My 2.7.1 blog was attacked last week with the same script discussed here:
I've been removing the files that were attacked, and will need to probably do a fresh install. However, there are numerous files in my root that look suspicious and I'm unsure of, and I don't recall them being there prior to the attack.
I'm wanting to remove the files, but not sure what they are, so I don't want to remove them without first knowing what they are. I'm only running WordPress on my site. There are 4 files, with the following names, and as mentioned above they are in my root directory:
Are those files supposed to be there, or are they from the attack that occurred on my site? Any help would be appreciated. Thank you!