Hello everyone, im new here.
Sorry I know this topic is old but I just found out that one of my websites are having the same problem as described above.
I cleaned all files where I found that pice of code, and I removed one file called zxcvbnm.php where was this piece of code:
<!--------------------------------------------
Sat Apr 4 18:05:04 EST 2015
owned by NG689Skw (Index Php)
[email protected], Indonesia
twitter.com/_IndexPhp_
--------------------------------------------->
Malware code deleted
Also i updated wordpress and all plugins, but I am curious how this Indonesians get into this website. What should I do to prevent to happen again?
Did anyone found out how to get rid of this for good?