Malicious files

5 years, 2 months ago pmirandan@gmail.com
Participant

Hi there,

Hope you can help. The hosting company has just blocked access to my website as the antivirus has detected various malicious files, all related to the theme.

Seems quite serious. One of the files is:
~/app784877959/wp-content/themes/lifecoach/functions.php

hope you can help here

Many thanks
Patricia

5 years, 2 months ago pmirandan@gmail.com
Participant

Hi again,

The hosting company has made the relevant checks and they confirm the problem comes from the theme. The files that have been blocked as malicious are the following:

~/app784877959/wp-content/themes/lifecoach/functions.php
~/app784877959/wp-content/themes/lifecoach/wp-tmp.php
~/app784877959/wp-content/themes/lifecoach-child/functions.php

Please I ask for your support to get this sorted asap, and appreciate if you could let me know how to avoid this from happening going forward.

My website is currently inaccesible.

Thanks
Patricia

5 years, 2 months ago themes2go
Keymaster

Hello Patricia and thanks for reaching us.
Andrea here from Themes2go Customer Support and I’ll support you with your request.

From what I read, I’m almost sure you’re website has been infected by a malware (file wp-tmp.php is not part of our product, it’s been generated from the malware)
Our theme has been modified by the malware and the antivirus has been triggered.

An easy fix could be this:
– download the theme from Themeforest (https://themeforest.net/downloads)
– via FTP, upload the updated theme to your server and erase the old one.
– Access to your backend and install Wordfence (https://wordpress.org/plugins/wordfence/) and scan your website looking for malwares and errors. If present, Wordfence will help you with its removal.

Hope this helps you.
Keep me posted.

Andrea

5 years, 2 months ago pmirandan@gmail.com
Participant

ok Many thanks for your help. I will follow your instructions and let you know if it works.

5 years, 2 months ago pmirandan@gmail.com
Participant

Hi there,

Have followed your instructions and thankfully the website is working again.

However, I have scanned it with Wordfence as indicated, and it has founded 1 error, but it cannot be deleted as it belongs to WordPress admin.

it is: wp-admin/css/colors/blue/php.ini (+140 more)

Dont know if I can attach the screenshot so you can see the results of the scan. If there is a way to do it, please let me know.

Look fwd to your indications.

Many thanks
Patricia

5 years, 1 month ago pmirandan@gmail.com
Participant

Hi there,

Could you please let me know what to do regarding my previous message?

Thanks

5 years, 1 month ago themes2go
Keymaster

Hello Patricia,
in your previous action, did you replace the entire theme folder + child theme?
This because I ran Wordfence on our online demo and no error came up, so I think there are still some infected files on your website.

Wordfence can’t delete wp-admin files, but you can replace them via FTP and no warning should come up again.

Please, keep me posted on this.
If the problem persists, I will make this topic private so you can share your website credentials and I will check it for you.

Andrea

Viewing 7 posts - 1 through 7 (of 7 total)

The topic ‘Malicious files’ is closed to new replies.

TIME FOR A BOOST!

You can already use the new helpdesk!

Community Forums