malicious file — wp-includes/task-item.php | WordPress.org

Resolved djaaweb
(@djaaweb)

8 years, 8 months ago

Our site was hacked, and I’ve been going through and cleaning it as much as possible.

When we run Wordfence Scans, it gives us the following.
https://imgur.com/a/wQsY3

———————————————————————————–
File appears to be malicious: wp-includes/task-item.php
Filename: wp-includes/task-item.php
File Type: Not a core, theme or plugin file.
Issue First Detected: 5 mins ago.
Severity: Critical
Status New
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “eikooctesOSW+noitcnuf”. The infection type is: Webshell:PHP/WSO-strrev.
——————————————————————————

I can’t find anything about this file, or this hack.

When I delete the file, it gets recreated.

This also occurs for wp-admin/css/.bt which seems to be suspicious but when deleted it gets re-created again.

Has anybody come across this?

Viewing 1 replies (of 1 total)

wfyann
(@wfyann)

8 years, 8 months ago

Hi @djaaweb,

Most likely a backdoor is still making it possible for those malicious files to be created over and over again.

I suggest you follow our site cleaning guide in order to make sure your site is no longer compromised.

Viewing 1 replies (of 1 total)

The topic ‘malicious file — wp-includes/task-item.php’ is closed to new replies.

1 reply
2 participants
Last reply from: wfyann
Last activity: 8 years, 8 months ago
Status: resolved