Title: cgallery's Replies | WordPress.org

---

# cgallery

  [  ](https://wordpress.org/support/users/cgallery/)

 *   [Profile](https://wordpress.org/support/users/cgallery/)
 *   [Topics Started](https://wordpress.org/support/users/cgallery/topics/)
 *   [Replies Created](https://wordpress.org/support/users/cgallery/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/cgallery/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/cgallery/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/cgallery/engagements/)
 *   [Favorites](https://wordpress.org/support/users/cgallery/favorites/)

 Search replies:

## Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)

 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Is this a false positive?](https://wordpress.org/support/topic/is-this-a-false-positive/)
 *  Thread Starter [cgallery](https://wordpress.org/support/users/cgallery/)
 * (@cgallery)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/is-this-a-false-positive/#post-4287675)
 * Well, I think I have a handle on it.
 * First of all, the working through the list of ten links didn’t help me much. 
   Just too much information for me.
 * The first tip I’d advise anyone else facing this is, install the antivirus product,
   and have it scan the themes, and take whatever it tells you very seriously.
 * I found I had crap in my database (things like “lavitra” but spelled backwards,
   making them difficult to find).
 * Then I found the functions.php was hacked and had to remove a bunch of code at
   the bottom.
 * I’m not responsible for this side, but the WP “professional” didn’t have a clue.
   I’ve locked him out and tonight I’m going to ask him if he has a copy of the 
   functions.php, and I’ll see if that one if infected, too.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Is this a false positive?](https://wordpress.org/support/topic/is-this-a-false-positive/)
 *  Thread Starter [cgallery](https://wordpress.org/support/users/cgallery/)
 * (@cgallery)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/is-this-a-false-positive/#post-4287673)
 * Well, looks like it WAS pointing me in the right direction. I found a _metaog_x
   in the wp_options table and it had a bunch of drug links (all spelled backwards
   to make detection more difficult). I changed the option name and now the antivirus
   isn’t tripping on that aspect, but still doesn’t like the unserialize strrev,
   so I have to look into that.

Viewing 2 replies - 1 through 2 (of 2 total)