Title: {HEX}Malware.Expert.php.wilcard.function Last modified: September 8, 2025 --- # {HEX}Malware.Expert.php.wilcard.function * Resolved [pixelmm](https://wordpress.org/support/users/pixelmm/) * (@pixelmm) * [8 months ago](https://wordpress.org/support/topic/hexmalware-expert-php-wilcard-function/) * My Histing antivirus service have put in Quarantine these files due to a Malware detection. * **Elementor version 3.31.3** (**free version**) * **Files** /wp-content/plugins/elementor/assets/js/ai.js/wp-content/plugins/elementor/ assets/js/ai-admin.js/wp-content/plugins/elementor/assets/js/ai-gutenberg.js/ wp-content/plugins/elementor/assets/js/ai-unify-product-images.js/wp-content/ plugins/elementor/assets/js/ai-media-library.js * all infected by: ** {HEX}Malware.Expert.php.wilcard.function** * I don’t use the AI feature so my website was not broken by the file removal but you need to check these files better. Thanks Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Support [Milos](https://wordpress.org/support/users/miloss84/) * (@miloss84) * [8 months ago](https://wordpress.org/support/topic/hexmalware-expert-php-wilcard-function/#post-18632459) * Hello there, * Thank you for being so patient. * I see that you have issuw with your malware detection, i will try to expalin what notification you recived: * The signature you reported — {HEX}Malware.Expert.php.wilcard.function — comes from Malware Expert’s ClamAV rules, which are designed primarily to catch patterns in PHP malware. Your quarantined files are .js assets under wp-content/plugins/ elementor/assets/js/…, not PHP. These signature sets are known to cast a wide net and can trip on non-PHP files, causing false alarms. You can check more details here – [https://malware.expert/product/signatures/?utm_source=chatgpt.com](https://malware.expert/product/signatures/?utm_source=chatgpt.com) * So the filenames you listed (e.g., ai.js, ai-admin.js, ai-gutenberg.js, etc.) are standard Elementor AI-related scripts shipped with the plugin. They’re part of the editor experience, even if you don’t actively use AI features * In order to fix this ,you can try following: - Update Elementor to the latest release. - Restore/reinstall clean plugin files to replace anything quarantined. -Ask your host to review their signature hit and whitelist these specific JS paths( or update their signature DB). * Hope thsi will help you. * Kind regars, * Thread Starter [pixelmm](https://wordpress.org/support/users/pixelmm/) * (@pixelmm) * [8 months ago](https://wordpress.org/support/topic/hexmalware-expert-php-wilcard-function/#post-18632647) * Hi contacted my host and is confirmed as False positive. I leave the thread here so if someone have the same “problem” now is clear that is not a real virus 🙂 Thanks * Plugin Support [Rica](https://wordpress.org/support/users/ricav/) * (@ricav) * [8 months ago](https://wordpress.org/support/topic/hexmalware-expert-php-wilcard-function/#post-18638481) * Hi there, * Thanks for confirming with your host and sharing the resolution! You’re absolutely right – false positives can happen, and it’s great that you’ve documented this for other users who might encounter the same warning. * Thanks for keeping the community informed! * Best regards, Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘{HEX}Malware.Expert.php.wilcard.function’ is closed to new replies. * ![](https://ps.w.org/elementor/assets/icon-256x256.gif?rev=3444228) * [Elementor Website Builder - more than just a page builder](https://wordpress.org/plugins/elementor/) * [Frequently Asked Questions](https://wordpress.org/plugins/elementor/#faq) * [Support Threads](https://wordpress.org/support/plugin/elementor/) * [Active Topics](https://wordpress.org/support/plugin/elementor/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/elementor/unresolved/) * [Reviews](https://wordpress.org/support/plugin/elementor/reviews/) * 4 replies * 3 participants * Last reply from: [Rica](https://wordpress.org/support/users/ricav/) * Last activity: [8 months ago](https://wordpress.org/support/topic/hexmalware-expert-php-wilcard-function/#post-18638481) * Status: resolved