I took a look at the lightbox-pop plugin (latest version – which one are you running?) and it doesn’t seem to have these two files:
lightbox-pop/admin/create.php
lightbox-pop/admin/lightbox-key.php
So it’s probably safe to say they are not supposed to be there.
Now, I would suggest opening up that install.php file in a text editor (don’t execute it!) in the /admin directory and take a look at the code.
If it doesn’t look like this then it is infected:
http://pastebin.sucuri.net/8h64jl
The easiest way to fix this problem would just be to delete those plugin files and replace them with fresh copies 🙂
There might be a backdoor somewhere in your site, too, so it would be prudent to replace your core WordPress files just in case, and make sure to change all passwords associated with your website.
sorry forgot to update. yes, the plugin had been injected with malware and contained extra code and files that were not in the original plugin
hi mike
those files are present in premium version.
and it is not an issue. those files are safe
Hi there,
I Also got the three warnings regarding the following –
This file may contain malicious executable code: /public_html/wp-content/plugins/xyz-wp-popup/admin/create.php
Filename: wp-content/plugins/xyz-wp-popup/admin/create.php
File type: Not a core, theme or plugin file.
Issue first detected: 10 hours 36 mins ago.
Severity: Critical
Status New
This file may contain malicious executable code: /public_html/wp-content/plugins/xyz-wp-popup/admin/manage.php
Filename: wp-content/plugins/xyz-wp-popup/admin/manage.php
File type: Not a core, theme or plugin file.
Issue first detected: 10 hours 36 mins ago.
Severity: Critical
Status New
This file may contain malicious executable code: /public_html/wp-content/plugins/xyz-wp-popup/admin/xyz-wp-popup-key.php
Filename: wp-content/plugins/xyz-wp-popup/admin/xyz-wp-popup-key.php
File type: Not a core, theme or plugin file.
Issue first detected: 10 hours 36 mins ago.
Severity: Critical
Status New
Then, After I activated using the purchase Key, I this warning,
WordPress core file modified: wp-settings.php
Filename: wp-settings.php
File type: Core
Issue first detected: 10 hours 54 mins ago.
Severity: Critical
Status New
Really like the plugin and would like to solve the issues, as I think it looks great.
ERROR WITH LICENSE KEY – WP 4.1 – I since updated the core files to 4.1, but now the License Key activation will not work. The Core WP warning has now gone, but the three other warnings are still there.
I tried to contact support and log a ticket there through the members area, but I am locked out?, advises that my account does not exsist?, tired to reset password and also no luck? Purchased plugin yesterday, not sure what the issue is.
Have sent a email to support, but if you could kindly please advise what I should do would be great.
hi these are not malicious codes
i believe you have already received response from support
