Title: Malware Last modified: August 24, 2016 --- # Malware * [wasootch](https://wordpress.org/support/users/wasootch/) * (@wasootch) * [11 years ago](https://wordpress.org/support/topic/malware-41/) * My webhost just let me know that their scan found these files: * > Maldet Scanner: > {HEX}gzbase64.inject.unclassed.15 : /home/partysim/partysimplicity.com/html/ > wp-content/uploads/wysija/themes/pbvunwjf/qbpush.php > {HEX}php.nested.base64.533:/ > home/partysim/partysimplicity.com/html/wp-content/uploads/wysija/themes/libs/ > cache.php > Custom Scanner: > /home/partysim/partysimplicity.com/html/wp-content/uploads/wysija/themes/tmp/ > qckNh.php > /home/partysim/partysimplicity.com/html/wp-content/uploads/wysija/ > themes/pbvunwjf/qbpush.php /home/partysim/partysimplicity.com/html/wp-content/ > uploads/wysija/themes/libs/cache.php /home/partysim/partysimplicity.com/html/ > wp-content/uploads/wysija/themes/indextheme/maintheme.php * I think these are all malware and can be safely deleted. There are other .php files in other folders in this themes directory. Can all of these be removed? * What I find strange is this site: [https://sitecheck.sucuri.net/](https://sitecheck.sucuri.net/) * Is not finding these… * Any other advice you can give? Thanks! Viewing 3 replies - 1 through 3 (of 3 total) * Thread Starter [wasootch](https://wordpress.org/support/users/wasootch/) * (@wasootch) * [11 years ago](https://wordpress.org/support/topic/malware-41/#post-6121753) * My permissions on that uploads folder are 755… just an fyi. I think that is the correct setting? * I’ve added a .htaccess to that uploads folder that is supposed to disable .php scripts from running as per the advice of a blog post I read. * [Mark Ratledge](https://wordpress.org/support/users/songdogtech/) * (@songdogtech) * [11 years ago](https://wordpress.org/support/topic/malware-41/#post-6121761) * Carefully follow [FAQ – My Site Was Hacked](https://codex.wordpress.org/FAQ_My_site_was_hacked). * Then take a look at the recommended security measures in [Hardening WordPress](https://codex.wordpress.org/Hardening_WordPress) and [Brute Force Attacks](http://codex.wordpress.org/Brute_Force_Attacks) * Change all passwords. Scan your own PC. Tell your web host you got hacked; and consider changing to a more secure host: [Recommended WordPress Web Hosting](http://wordpress.org/hosting/) * If you can’t do the work yourself, consider looking for a reputable person on freelancing sites such as [Elance.](http://elance.com/)_ (FYI, it’s **not** a good idea to respond to unsolicited emails from forum users offering to work for you.)_ * Thread Starter [wasootch](https://wordpress.org/support/users/wasootch/) * (@wasootch) * [11 years ago](https://wordpress.org/support/topic/malware-41/#post-6121763) * But what I’m wondering mostly is are these particular files needed? I think they are not and are probably Malware…. I just wanted to make sure before I delete them. * I believe I’m on a reputable host. But perhaps not. It’s been fine up until the latest notification about WordPress having a vulnerability. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Malware’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 3 replies * 2 participants * Last reply from: [wasootch](https://wordpress.org/support/users/wasootch/) * Last activity: [11 years ago](https://wordpress.org/support/topic/malware-41/#post-6121763) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics