1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

3-Step Fix for your rr.nu WordPress Virus Outbreak

windchill features best plm software
Written by SPK Blog Post
Published on March 9, 2012

Symptoms of the rr.nu WordPress Virus:

WordPress-based websites infected with the virus are redirecting visitors to a fake virus-scan website. The URL looks like http://*.rr.nu.

When you check the files on your server, the following line is inserted into your .php files, such as wp-config.php:

<?php /**/ eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNz


Remove all instances of the offending code. The problem is it typically requires finding and editing 300 files; most websites will tell you to delete your entire WordPress installation and reinstall, but here are instructions on removing the malware without reinstalling each plug-in:

    1. CHANGE YOUR PASSWORD. Change all your passwords, everywhere. Your website was compromised because your password failed.
    2. BACKUP YOUR DATA. Make a copy of your entire website and keep it locally – better safe than sorry!
    3. RUN THE SCRIPT. Attached is a BASH script that will fix the problem. You’ll want to put it in your WordPress directory, mark it as executable, then run it. Click here to download the remove-rr-nu-virus.sh script.
    4. (Alternately, instead of downloading the script you can go to your WordPress install directory and paste this paragraph into a relatively large, single line of executable code into the console. Note that it’s multiple lines here, but needs to be executed as a single line in Linux.)
for file in $(grep -Hlr "aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcp
BnZX" .); do sed -e "s/));?>/));?>\n/g" $file | sed -e "/aWYoZnVu
MoJ21yb2JoJykpeyAgICBmdW5jdGlvbiBnZX/d" > $file.temp; mv $file.te
mp $file; echo Fixed infected file $file; done

There’s no problem that can’t be solved – it’s just a matter of having the right resources and knowing where to find the best answers!  If you believe your wordpress website has been hacked, and if the above seems like Greek to you, send us an email at support@spkaa.com and we can help you get your website back under your own control!

Latest White Papers

2023 Global DevSecOps Report

2023 Global DevSecOps Report

Productivity and efficiency are top priorities for many organizations, as seen from the 2023 Global DevSecOps Report. It is no coincidence these two priorities are also the driving forces of DevOps. Explore how businesses utilized DevOps practices to achieve success...

Related Resources

Exploring the Powerful Features of Creo AAX for Complex Assemblies

Exploring the Powerful Features of Creo AAX for Complex Assemblies

Manufacturing can be an intricate and time-consuming process. It is important to utilize the proper software for successful execution, especially when working with complex assemblies. Complex assemblies typically have a high part count of diverse components and...

Using SPK vCAD to Address the Top Time-Wasters in Your Old System

Using SPK vCAD to Address the Top Time-Wasters in Your Old System

Computer Aided Design has replaced manual design drafting, but with the rise of vCAD will traditional CAD systems also be replaced?  Traditional CAD systems work well for designing accurate design representations, but they require extremely powerful (and expensive)...