Gootloader infection cleaned up

Uncategorized Comments Off on Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 295 malicious pages. Your blogged served up malware to 19 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs ( and, either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.


The Internet Janitor

Below are some links to research/further explaination on Gootloader:

This message


Family Fun, Mousekeplanner No Comments

Since I am updating news today…. I am now a registered Disney Travel Agent with! I have completed my training and passed my test with the College of Disney Knowledge so please send any and all requests for travel with Disney (any destinations) or any other cruiselines, Sandals, and Beaches to!!

Come Meet Maybelle!

Family Fun, House, Mountain Trail Farm No Comments

Since I was posting on I thought I would also post on my mom’s pet chicken, Maybelle. She wears two bracelets so we know which one she is and won’t sell her accidentally. My mom has to check the chicken house every night before we close the door to make sure Maybelle is safe and sound!!

Visit Us at the Farm!

Family Fun, House, Mountain Trail Farm No Comments

Nathan and I are now living on a farm! We have close to 700 chickens and we are selling farm fresh free range eggs and live chickens! We also have 4 Kune Kune pigs, 4 dogs, and 1 cat! You can find our farm website at


Missing Pictures

CommerceV3, Florida No Comments

I have found that I am taking more pictures with my phone lately because I can instantly post them to Facebook. Yesterday I decided to clean out my phone and emailed a bunch of pictures to myself that I wanted to post here. Something happened in cyber space and they never landed in my email and I was stupid to delete them after I emailed them thinking they would be safe on my computer. Guess that is a lesson learned.

It appears that we have managed another successful conference this year. Everyone enjoyed themselves. They liked the hotel, the food, and the employees. Now to start the planning for 2013!

« Previous Entries