I've run into a strange situation and I'm glad the forum is here, 'cause I need help.
I recently started running readcontrols.com through Google Analytics. The service listed 2 pages that I cannot find on my server:
- funup.php (in root dir)
- surprise.php (in root dir)
Ring any bells? Not for me, and I don't like the names either. I suspect malicious code.
Here's what I've done:
installed 2 plugins TAC and Sucuri Security - SiteCheck Malware Scanner: both return a clean site/theme(s)
Checked entire server space with Filezilla search for the files.
I would like to know where these files come from.