Critical scan alert

  • Resolved Frank T Jr

    (@franktjr702)


    1 month, 2 weeks ago

    Hello, can someone please tell me about this text below. Its from the Wordfence scan area telling me that I have a critical issue.

    The thing is, I keep deleting this problem EVERYDAY. (((((( The matched text in this file is: he" . "x2bin ))))))

    And yes, I do not have the paid version. So does this mean that I have to pay to stop this everyday?

    Im just tired of getting alerted about it everyday or other day. I come, delete it, rescan and everything is ok, till tomorrow.

    You know, what can I do?… Please help. Please.

    Thank you big time!!!

    -------------------------------------

    Filename: /home/fiveyaep/public_html/wp-content/file.php

    File Type: Not a core, theme, or plugin file from www.ads-software.com.

    Details: This file appears to be installed or modified by a hacker to perform malicious activity.

    If you know about this file you can choose to ignore it to exclude it from future scans.

    (((((( The matched text in this file is: he" . "x2bin ))))))

    The issue type is: Obfuscated:PHP/hex2JPEG.13247 Description: Obfuscated malware found in JPEG file

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @franktjr702, thank-you for getting in touch!

    /wp-content/file.php isn’t a core file that appears on my site or the repository version of WordPress, so they key is whether your host, or a caching product/plugin is adding this and resulting in a false-positive. If not, your site may need cleaning to ensure the source of that file is removed – especially if it keeps coming back.

    I have seen file.php specified before in customer .htaccess files, under the auto_prepend_file section for some hosts, so I would certainly ask them first before attempting to clean a site that doesn’t have an issue. If they have no knowledge of adding this, you could email the file to our Threat Intelligence team at?samples @ wordfence . com. They should be able to investigate the specifics around the “Obfuscated:PHP/hex2JPEG.13247” rule, if it indeed applies to this file, and suggest a suitable course of action.

    Many thanks,
    Peter.

    Thread Starter Frank T Jr

    (@franktjr702)

    Hello Peter,

    I’m sorry I took long to respond but Ive been non stop researching the problem too.

    There are many people going thru the same problem. Here is this link if you want to look at it… https://www.ads-software.com/support/topic/scan-flags-plugin-updates-are-they-just-updates-or-indeed-a-hack/

    I also contact my NAMECHEAP hosting and they scanned it for any maliciousness and nothing came up. I even downloaded other plugins to see if they could discover it and remove and nothing again too.

    I just don’t know what to do and i had it again today and yesterday. It pops up everyday and Ive put too much work into my site for just letting it go and later find out that its messing up my site.

    I’m going send an email to the link you sent me here. Im just going to copy what you sent me here and send it to them. I hope that can eliminate. it.

    THANKS PETER. I appreciate your help!

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.