Files being generated in wp-admin – are they malicious files?

  • Files are being generated in wp-admin at random intervals, somewhere between a week and two weeks.

    They share a file naming structure of pThumb+some random string, for example:

    pThumbEZR8rH

    These files do not have file extensions although they are encoded as png files.

    I am running WordFence.

    Here is what I have done, without making any difference:

    1. Replaced the ENTIRE wp-admin & wp-includes directories with fresh directories
    2. WordFence scans show no malware
    3. Securi scans show no malware
    4. Looked through Theme files, Plugin files, not seeing any obvious code injections
    5. Checked .htaccess and wp-config files, not seeing any obvious code injections
    5. Searched online, not turning up any references to pThumb files

    I am wondering specifically:

    Has anyone else encountered pThumb or other files being generated in the wp-admin directory? Were you able to fix it?

    And generally:

    Should I keep trying to fix this (are these files indeed malicious?)

Viewing 1 replies (of 1 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    It sure sounds suspicious to me. In WordFence, check the scan options to scan image files as executable (check *all* the boxes you can, in fact) and run a scan.

Viewing 1 replies (of 1 total)
  • The topic ‘Files being generated in wp-admin – are they malicious files?’ is closed to new replies.