Badly infected WP Site

  • Hi,
    I got this email from our web host about numerous infected php files on our site. Here is the webhost’s scan log:

    A scan of your account has found the following malicious or infected files present
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-includes/SimplePie/gzdecode_backup.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-includes/Text/Diff_ver1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-includes/Text/Diff/Engine/string_noversion.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-includes/images/media/document_noversion.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-includes/js/tinymce/utils/form_utils_ver1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-includes/js/tinymce/skins/24e933de_infoold.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-includes/js/tinymce/plugins/compat3x/css/dialog_infoold.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-includes/js/thickbox/loadingAnimation_indesit.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-includes/theme-compat/footer_old.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-includes/fonts/dashicons_prevv1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-content/plugins/widgetize-pages-light/include/otw_components/otw_grid_manager/js/otw_grid_manager_admin_new.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-content/plugins/xml-sitemaps-for-videos/video-sitemap_prevv1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-content/themes/index_prevv1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-content/themes/bookpitchaff/404_backup.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-content/themes/bookpitchaff/functions.php: SiteLock-PHP-INJECTOR-1-et.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-content/themes/bookpitchaff/library/navigation_ver1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-admin/async-upload_indesit.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-admin/images/align-right_old.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-admin/network/site-users_indesit.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-admin/js/comment_noversion.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-admin/css/colors/_variables_backup.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-admin/css/colors/coffee/colors.min_noversion.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-admin/css/colors/sunrise/colors_noversion.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-admin/css/colors/ocean/colors-rtl_prevv1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-admin/css/colors/midnight/colors-rtl.min_noversion.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/glutenfree-lowglycemic-diet/wp-admin/css/colors/light/colors-rtl_indesit.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/soulsurvivorstv/wp-includes/images/smilies/categories.php: SiteLock-PHP-SHELL-md5-djx.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/soulsurvivorstv/wp-includes/images/wlw/rss.php: JCDEF.PHP.CMDSHELL-01.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/soulsurvivorstv/wp-includes/images/wlw/options.pl: {HEX}PHP.C99-7.UNOFFICIAL FOUND
    /home/users/web/b2309/pow.djohnson/htdocs/soulsurvivorstv/wp-includes/images/wlw/network.php: {HEX}php.cmdshell.unclassed.344.UNOFFICIAL FOUND

    Question I have is does this look like I need to completely rebuild the site from scratch? If so, how can I have the content we already have – pages, posts and pictures without incurring new infections?

    BL

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Badly infected WP Site’ is closed to new replies.