Suspicious Files & DB entries

  • Resolved guckmada

    (@guckmada)


    2 years, 1 month ago

    Hi,

    today i recived a warning.

    MScan found suspicious malware. (for example: attack-data.php and 10 more)

    After deleting those files (DB warning i did nothing)
    the website was completly broken.

    I had to install it all again.

    Wordpress 6.0.2. installed + everything is uptodate automatic

    How could this happen?

    Best regards

    Guckmada

    • This topic was modified 2 years, 1 month ago by guckmada.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author AITpro

    (@aitpro)

    MScan will find suspicious code in files. Before deleting suspicious files you should check them to make sure what was found was not a false positive. All WP Core, plugin and theme files are scanned using file hash comparisons which is 100% accurate. All non WordPress files are scanned using pattern matching, which will always have some false postives.

    MScan General Info
    MScan scans WP Core, Plugin and Theme files using file hash comparisons, which is 100% accurate vs conventional pattern matching, which is typically around 75% – 85% accurate. MScan scans all other website files (non-WordPress files) using conventional pattern matching scanning. The pattern matching code is much more extensive in MScan and will hopefully achieve a 95% or higher detection rate. False positives are inevitable when using conventional pattern matching scanning, but since MScan uses file hash comparison scanning for all WP Core, Plugin and Theme files then there will not be any false positives detected for any/all WordPress files (WP Core, Plugins and Themes). MScan automatically downloads WordPress, Plugin and Theme zip files, extracts the zip files, creates file hashes for all files and then deletes the zip files and all extracted folders and files. WP Core, Plugin and Theme zip downloads only occur on the first MScan scan or when a new WordPress, Plugin or Theme version is installed/updated or when the Delete File Hashes Tool is used.

    View|Ignore|Delete Suspicious Files
    This form allows you to view, ignore, unignore or delete suspicious and skipped files. If you are not sure if code is malicious or safe you can copy the code and post the code in the MScan Troubleshooting & Code Posting form topic. See the link above. If you are unsure if a file is a hacker file or not then download a copy of that file before deleting it. When you ignore a file it will no longer be scanned in any future scans. When you unignore an ignored file it will be scanned in future scans.

    View|Ignore Suspicious DB Entries
    This form allows you to view, ignore or unignore suspicious DB Entries. Note: The view option displays the DB Table, Column, Row ID and the MScan Pattern Match that was detected by the MScan scan. Use phpMyAdmin or a similar tool to check your database Row where the suspicious code was found. When you ignore a DB Entry it will no longer be scanned in any future scans. When you unignore an ignored DB Entry it will be scanned in future scans.

    Plugin Author AITpro

    (@aitpro)

    Assuming all questions have been answered – the thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. I still receive email notifications when threads have been resolved.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Suspicious Files & DB entries’ is closed to new replies.