Plugin Author
Eli
(@scheeeli)
Yes, you need to register to download the latest definition updates. Then you will be able to automatically remove the Known Threats.
…i see but only the Known Threats, not the Potential Threats? Am i right? If it will find Potential Threats there isn’t any problem? Site is clear?
Plugin Author
Eli
(@scheeeli)
Potential threats should not be removed manually unless you can confirm that they contain malicious code. The new definitions may identify some of those potential threats as known threats and remove the malicious code from those infected files for you automatically.
Please let me know the results of the scan after you download the latest definition updates.
Aloha, Eli
The results of scan is the below:
0 Quarantined Files
Found 0 htaccess Threats
Found 0 TimThumb Exploits
Found 128 Backdoor Scripts
Found 9843 Known Threats
Found 0 Core File Changes
Found 103 Potential Threats
61681 Scanned Files
13174 Selected Folders
13172 Scanned Folders
0 Skipped Folders
14795 Skipped Files
2 Read/Write Errors
The checked files are been fixing right now.
Some of the files (a large amount of them) have been fixed and the other are Quarantine. Some of them are these and i believe i must delete them:
/public_html/wp-content/uploads/wysija/temp/az1.php
2015-11-17 16:47:032015-11-16 09:31:38Q…/public_html/wp-content/uploads/wysija/az1.php
2015-11-17 16:47:032015-11-16 09:31:38Q…/public_html/wp-content/uploads/2014/07/az1.php
2015-11-17 16:47:032015-11-16 09:31:38Q…/public_html/wp-content/uploads/2014/06/az1.php
2015-11-17 16:47:032015-11-16 09:31:38Q…/public_html/wp-content/uploads/2014/05/az1.php
2015-11-17 16:47:032015-11-16 09:31:36Q…/public_html/wp-content/uploads/2014/04/az1.php
2015-11-17 16:47:032015-11-16 09:31:11Q…/public_html/wp-content/uploads/2014/03/tetqwqsadmXxxIA
2015-11-17 16:47:032015-11-16 09:31:11Q…/public_html/wp-content/uploads/2014/03/tetqwqsadmXXEHe
2015-11-17 16:47:032015-11-16 09:31:11Q…/public_html/wp-content/uploads/2014/03/tetqwqsadmX5Bnz
2015-11-17 16:47:032015-11-16 09:31:11Q…/public_html/wp-content/uploads/2014/03/tetqwqsadmWySWj
2015-11-17 16:47:032015-11-16 09:31:11Q…/public_html/wp-content/uploads/2014/03/tetqwqsadmWfevL
2015-11-17 16:47:032015-11-16 09:31:11Q…/public_html/wp-content/uploads/2014/03/tetqwqsadmWUsTf
Invalid or expired Nonce Token!d06b03343ec1c74b76ae418f56fda8c8?page=GOTMLS-View-Quarantine!found
Invalid or expired Nonce Token!128b731a17b10b96837f65aac008f2e9?page=GOTMLS-View-Quarantine!found
Part of messages i take when i try to delete them…!
Plugin Author
Eli
(@scheeeli)
You don’t have to delete any of the items in the quarantine. The quarantine is just a list of files that have already been cleaned. No further action is required.
I had the above files i saw you in my ftp. I delete them through filezilla but when i came back into the folder they were there!!!!
So and because i have big problem (although they were quarantine) i didn’t want to take further chances…so i will make a clean installation of wordpress changing at the end the wp-config.php file so it can connect with the database.
For the time being deleting stick at the problematic directory with the 9998 files.
I will have patience…
Plugin Author
Eli
(@scheeeli)
To be clear, my plugin will automatically remove known threats from infected files. Some of these files may also have good code in them so it is not recommended to delete the files completely unless you know that they are not needed. Manually deleting WP Core Files or files that are part of an active plugin or theme can break the site or cause it to become unstable.
It may be that your server still has a vulnerability that is allowing these same files to become reinfected after you clean them. If that is the case then you should look in your access_log files to see if there is a script that is being exploited to re-write these files.
Let me know if you find anything malicious that my plugin is not identifying as a Known Threat.
Aloha, Eli
Tell me something: The only Potential Treat i am founding right now is
…/wp-content/plugins/contact-form-7/includes/js/scripts.js
Is this something i must worry about or not?
i am asking because my client keeps ringed by the avast antivirus in his site.
Plugin Author
Eli
(@scheeeli)
I think that contact-form-7 file is ok, it’s probably just got the eval function in it or something but I don’t think it’s malicious.
If your site is flagged or blacklisted by avast then you should look for a reason, a date, and a way to request a review. Once you have been flagged it sometimes takes a while to get off their list.
Maybe you could post a link to the site so I could see more…
Plugin Author
Eli
(@scheeeli)
But i don’t use mcafee. How does this works?
i choose some fields when it asked me yo to 3 categories. I didn’t understand them…anyway they will inform me i 3-5 business days.
