3in1 page highjacked by i.trkjmp.com (SOLVED SORTA)

This just showed up a couple of days ago. When the 3in1 script loads after about 3 secs I get a page with “| Bookmark page (CTRL-D)” and it appears that it’s trying to load data from i.trkjmp.com. This is a known malware site. I’ve run Malwarebytes and several anti virus programs with the same results. I’ve tried numerous fixes as suggested in Google searches with the same results. It only does this with FireFox or Chrome. IE works correctly. I’ve taken the link off of my flyout-menu, but the link is MikeyMs Thornhurst PA Weather with PHP & AJAX - WXSim 3in1 Page
Any suggestions would be GREATLY appreciated.

Thanks

:?

MikeyM


Have you checked your 3in1 page script for the code?
It’s more than likely to be on there than in your browser and if you find something then re-upload the page if you have a copy on your PC and then change your FTP and account passwords.

Googling for i.trkjmp it looks be a PC malware problem, is that the only page that ever shows the message?

Budgie, Yes I’ve checked the script and even deleted it on the server and reloaded it.

Niko, yes definitely appears to be malware, but Malwarebytes isn’t finding anything and yes, it only shows up on that one page

Thanks for looking.

MikeyM

OK I removed all subdirectoies on the server relating to the 3in1 script and reinstalled everything on the server relating to the 3in1 scripts with the same results.

MikeyM

Sounds like an .htaccess file in a directory is infected with a trojan and redirecting to the malware site? It may have been put there by a “backdoor” by the hackers. Once you have cleaned up any .htaccess files then check your directories for any php page names that you don’t recognise (e.g. random characters).

Thanks all
After hours and hours of troubleshooting this I just removed the 3in1 script from my site for now. Thanks

Cheers

:frowning:

MikeyM