Title: Suspicious files
Last modified: August 30, 2016

---

# Suspicious files

 *  [Johan](https://wordpress.org/support/users/drredfox/)
 * (@drredfox)
 * [10 years, 10 months ago](https://wordpress.org/support/topic/suspicious-files/)
 * Hi,
 * My site has been hijacked a few days ago. The attacker overwrited my instalation
   of wordpress. I’ve managed to recover the site , but a virus scan has detected
   a few files that are infected with trojans.
 * The files are named:
    – wp-loads – wp-credits – wp-ssl – \plugins\spider-event-
   calendar\images\search.php – \theme-compat\modx.php
 * Are this files from the wordpress original installation? Or they could be from
   the malicious website?
    I’ve inherited the website from another person who created
   it, so Im not sure if there are common. My knowledge of php and wordpress is 
   very, very basic.
 * Thanks,

Viewing 1 replies (of 1 total)

 *  Moderator [t-p](https://wordpress.org/support/users/t-p/)
 * (@t-p)
 * [10 years, 10 months ago](https://wordpress.org/support/topic/suspicious-files/#post-6347020)
 * You need to start working your way through these resources:
    - [https://codex.wordpress.org/FAQ_My_site_was_hacked](https://codex.wordpress.org/FAQ_My_site_was_hacked)
    - [https://wordpress.org/support/topic/268083#post-1065779](https://wordpress.org/support/topic/268083#post-1065779)
    - [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
    - [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * Additional Resources:
    - [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/)
    - [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/)
    - [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)

Viewing 1 replies (of 1 total)

The topic ‘Suspicious files’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 1 reply
 * 2 participants
 * Last reply from: [t-p](https://wordpress.org/support/users/t-p/)
 * Last activity: [10 years, 10 months ago](https://wordpress.org/support/topic/suspicious-files/#post-6347020)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics