Malware detection causes invisibility?

thanks Jan. the only thing iPage sent me was details of the files to be pulled, not them actual hack/code

wp-includes/css/dashicons.min_prevv1.php
wp-includes/SimplePie/HTTP/Parser_old.php
wp-includes/js/tinymce/plugins/wplink/plugin_backup.php
wp-includes/js/tinymce/plugins/tabfocus/plugin_prevv1.php
wp-includes/js/tinymce/license_new.php
wp-includes/js/tinymce/skins/lightgray/fonts/tinymce_bck_old.php
wp-includes/js/tinymce/skins/e43ca6aa_old.php
wp-includes/js/jquery/ui/jquery.ui.effect-clip.min_new.php
wp-includes/images/wlw/wp-comments_new.php
wp-includes/feed-rdf_new.php
wp-admin/css/revisions-rtl_old.php
wp-admin/css/colors/blue/colors-rtl.min_new.php
wp-admin/css/colors/coffee/colors.min_new.php
wp-admin/css/colors/ectoplasm/colors.min_infoold.php
wp-admin/css/colors/_mixins_new.php
wp-admin/includes/theme-install_bck_old.php
wp-admin/js/language-chooser_bck_old.php
wp-admin/network/site-users_indesit.php
wp-admin/images/spinner_new.php
wp-admin/post-new_new.php
wp-content/plugins/smooth-slider/29d96019_prevv1.php
wp-content/themes/weaver-ii/includes/admin-pro_ver1.php
wp-content/themes/weaver-ii/js/PIE/PIE_uncompressed_backup.php
wp-content/themes/weaver-ii/js/superfish/images/rtl-arrows-ffffff_prevv1.php
wp-content/themes/weaver-ii/f0bfe24e_ver1.php
wp-content/themes/weaver-ii/functions.php
wp-content/themes/DarknessGame/functions.php
wp-content/themes/DarknessGame/images/social-icons/email_old.php
wp-content/themes/DarknessGame/css/screen_noversion.php
wp-content/themes/GamingZone/functions.php
wp-content/themes/GamingZone/menu/custom_indesit.php
wp-content/themes/GamingZone/archive_infoold.php
wp-content/themes/iGaming-2.0/functions.php
wp-content/themes/GameBlack/functions.php
wp-content/themes/GameBlack/images/search_ver1.php
wp-content/themes/twentyfourteen/images/fcb181c2_bck_old.php
wp-content/themes/twentyfourteen/functions.php
wp-content/themes/GamingWeb/functions.php

these are the offending files, apparently?

Jamie

those files ( and every other theme ) have been deleted. but I still do not see how the files could have got into the website?

if someone can guess the password then fair play, they have got some amazing brain on them to get past a special char, alpha numeric, upper and lower case of 32 digits

but from my end, ( and this being the ONLY computer that has database access ) I don’t understand how they got in without hacking this computer, which they didn’t?

that is my main issue.

iPage seem reluctant to indicate how they found out, how they identified the hacked files but failed to delete them and instead opted to shut us down and then say £” but if you pay us we will do it for you “

the files are fixed now ( through our own efforts not iPage’s ) and we will be relocating the website to a new host ( 1&1 or Blue Host, probably? Arvixe have a poor uptime ratio of only 76% ) . But I would still LOVE to know how ‘they’ did it

hi guys, thanks ever so much for all the great advice. I am not the most clued up when i comes to code and the technical side of things but I can always count on the WP community to come to my resue.

Apparently they got in through YouTube plug in.

The plug in has been removed and replaced.

thanks to everyone at WP. You guys are the very best!

okay Yogi, theme disabled…..now what do I do? Should I just rebuild with a different theme? I don’t want to re-install and I don’t want to use the provider of the theme again if they have issues with WP