I have a shared hosting account through netfirms.com and my account keeps getting suspended because (according to netfirms) my wp account has been compromised. Apparently my account is being used to send mass spam mails through the script 'wp-admin/user/profile-edit.php'. I was told to delete the compromised file, but EVERY TIME I go do that, the file is no where to be found. This happens just about every week now. I reset my password every time this happens.
The first time this happened, I noticed the following files in my home directory: backdoor.tmp, clean.tmp, list.tmp, malware.tmp. I deleted them, hoping that would be the end of it, but it still happened. I also found a few files in my wp directories, one which stood out was a emailform.php file. This stood out because the code seemed to be an email script with an email address I didnt recognize: firstname.lastname@example.org (The code can be found below). Not sure whats going on, but I would appreciate any help. Thanks