Support » Plugin: Quttera Web Malware Scanner » How and where to remove malicious files found by Quttera

  • graffig

    (@graffig)


    Hi there,
    I was wondering if you could point me in the right direction as to how to find and remove dangerous files the plugin has spotted?

    Thank you so much for providing this plugin.

    Here are examples of some files the plugin has highlighted:
    FILE: /wp-includes/.6936ed31.ico
    FILE_MD5: 131bd1b2a7dc0f4e31b8a9c967416d49
    SEVERITY: enMaliciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 0ceafbe9b5aa18122c5823ec983ecbe2
    THREAT: <?php $_kfbcp8v = basename/*w3a*/(/*mwd5c*/trim/*x7*/(/*…
    DETAILS: Detected malicious PHP shell

    FILE: /wp-includes/SimplePie/Cache/.2370a44a.ico
    FILE_MD5: 1fa9ff795ec260d23aec637da0174b91
    SEVERITY: enMaliciousThreatType
    ENGINE: fscanner
    THREAT_SIG: e6f45c481b85212285b8a84ead124c78
    THREAT: <?php $_90l6r = basename/*49*/(/*u*/trim/*eq*/(/*gl*/pre…
    DETAILS: Detected malicious PHP shell

    FILE: /wp-includes/SimplePie/Decode/.8c55742b.ico
    FILE_MD5: 5bf2af25622ee259633f7d12454d21d3
    SEVERITY: enMaliciousThreatType
    ENGINE: fscanner
    THREAT_SIG: e4abb6a93881b428663314d75b160520
    THREAT: <?php $_9a5timd = basename/*z*/(/*osg8v*/trim/*wp*/(/*z*…
    DETAILS: Detected malicious PHP shell

    FILE: /wp-includes/images/.5d5a6b05.ico
    FILE_MD5: 46313f339baed7a2d8b550c2803750a3
    SEVERITY: enMaliciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 338d2d9dd78d6c9950fac9b8155e4395
    THREAT: <?php $_tql67kb = basename/*q*/(/*py*/trim/*mtl8*/(/*wj4…
    DETAILS: Detected malicious PHP shell

    FILE: /wp-includes/js/thickbox/.40d8bc75.ico
    FILE_MD5: 222ce49cfddeedfbdf7a7156cf7ddab2
    SEVERITY: enMaliciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 8f79be526aa5f47bec8d16888b5c290d
    THREAT: <?php $_jr5oi = basename/*m*/(/*nch35*/trim/*c*/(/*1w2*/…
    DETAILS: Detected malicious PHP shell

Viewing 1 replies (of 1 total)
  • Plugin Author quttera

    (@quttera)

    All paths mentioned in the report are relative to the website root directory.

    These files are accessible either via cPanel or via FTP.

    For example, if your website locates at /public_html/ folder then /wp-includes/js/thickbox/.40d8bc75.ico file will locate at this path

    /public_html/wp-includes/js/thickbox/.40d8bc75.ico

    Please note that file names start with “.” (dot symbol) which is interpreted as “hidden file” by some shells.

    If you still unable to locate these files, please send paths of infected files to hosting support team and they will assist you to locate these files.

    Best Regards,
    Quttera Team.

Viewing 1 replies (of 1 total)
  • The topic ‘How and where to remove malicious files found by Quttera’ is closed to new replies.