal should take a few moments, and you will see the progress detailed on the page.

Here’s a link to the original solution: http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html

Hope that works for you and Happy Blogging!