Possible infected file quarantined

Home Forums BulletProof Security Pro Possible infected file quarantined

This topic contains 2 replies, has 2 voices, and was last updated by  AITpro Admin 2 years, 4 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #27933

    Zsolt Edelényi
    Participant

    I just activated a BPS Pro in a new site. Since then every 15 mins there is a file in quarantine. The same file: …/wp-admin/includes/last_update.txt. The file itself contain the full domain name. What do you think? Is it a begginning of a hack or something else? I found two infected files: admin/includes/class-fud.php and wp includes/canonical.php. The date of these files are equal to my first order in my woocommerce shop. Do you have any idea how it is possible? Woocommerce plugin is activated from the offical website: https://wordpress.org/plugins/woocommerce/ The most important question: what to do now?

    #27999

    Zsolt Edelényi
    Participant

    [Topic has been merged into this relevant Topic]
    Recently I have many core files of WP core. Is it possible that there is a background-update? I compared a few files to the original one, but I could not find hacker code, but a few changes.
    This is the current list of updated files:

    lass-wp-screen.php
    screen.php
    users.php
    postbox.js
    common.min.js
    common.js
    postbox.min.js

    I can send you the server log of that time of files quaranteened. Do you have any idea what this means? How these files get into my WP core?

    #28017

    AITpro Admin
    Keymaster

    Sorry for the late reply.  We did not get an email notification about this new forum topic.  Send the files to:  info at ait-pro dot com so we can look at the files to see if they contain hacker code.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.