Multiple Malicious files inside object and page_enhanced

  • Resolved leandrosilvaarq

    (@leandrosilvaarq)


    9 months, 4 weeks ago

    Hello,

    When my website scanned by Arvixe malware scan they detected 12 malware files inside object and page_enhanced folders :

    wp-content/cache/object/234/9bc/2349bc5e33ad1587930c079be03c2933.php: SL-JS-JSINCLUDE-bro.UNOFFICIAL FOUND
    wp-content/cache/object/465/50f/46550f6af212b9211b3a01067e12c5a9.php: SL-JS-JSINCLUDE-bro.UNOFFICIAL FOUND
    wp-content/cache/object/f37/140/f3714010bd65a6d989ada425da95308b.php: SL-JS-JSINCLUDE-bro.UNOFFICIAL FOUND
    wp-content/cache/object/45e/b99/45eb99afb06f5ec7b751116a246f954e.php: SL-JS-JSINCLUDE-bro.UNOFFICIAL FOUND
    wp-content/cache/object/fe3/6c3/fe36c3ff8fcef4dd995ef1be96ce3340.php: SL-JS-JSINCLUDE-bro.UNOFFICIAL FOUND
    wp-content/cache/object/d2d/665/d2d665e8a790d84298d299f14a95e8d1.php: SL-JS-JSINCLUDE-bro.UNOFFICIAL FOUND
    wp-content/cache/object/ff3/64b/ff364b34ddd54ee51b86b565f40a000e.php: SL-JS-JSINCLUDE-bro.UNOFFICIAL FOUND
    wp-content/cache/object/cb8/308/cb830831ad7c0d3cea93a86e89e59ca7.php: SL-JS-JSINCLUDE-bro.UNOFFICIAL FOUND
    wp-content/cache/object/4ea/a1c/4eaa1c0f9c82607e3ac1b6e9f0b7e5c4.php: SL-JS-JSINCLUDE-bro.UNOFFICIAL FOUND
    wp-content/cache/object/137/353/137353c4f7081ff474e3e54608c02fd1.php: SL-JS-JSINCLUDE-bro.UNOFFICIAL FOUND
    wp-content/cache/page_enhanced/www.oxygen.pt/stories_3dtotal-gallery-3/_index_ssl.html: SL-JS-JSINCLUDE-bro.UNOFFICIAL FOUND
    wp-content/cache/page_enhanced/www.oxygen.pt/stories/_index_ssl.html: SL-JS-JSINCLUDE-bro.UNOFFICIAL FOUND

    I already tried to delete them, but when I open the a specific page of the website, the files are rebuild again on cPanel. How can I effectively delete these files? Maybe some script / plugin previously installed caused this?

    Thanks in advance.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Contributor Marko Vasiljevic

    (@vmarko)

    Hello @leandrosilvaarq

    Thank you for reaching out and I am happy to help!

    The W3 Total Cache only caches the pages and objects. So it seems that something on these pages or WP files is affected.

    I would recommend disabling the W3 Total Cache, manually deleting the entire /cache/ folder and run the scan again to see what may be the issue.

    I hope this helps!

    Thanks!

    Thread Starter leandrosilvaarq

    (@leandrosilvaarq)

    Hi @vmarko.
    Thanks for your reply.
    Unfortunately it didn’t work… if I try to open a post directly from WordPress, it identifies the post page as malware…
    If I create a new post, the post page opens without any issue.

    Plugin Contributor Marko Vasiljevic

    (@vmarko)

    Hello @leandrosilvaarq

    Just to confirm, the problem persists once the W3 Total Cache is disabled?

    Thanks!

    Thread Starter leandrosilvaarq

    (@leandrosilvaarq)

    Hello @vmarko,
    Thanks for your contact.
    Yes, even with W3 Total Cache disable, cache folder deleted, the malware notification persists.
    https://i.ibb.co/wry8XDm/1.jpg

    Plugin Contributor Marko Vasiljevic

    (@vmarko)

    Hey @leandrosilvaarq

    This means that it’s not related to the W3TC as it’s only caching those objects.

    I would suggest reaching out to your hosting support for assistance in removing the potential malware.

    Thanks!

    Thread Starter leandrosilvaarq

    (@leandrosilvaarq)

    Hello @vmarko,

    Thank you for the feedback.

    The solution provided by our hosting is to directly contact an external company (Sitelock) to assess and remove the malware.
    Honestly, it’s not a solution that we’re very pleased with.
    Perhaps the best course of action will be to remove the 150 posts published to date and republish them one by one again (from scratch).

    Thanks once again!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Multiple Malicious files inside object and page_enhanced’ is closed to new replies.