Scans not picking up malware

  • I’m not sure what the deal is, I’m new to wordfence. I installed it last week after getting notified by my host of having 9 files infected with malware.

    I cleaned the files, updated all software and plugins, changed all passwords, scanned my pc – everything looked good and the restrictions on my sites were removed. Additionally I installed wordfence and scans showed no problems.

    However, April 6th, my host notified my of 13 files infected with malware in the following folder

    public_html/wp-content/plugins/

    these were the files:

    mosjvqobr.php
    qtmvsmk.php
    wnlqjr.php
    ltdu.php
    mmjq.php
    iixhcimi.php
    wyjm.php
    crmanjmfr.php
    hsmtvb.php
    xzvvwtbm.php
    zxnhxqpfy.php
    ujuw.php
    pdswjrcro.php

    they all had the same code starting with: <?php $code=base64_decode

    In addition, the following two files were undetected by my host’s scan or wordfence and had been there for several months:

    wp-thuglife.php
    wp-cupidony.php

    Any ideas on how these got through??

    I’m pretty sure I have all the right settings in place, however I didn’t have the scan set to include outside files, but now I do.

    Thank you in advance!

    https://www.ads-software.com/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hello Michael314,
    The “outside” scan should pick up those files. But since this has happened twice, I would suggest you do a through review of all the plugins and themes you have installed. If there are any themes or plugins that are not essential to your site and are out of date or that haven’t been updated for lets say a year or so, get rid of them. Make sure the corresponding plugin folders are deleted.

    Thread Starter Michael314

    (@michael314)

    Thank you wfasa for the reply. I’ve taken care of all that too.

    The problem other problem I’m having with the scans is that they don’t finish.

    They seem to get stuck on the following 2 items:

    [Apr 11 06:53:57]
    Scanning file contents for infections and vulnerabilities
    [Apr 11 06:53:57]
    Scanning files for URLs in Google’s Safe Browsing List

    Any ideas why or what to do about it?

    Thank you,
    Michael

    Hello again Michael314,
    One thing to check is if you are getting any Javascript errors when running the scan. You can find information on how to use a browser console here. Anything marked red in the console is an error. If you need help interpreting it you can upload a screenshot to an image hosting service and share the link here.

    It is also possible that you are running out of memory when doing the scan. You can experiment by excluding some things from the scan and see if you can get it to complete that way. Here is information about Wordfence system requirements and here information about PHP running out of memory.

    If neither of those seem to be the cause, check your database to make sure that none of the WordPress or Wordfence tables are corrupt. At the very bottom of Wordfence “Options” page you can also find some helpful links that show the configurations and status of your Wordfence installation.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Scans not picking up malware’ is closed to new replies.