Support » Plugin: AntiVirus » True virus ?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter qut1

    (@qut1)

    You can see the problem in front here : https://i.postimg.cc/7Dn5Sw-nw/wtf.jpg

    Thread Starter qut1

    (@qut1)

    Ok I deleted many lines in all fonctions.php, seems to be okay now. Many thx to this plugin !

    Plugin Support Torsten Landsiedel

    (@zodiac1978)

    Hi @qut1,

    sorry for the late reply, but yes, this looks like malware.

    In general all file functions are suspicious and need to be checked but the line with code.php from an external server is definitely not okay. And there is no file in /wp-includes/wp-tmp.php – if there is one, this is not from WP.

    I recommend checking the whole webspace and get through this list:

    FAQ My site was hacked

    Good luck!

    All the best,
    Torsten

    Thread Starter qut1

    (@qut1)

    Hello @zodiac1978 !

    Thank you very much for your help, I have identified and deleted 3 files in wp-includes which was too much compared to my other wordpress installations :
    – wp-feed.php
    – wp-tmp.php
    – wp-vcd.php

    Now in I have 188 files and 18 folders for a size of 5,930,846 bytes in wp-includes (filezilla)

    Again thx to you and your work. 🙂

    Plugin Support Torsten Landsiedel

    (@zodiac1978)

    Hi @qut1,

    I recommend doing more checks, like integrity checking with Site Health (under tools):
    https://de.wordpress.org/plugins/health-check/

    Because this the first one is just for WP core you can check the integrity of your theme and plugins with this plugin:
    https://de.wordpress.org/plugins/wp-cerber/

    The best solution is to restore a backup from before the hack. If this is not possible you can remove WP core (be careful wp-config.php should stay and the /wp-content-folder too). These must be checked manually. But the rest should be replaced with fresh downloaded files.

    All the best
    Torsten

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘True virus ?’ is closed to new replies.