WTF is remv.php in wp-content/themes folder?

ive seen that on a site that was hosted on yahoo.

I didnt open it when I saw it but its googlable, whatever it is

https://www.google.com/search?hl=en&q=remv.php&btnG=Google+Search&aq=f&oq=

even better:

https://www.google.com/search?hl=en&q=wp-content/themes/remv.php&start=10&sa=N

and you cant catch a virus from opening it in wordad or notepad.

I wanted to see what was in the file. Here it is:

https://people.itu.int/~finn/remv.php

I know thats the file since the hosts authentication is included.

if thats not a file you uploaded, I would ask your host whether or not its something they’ve uploaded. If they don’t know what its there for, I would act on the assumption that your site has been compromised, and proceed accordingly.

I found the same thing on my WP installs. I had not upgraded since WP2.0.5!
Shame on me.
Anyway, I looked in the remv.php file, and it’s set to only allow people from certain IP blocks to access the file.
I bounced the IP blocks that are found in there, and it’s basically a block of cable ISP IP blocks in Pennsylvania, and Massachussets.

Very hackish stuff.
remv.php allows full shell access and other PHP goodies to those who get in through it. Remove it immediately.

I also encountered this sort of problem in my old blogs WP 2.6 below. I haven’t updated my blog for so long. Hehe. Thanks for this now I know what’s that remv.php was.

I came to know about it after I downloaded all the files in my wp-content for back up purposes. My NOD32 suddenly quarantined and deleted it because it’s a virus.. woooot! I also tried to rename it and download it, but still, nod32 deleted it. I tried to view it in txt format and wooooot! It’s somekind of a weird hack, a loophole to access my humble blog.. whew.. that was scary. I just deleted it and upgraded to the latest version and now it’s fine. ??