My site was infected

from the root of all my sites.

Server compromise? Are you on your own server, or in a shared hosting environment?

You should take a look at this info. FAQ My site was hacked ..And some more for after things are cleaned up. Hardening WordPress

I’m in good shape. I am on a shared hosting, but also running “Bullet Proof Security Pro”. It caught the file and quarantined it immediately. I was just putting this out for other users to watch for it.

I’m glad the security plugin caught it, but were you able to identify the mechanism that allowed the file to be uploaded to your site(s) in the first place? How did the intrusion actually gain access to your web directory? Was it a vulnerable plugin, or theme, or some other compromised account that took advantage of weak file permissions? Or haven’t you been able to determine the point of entry yet? I’m just wondering what was done to actually close the hole.

I really don’t know. I looked at my security logs and statcounter for activity but unable to determine how it got in. This is the first time since I installed the security plugin that ANYTHING has gotten past it. There are constant attempts and that is why I paid for the security. It works very well. Does exactly what it is suppose to do.

Have you asked your hosts for assistance? They have access to other logs (such as ftp) and may be able to pinpoint when this file was uploaded/added. It’s also possible that there is another site on your server that has been hacked – making every other site on the same server vulnerable. So your hosts really do need to know about this.

I haven’t contacted the host yet, but while checking todays logs someone in the Netherlands at “IP:159.253.145.183” tried to access the file twice. Probably disappointed it wasn’t there.
Another attempt from Indonesia also.

I will correct my first statement about ALL my sites. It was only added to 6 of them, not all the sites.