Theme has viruses

Hello, we have the Norto Theme (Norto - Creative Portfolio WordPress Theme by KnightleyStudio | ThemeForest) and google have turned off our ads because there is malware files in the theme. We have tried to remove them from our end but they are still flagged by google and buried deep in the theme somewhere. These are the two links that google have flagged as viruses:
https://norto-theme.knightley-studio.press//wp-content/uploads/2019/04/home-3.jpg
https://norto-theme.knightley-studio.press//wp-content/uploads/2019/07/line-1.png
We have contacted the theme author with no response - we really just need these files removed and the rest of the theme links checked to make sure there is no other malware. Not sure where else we can mention this so we are posting here. Theme is still for sale on Envato so potentially risking other users with Malware.

so where is the URL you claim to have issues on? the links you have provided are not where your website is located are they?

Our site is www.foodtruckleague.nz - as you will see we are using the Norto theme, where the links are though we don’t know, if you can find them please let us know as google is blocking our ads due to these links.

If you Google it this is not a common issue where Google’s algorithm misinterprets theme or plugin code to be malicious.

Go on YouTube and there are loads of videos around what you can do but most likely it is nothing to do with the theme

Thanks for your input and I’m sure we can sort our site. The purpose of the post is really to get the theme creator to address the issue because if it is flagged on our site it will be flagged on others too. Also I’m sure Envato don’t want to be selling a theme with known issues.

Your website shows as clean - no infections.

That is because the viruses are not actually on our site (see original post), but google still blocks us when the infected files are on the theme developers site and are being referenced from somewhere inside the theme or sample files. See attached.

@leetwobrothers - I get that.
So if the theme files as you say is infected, or being referenced from inside the theme or sample files, then can you do not do a source code check for the infected references?

it could be anything not just the theme:

Yes and we have done that - found one set of links to those locations and removed them - however google is still saying there is still malicious code. It has been a bit of a nightmare and is still not resolved. We have been through multiple how-tos and documents, tons of malware scans (free and paid), multiple rounds with google and it still comes back rejected by google, so we really just want the theme developer to fix it from their end to ensure it doesn’t happen to someone else (and it’s a bad look for Envato too). We are probably at the stage where we will rebuild the theme ourselves and hopefully that will solve the problem as our site is clean.

Does google not give more info on the thing it doesn’t like?

I’m not sure if the author is going to be able to fix something if there’s not exact clarity on what it is.

1 Like

Read the top post - I have included the links that are referenced by google as the problem.

Those images that it has flagged are:
a) not available and
b) sat on a parked domain that is for sale and redirects on loading

I would strongly suspect that it is that which Adwords are not keen on (I know it’s possible but far less likely to be the actual image).

If you find where that image appears in the theme then you can either take it out/change it/alter the URL to a clean one.

So why have a sub-domain?

It looks like to me you that you probably ran this on a sub domain first, then moved it to the main URL. I agree with @charlie4282 that this is more than likely an issue that is not to do with the theme, but more than likely, the adwords, or you have left some sh!t on a sub-domain, that is causing issues.

As an example - any website should only have a main URL no?

It’s 100% that source URL -
https://norto-theme.knightley-studio.press//wp-content/uploads/2019/04/home-3.jpg YET clicked it is an unsecured link beginning ww43.nort

Thanks for the ideas guys. Have re-scanned both the database and the website source code looking for the links without being able to find anything. Also deleted the subdomain if that was causing an issue. Rebuilt the cache in-case it was being stored in there somewhere. Might be a google issue, but not really getting any progress with them on it. I guess I will have to rebuild the theme.