Title: Compromised file
Last modified: August 31, 2016

---

# Compromised file

 *  Resolved [Aidas](https://wordpress.org/support/users/frankenstein-uk/)
 * (@frankenstein-uk)
 * [10 years, 4 months ago](https://wordpress.org/support/topic/compromised-file-3/)
 * Hello,
 * I have been notified by my web hosting about malicious file they have detected.
 * The list of compromised files is as follows:
    `/wp-content/plugins/ewww-image-
   optimizer/optipng.exe`
 * I downloaded fresh copy and same file exist.
 * My hosting is webfaction.com
 * I had to delete the plugin ir order to get my site unblocked.
 * Thank you,
    Aidas
 * [https://wordpress.org/plugins/ewww-image-optimizer/](https://wordpress.org/plugins/ewww-image-optimizer/)

Viewing 10 replies - 1 through 10 (of 10 total)

 *  Plugin Author [Shane Bishop](https://wordpress.org/support/users/nosilver4u/)
 * (@nosilver4u)
 * [10 years, 4 months ago](https://wordpress.org/support/topic/compromised-file-3/#post-6952757)
 * Tell your webhost they have a false positive, I keep md5sums of all the files,
   and it has not changed or been tampered with.
 *  [daverempel](https://wordpress.org/support/users/daverempel/)
 * (@daverempel)
 * [10 years, 4 months ago](https://wordpress.org/support/topic/compromised-file-3/#post-6952839)
 * I had the same warning on a site where this plugin was installed. It was flagged
   by clamAV. I’ve run this antivirus many times before but only yesterday was this
   file flagged.
 *  [daverempel](https://wordpress.org/support/users/daverempel/)
 * (@daverempel)
 * [10 years, 4 months ago](https://wordpress.org/support/topic/compromised-file-3/#post-6952840)
 * just an update virustotal.com also flagged this plugin
 *  [marikamitsos](https://wordpress.org/support/users/marikamitsos/)
 * (@marikamitsos)
 * [10 years, 4 months ago](https://wordpress.org/support/topic/compromised-file-3/#post-6952841)
 * [@daverempel](https://wordpress.org/support/users/daverempel/) , [@nosilver4u](https://wordpress.org/support/users/nosilver4u/)
 * > just an update virustotal.com also flagged this plugin
 * Funny you should mention that. I just did a [check on the zip](https://www.virustotal.com/en/url/ee2e008c2c0b048a3e5ddb0d295cc9e3a5b5d18ac438152fba0afd61bf28bd2e/analysis/1453211961/)
   and everything seems fine. 🙂
 *  [daverempel](https://wordpress.org/support/users/daverempel/)
 * (@daverempel)
 * [10 years, 4 months ago](https://wordpress.org/support/topic/compromised-file-3/#post-6952842)
 * that is really odd. I redownloaded the zip and single file in question just an
   hour ago and both were flagged for me at virustotal. On the positive side only
   2 of the 50+ flagged the file.
 *  [marikamitsos](https://wordpress.org/support/users/marikamitsos/)
 * (@marikamitsos)
 * [10 years, 4 months ago](https://wordpress.org/support/topic/compromised-file-3/#post-6952843)
 * [@nosilver4u](https://wordpress.org/support/users/nosilver4u/)
    On the other 
   hand it does [show something](https://www.virustotal.com/en/file/52008faaf2d8f7f579165b40e6352292b021b955cb506855a2141e093bf315f4/analysis/1453211968/).
 *  Plugin Author [Shane Bishop](https://wordpress.org/support/users/nosilver4u/)
 * (@nosilver4u)
 * [10 years, 4 months ago](https://wordpress.org/support/topic/compromised-file-3/#post-6952844)
 * it’s still a false positive, it’s the same exact binary that’s been distributed
   for 17 months. I’ve run it on Windows myself, and it does nothing malicious.
 *  [Insomnis](https://wordpress.org/support/users/insomnis/)
 * (@insomnis)
 * [10 years, 4 months ago](https://wordpress.org/support/topic/compromised-file-3/#post-6952848)
 * Hey,
 * I’ve got the same error from my hoster by updating this plugin with ftp:
 * Virus ‘Win.Trojan.Agent-953871’ found in ‘/wp-content/plugins/ewww-image-optimizer/
   optipng.exe’
 * What to do?
 *  Plugin Author [Shane Bishop](https://wordpress.org/support/users/nosilver4u/)
 * (@nosilver4u)
 * [10 years, 4 months ago](https://wordpress.org/support/topic/compromised-file-3/#post-6952854)
 * [@insomnis](https://wordpress.org/support/users/insomnis/), ignore it, there 
   is nothing you CAN do, since it isn’t malware
 *  Plugin Author [Shane Bishop](https://wordpress.org/support/users/nosilver4u/)
 * (@nosilver4u)
 * [10 years, 4 months ago](https://wordpress.org/support/topic/compromised-file-3/#post-6952876)
 * [https://wordpress.org/support/topic/false-positive-on-virus-scan?replies=9](https://wordpress.org/support/topic/false-positive-on-virus-scan?replies=9)

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Compromised file’ is closed to new replies.

 * ![](https://ps.w.org/ewww-image-optimizer/assets/icon-256x256.png?rev=1582276)
 * [EWWW Image Optimizer](https://wordpress.org/plugins/ewww-image-optimizer/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ewww-image-optimizer/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ewww-image-optimizer/)
 * [Active Topics](https://wordpress.org/support/plugin/ewww-image-optimizer/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ewww-image-optimizer/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ewww-image-optimizer/reviews/)

 * 10 replies
 * 5 participants
 * Last reply from: [Shane Bishop](https://wordpress.org/support/users/nosilver4u/)
 * Last activity: [10 years, 4 months ago](https://wordpress.org/support/topic/compromised-file-3/#post-6952876)
 * Status: resolved