Modified files and malicious files
-
Hello guys,
I got this e-mail and this is a bit alarming. Are all these false positives? Is this happening to more people? I’ve used WordFence for years and always keep my plug-ins and WordPress versions up to date (I update shortly after I get the e-mail announcing updates). Thanks for your help.
Alert generated at Thursday 15th of December 2016 at 11:41:12 AM
HIGH SENSITIVITY scanning is enabled, it may produce false positives
Critical Problems:* WordPress core file modified: wp-includes/class-http.php
* WordPress core file modified: wp-includes/class-json.php
* WordPress core file modified: wp-includes/class-oembed.php
* WordPress core file modified: wp-includes/class-phpass.php
* WordPress core file modified: wp-includes/class-phpmailer.php
* WordPress core file modified: wp-includes/class-pop3.php
* WordPress core file modified: wp-includes/class-requests.php
* WordPress core file modified: wp-includes/class-smtp.php
* WordPress core file modified: wp-includes/class-snoopy.php
* WordPress core file modified: wp-includes/class-walker-category-dropdown.php
* WordPress core file modified: wp-includes/class-walker-category.php
* WordPress core file modified: wp-includes/class-walker-comment.php
* WordPress core file modified: wp-includes/class-walker-nav-menu.php
* WordPress core file modified: wp-includes/class-walker-page-dropdown.php
* WordPress core file modified: wp-includes/class-walker-page.php
* WordPress core file modified: wp-includes/class-wp-admin-bar.php
* WordPress core file modified: wp-includes/class-wp-ajax-response.php
* WordPress core file modified: wp-includes/class-wp-comment-query.php
* WordPress core file modified: wp-includes/class-wp-comment.php
* WordPress core file modified: wp-includes/class-wp-customize-control.php
* WordPress core file modified: wp-includes/class-wp-customize-nav-menus.php
* WordPress core file modified: wp-includes/class-wp-customize-panel.php
* WordPress core file modified: wp-includes/class-wp-customize-section.php
* WordPress core file modified: wp-includes/class-wp-customize-setting.php
* WordPress core file modified: wp-includes/class-wp-customize-widgets.php
* WordPress core file modified: wp-includes/class-wp-dependency.php
* WordPress core file modified: wp-includes/class-wp-editor.php
* WordPress core file modified: wp-includes/class-wp-embed.php
* WordPress core file modified: wp-includes/class-wp-error.php
* WordPress core file modified: wp-includes/class-wp-feed-cache-transient.php
* WordPress core file modified: wp-includes/class-wp-feed-cache.php
* WordPress core file modified: wp-includes/class-wp-hook.php
* WordPress core file modified: wp-includes/class-wp-http-cookie.php
* WordPress core file modified: wp-includes/class-wp-http-curl.php
* WordPress core file modified: wp-includes/class-wp-http-encoding.php
* WordPress core file modified: wp-includes/class-wp-http-ixr-client.php
* WordPress core file modified: wp-includes/class-wp-http-proxy.php
* WordPress core file modified: wp-includes/class-wp-http-requests-hooks.php
* WordPress core file modified: wp-includes/class-wp-http-requests-response.php
* WordPress core file modified: wp-includes/class-wp-http-response.php
* WordPress core file modified: wp-includes/class-wp-http-streams.php
* WordPress core file modified: wp-includes/class-wp-image-editor-gd.php
* WordPress core file modified: wp-includes/class-wp-image-editor-imagick.php
* WordPress core file modified: wp-includes/class-wp-image-editor.php
* WordPress core file modified: wp-includes/class-wp-list-util.php
* WordPress core file modified: wp-includes/class-wp-locale-switcher.php
* WordPress core file modified: wp-includes/class-wp-locale.php
* WordPress core file modified: wp-includes/class-wp-matchesmapregex.php
* WordPress core file modified: wp-includes/class-wp-meta-query.php
* WordPress core file modified: wp-includes/class-wp-metadata-lazyloader.php
* WordPress core file modified: wp-includes/class-wp-network-query.php
* WordPress core file modified: wp-includes/class-wp-network.php
* WordPress core file modified: wp-includes/class-wp-oembed-controller.php
* WordPress core file modified: wp-includes/class-wp-post-type.php
* WordPress core file modified: wp-includes/class-wp-post.php
* WordPress core file modified: wp-includes/class-wp-query.php
* WordPress core file modified: wp-includes/class-wp-rewrite.php
* WordPress core file modified: wp-includes/class-wp-role.php
* WordPress core file modified: wp-includes/class-wp-roles.php
* WordPress core file modified: wp-includes/class-wp-session-tokens.php
* WordPress core file modified: wp-includes/class-wp-simplepie-file.php
* WordPress core file modified: wp-includes/class-wp-simplepie-sanitize-kses.php
* WordPress core file modified: wp-includes/class-wp-site-query.php
* WordPress core file modified: wp-includes/class-wp-site.php
* WordPress core file modified: wp-includes/class-wp-tax-query.php
* WordPress core file modified: wp-includes/class-wp-taxonomy.php
* WordPress core file modified: wp-includes/class-wp-term-query.php
* WordPress core file modified: wp-includes/class-wp-term.php
* WordPress core file modified: wp-includes/class-wp-text-diff-renderer-inline.php
* WordPress core file modified: wp-includes/class-wp-text-diff-renderer-table.php
* WordPress core file modified: wp-includes/class-wp-theme.php
* WordPress core file modified: wp-includes/class-wp-user-meta-session-tokens.php
* WordPress core file modified: wp-includes/class-wp-user-query.php
* WordPress core file modified: wp-includes/class-wp-user.php
* WordPress core file modified: wp-includes/class-wp-walker.php
* WordPress core file modified: wp-includes/class-wp-widget-factory.php
* WordPress core file modified: wp-includes/class-wp-widget.php
* WordPress core file modified: wp-includes/class-wp-xmlrpc-server.php
* WordPress core file modified: wp-includes/class.wp-dependencies.php
* WordPress core file modified: wp-includes/widgets/class-wp-widget-meta.php
* WordPress core file modified: wp-includes/widgets/class-wp-widget-pages.php
* WordPress core file modified: wp-includes/widgets/class-wp-widget-recent-comments.php
* WordPress core file modified: wp-includes/widgets/class-wp-widget-recent-posts.php
* WordPress core file modified: wp-includes/widgets/class-wp-widget-rss.php
* WordPress core file modified: wp-includes/widgets/class-wp-widget-search.php
* WordPress core file modified: wp-includes/widgets/class-wp-widget-tag-cloud.php
* WordPress core file modified: wp-includes/widgets/class-wp-widget-text.php
* WordPress core file modified: wp-includes/widgets.php
* WordPress core file modified: wp-includes/wp-db.php
* WordPress core file modified: wp-includes/wp-diff.php
* WordPress core file modified: wp-links-opml.php
* WordPress core file modified: wp-load.php
* WordPress core file modified: wp-login.php
* WordPress core file modified: wp-mail.php
* WordPress core file modified: wp-settings.php
* WordPress core file modified: wp-signup.php
* WordPress core file modified: wp-trackback.php
* WordPress core file modified: xmlrpc.php
* File appears to be malicious: wp-content/plugins/contact-form-7/modules/date.php
* File appears to be malicious: wp-content/plugins/wp-smushit/lib/class-wp-smush-resize.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Microsoft/WindowsAzure/Storage/Batch.php
* File appears to be malicious: wp-includes/SimplePie/Restriction.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Microsoft/WindowsAzure/Storage/BlobInstance.php
* File appears to be malicious: wp-content/themes/responsive/front-page.php
* File appears to be malicious: wp-admin/widgets.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Microsoft/Http/Client/Adapter/Socket.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Google/Http/REST.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/Dropbox/OAuth/Consumer/ConsumerAbstract.php
* File appears to be malicious: wp-admin/user/user-edit.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Microsoft/WindowsAzure/Diagnostics/LogLevel.php
* File appears to be malicious: wp-includes/SimplePie/Cache/MySQL.php
* File appears to be malicious: wp-includes/class-walker-page-dropdown.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/google-extensions.php
* File appears to be malicious: wp-content/plugins/updraftplus/central/modules/updraftplus.php
* File appears to be malicious: wp-includes/class-wp-matchesmapregex.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Microsoft/Http/Client/Exception.php
* File appears to be malicious: wp-content/plugins/updraftplus/central/modules/updates.php
* File appears to be malicious: wp-includes/class-wp-simplepie-sanitize-kses.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Google/Http/MediaFileUpload.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/Google/Logger/Exception.php
* File appears to be malicious: wp-includes/class-http.php
* File appears to be malicious: wp-includes/customize/class-wp-customize-nav-menus-panel.php
* File appears to be malicious: wp-content/plugins/contact-form-7/includes/contact-form.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Google/Auth/OAuth2.php
* File appears to be malicious: wp-includes/SimplePie/Author.php
* File appears to be malicious: wp-includes/customize/class-wp-customize-site-icon-control.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Microsoft/WindowsAzure/Storage/Blob.php
* File appears to be malicious: wp-content/plugins/wp-smushit/extras/free-dashboard/module.php
* File appears to be malicious: wp-content/plugins/wp-live-chat-software-for-wordpress/plugin_files/helpers/TrackingCodeInfoHelper.class.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Random.php
* File appears to be malicious: wp-content/themes/responsive/full-width-page.php
* File appears to be malicious: wp-includes/Requests/Exception/HTTP/502.php
* File appears to be malicious: wp-includes/class-phpass.php
* File appears to be malicious: wp-content/w3tc-config/master.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Minify/Minify/HTML.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/wp-content/advanced-cache.php
* File appears to be malicious: wp-includes/Requests/Exception/HTTP/413.php
* File appears to be malicious: wp-includes/customize/class-wp-widget-form-customize-control.php
* File appears to be malicious: wp-includes/class-wp-role.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Microsoft/Http/Exception.php
* File appears to be malicious: wp-admin/theme-install.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/Dropbox2/OAuth/Storage/WordPress.php
* File appears to be malicious: wp-includes/customize/class-wp-customize-partial.php
* File appears to be malicious: wp-content/themes/responsive/core/includes/functions-extras.php
* File appears to be malicious: wp-includes/customize/class-wp-customize-media-control.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/Dropbox2/OAuth/Storage/StorageInterface.php
* File appears to be malicious: wp-includes/Requests/Hooker.php
* File appears to be malicious: wp-content/plugins/autoptimize/classes/external/php/minify-css-compressor.php
* File appears to be malicious: wp-content/plugins/contact-form-7/modules/checkbox.php
* File appears to be malicious: wp-includes/class-wp-customize-panel.php
* File appears to be malicious: wp-content/plugins/updraftplus/updraftplus.php
* File appears to be malicious: wp-content/plugins/contact-form-7/uninstall.php
* File appears to be malicious: wp-content/themes/responsive/core/includes/classes/class-tgm-plugin-activation.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/Google/Auth/LoginTicket.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Microsoft/WindowsAzure/RetryPolicy/RetryN.php
* File appears to be malicious: wp-content/plugins/wp-smushit/lib/class-wp-smush-settings.php
* File appears to be malicious: wp-includes/pomo/entry.php
* File appears to be malicious: wp-includes/class-walker-category.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Minify/Minify/Cache/File.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/Dropbox2/API.php
* File appears to be malicious: wp-includes/class-wp-walker.php
* File appears to be malicious: wp-content/plugins/wp-responsive-menu/inc/includes/class-options-sanitization.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/inc/define.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/Google/Service/Storage.php
* File appears to be malicious: wp-includes/l10n.php
* File appears to be malicious: wp-includes/Requests/Exception/HTTP/428.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Minify/HTTP/Encoder.php
* File appears to be malicious: wp-admin/upgrade.php
* File appears to be malicious: wp-content/themes/responsive/header.php
* File appears to be malicious: wp-content/plugins/contact-form-7/modules/file.php
* File appears to be malicious: wp-content/plugins/_qtranslate/qtranslate_hooks.php
* File appears to be malicious: wp-content/plugins/updraftplus/central/classes/class-automatic-upgrader-skin.php
* File appears to be malicious: wp-content/plugins/updraftplus/options.php
* File appears to be malicious: wp-content/plugins/contact-form-7/includes/validation.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/inc/mime/all.php
* File appears to be malicious: wp-includes/SimplePie/File.php
* File appears to be malicious: wp-content/wflogs/ips.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/inc/mime/cssjs.php
* File appears to be malicious: wp-includes/customize/class-wp-customize-nav-menu-section.php
* File appears to be malicious: wp-content/plugins/_qtranslate/qtranslate_javascript.php
* File appears to be malicious: wp-includes/Requests/Exception.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Google/Verifier/Abstract.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/Support_Page_View_PageContent.php
* File appears to be malicious: wp-includes/customize/class-wp-customize-theme-control.php
* File appears to be malicious: wp-signup.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/Dropbox2/OAuth/Consumer/Curl.php
* File appears to be malicious: wp-includes/widgets/class-wp-widget-rss.php
* File appears to be malicious: wp-includes/SimplePie/Locator.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/Google/Exception.php
* File appears to be malicious: wp-includes/rest-api/fields/class-wp-rest-term-meta-fields.php
* File appears to be malicious: wp-content/plugins/wp-smushit/lib/class-wp-smush-async.php
* File appears to be malicious: wp-includes/class-requests.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/Google/Task/Exception.php
* File appears to be malicious: wp-includes/Requests/Cookie/Jar.php
* File appears to be malicious: wp-content/plugins/wp-live-chat-software-for-wordpress/livechat.php
* File appears to be malicious: wp-includes/class-wp-session-tokens.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/phpseclib/File/X509.php
* File appears to be malicious: wp-includes/customize/class-wp-customize-nav-menu-control.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/cloudfiles/cloudfiles_exceptions.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/Google/Cache/Abstract.php
* File appears to be malicious: wp-content/advanced-cache.php
* File appears to be malicious: wp-includes/functions.php
* File appears to be malicious: wp-includes/class-wp-metadata-lazyloader.php
* File appears to be malicious: wp-content/plugins/contact-form-7/modules/text.php
* File appears to be malicious: wp-includes/class-wp-ajax-response.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/pub/sns.php
* File appears to be malicious: wp-includes/customize/class-wp-customize-nav-menu-setting.php
* File appears to be malicious: wp-content/plugins/autoptimize/config/delayed.php
* File appears to be malicious: wp-content/plugins/autoptimize/classes/autoptimizeToolbar.php
* File appears to be malicious: wp-content/themes/index.php
* File appears to be malicious: wp-content/plugins/p3-profiler/templates/index.php
* File appears to be malicious: wp-includes/ms-blogs.php
* File appears to be malicious: wp-includes/class-wp-user.php
* File appears to be malicious: wp-content/plugins/updraftplus/central/listener.php
* File appears to be malicious: wp-includes/theme-compat/header.php
* File appears to be malicious: wp-content/plugins/cloudflare/index.php
* File appears to be malicious: wp-admin/user-new.php
* File appears to be malicious: wp-includes/Requests/Exception/HTTP/305.php
* File appears to be malicious: wp-includes/Requests/Exception/HTTP/505.php
* File appears to be malicious: wp-admin/update.php
* File appears to be malicious: wp-content/plugins/contact-form-7/modules/hidden.php
* File appears to be malicious: wp-includes/theme-compat/embed-404.php
* File appears to be malicious: wp-content/plugins/p3-profiler/classes/class.p3-profiler-table-sorter.php
* File appears to be malicious: wp-includes/feed-atom-comments.php
* File appears to be malicious: wp-includes/class-pop3.php
* File appears to be malicious: wp-includes/class-wp-hook.php
* File appears to be malicious: wp-includes/Requests/Proxy.php
* File appears to be malicious: wp-content/plugins/contact-form-7/modules/really-simple-captcha.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/NewRelic/NewRelicAPI.php
* File appears to be malicious: wp-content/plugins/updraftplus/templates/wp-admin/advanced/wipe-settings.php
* File appears to be malicious: wp-content/plugins/updraftplus/vendor/rackspace/php-opencloud/lib/php-opencloud.php
* File appears to be malicious: wp-includes/IXR/class-IXR-introspectionserver.php
* File appears to be malicious: wp-content/themes/responsive/blog.php
* File appears to be malicious: wp-content/plugins/updraftplus/admin.php
* File appears to be malicious: wp-content/plugins/updraftplus/templates/wp-admin/notices/report.php
* File appears to be malicious: wp-admin/upload.php
* File appears to be malicious: wp-includes/Text/Diff/Renderer/inline.php
* File appears to be malicious: wp-content/plugins/wp-smushit/lib/wp-async-task.php
* File appears to be malicious: wp-admin/theme-editor.php
* File appears to be malicious: wp-content/wflogs/attack-data.php
* File appears to be malicious: wp-includes/theme-compat/header-embed.php
* File appears to be malicious: wp-includes/widgets/class-wp-widget-links.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/Google/Service/Dns.php
* File appears to be malicious: wp-content/plugins/p3-profiler/classes/index.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Google/Cache/File.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/Support_Page_View_DoneContent.php
* File appears to be malicious: wp-content/themes/responsive/core/includes/tha-theme-hooks.php
* File appears to be malicious: wp-content/plugins/contact-form-7/modules/count.php
* File appears to be malicious: wp-includes/wp-diff.php
* File appears to be malicious: wp-includes/Requests/Exception/HTTP/411.php
* File appears to be malicious: wp-includes/media.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/wp-content/object-cache.php
* File appears to be malicious: wp-includes/rewrite.php
* File appears to be malicious: wp-includes/embed-template.php
* File appears to be malicious: wp-includes/Requests/Exception/HTTP/402.php
* File appears to be malicious: wp-content/plugins/updraftplus/restorer.php
* File appears to be malicious: wp-content/plugins/updraftplus/includes/Google/autoload.php
* File appears to be malicious: wp-content/plugins/w3-total-cache/lib/Minify/HTTP/ConditionalGet.php
35 issues were omitted from this email.
Best regards.
-
Hi Fernán,
Are you still getting the same issues after performing a new scan? because from the scan result you should be able to see how exactly are these core WordPress files different from the original version, also you would be able to see more details about all these possibly malicious files in the scan result.It’s know for “High sensitivity” scan to include many false positive results, so I suggest turning it off for now and run a new scan.
Let me know how it goes,
Thanks.
- The topic ‘Modified files and malicious files’ is closed to new replies.
