/
home
/
itfekxul
/
Upload File
HOME
----------- SCAN REPORT ----------- TimeStamp: Thu, 14 Sep 2023 06:49:06 -0400 (/usr/sbin/cxs --background --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 100000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/itfekxul/scanreport-Sep_14_2023_06h49m.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user itfekxul --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual) Scanning /home/itfekxul: '/home/itfekxul/access-logs' # Symlink to [/etc/apache2/logs/domlogs/itfekxul] '/home/itfekxul/text.php' # Universal decode regex match = [universal decoder] '/home/itfekxul/.nc_plugin/hidden' # World writeable directory '/home/itfekxul/.trash/alfanew.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/.trash/alfanew.php7.1' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/.trash/alfanew.php7.2' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/.trash/alfanew.php7.3' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/.trash/alfanew.php7.4' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/.trash/alfanew.php7.5' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/.trash/alfanew.php7.6' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/.trash/alfanew.php7.7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/.trash/alfanew.php7.8' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/.trash/alfanew.php7.9' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/.trash/radio.php' # ClamAV detected virus = [TO-28298.WEBSHELL.php_php-encodedpartonly.MD5-01bbd4eaa51cf127e8d299c1629ad131.size-18220.UNOFFICIAL] '/home/itfekxul/.trash/wp.php' # Decode regex match = [decode regex: 1] '/home/itfekxul/.trash/.pki/alfanew.php7' # Universal decode regex match = [universal decoder] # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/dropdown.php' # Decode regex match = [decode regex: 1] # Scan Timeout (30 secs) while processing: '/home/itfekxul/myurdustuff.com/wordpress-6.3.1-en_AU.zip' '/home/itfekxul/myurdustuff.com/.htpasswds/index.php' # Universal decode regex match = [universal decoder] '/home/itfekxul/myurdustuff.com/wp-admin/network/network.php' # (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P1330]] '/home/itfekxul/myurdustuff.com/wp-content/plugins/broken-link-checker/broken-link-checker.php' # Script version check [OLD] [Broken Link Checker v1.11.2 < v2.1.0] '/home/itfekxul/myurdustuff.com/wp-content/plugins/broken-link-checker/modules/parsers/about.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/broken-link-checker/modules/parsers/about.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/broken-link-checker/modules/parsers/alfa-rex.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/broken-link-checker/modules/parsers/alfa-rex.php56' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/broken-link-checker/modules/parsers/alfa-rex.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/broken-link-checker/modules/parsers/alfa-rex.php8' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/broken-link-checker/modules/parsers/wp-login.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/user-submitted-posts/library/about.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/user-submitted-posts/library/about.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/user-submitted-posts/library/alfa-rex.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/user-submitted-posts/library/alfa-rex.php56' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/user-submitted-posts/library/alfa-rex.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/user-submitted-posts/library/alfa-rex.php8' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/user-submitted-posts/library/wp-login.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/wordpress-importer/wordpress-importer.php' # Script version check [OLD] [WordPress Importer v0.6.1 < v0.8.1] '/home/itfekxul/myurdustuff.com/wp-content/plugins/wordpress-seo/wp-seo.php' # Script version check [OLD] [Yoast SEO v3.2.5 < v20.7] '/home/itfekxul/myurdustuff.com/wp-content/plugins/wordpress-seo/admin/views/tabs/tool/about.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/wordpress-seo/admin/views/tabs/tool/about.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/wordpress-seo/admin/views/tabs/tool/alfa-rex.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/wordpress-seo/admin/views/tabs/tool/alfa-rex.php56' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/wordpress-seo/admin/views/tabs/tool/alfa-rex.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/wordpress-seo/admin/views/tabs/tool/alfa-rex.php8' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/wordpress-seo/admin/views/tabs/tool/wp-login.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-content/plugins/wp-pagenavi/wp-pagenavi.php' # Script version check [OLD] [WP-PageNavi v2.90 < v2.94.1] '/home/itfekxul/myurdustuff.com/wp-content/wflogs/network.php' # (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P1330]] '/home/itfekxul/myurdustuff.com/wp-includes/images/xgfXjm.jpg' # Suspicious image file (hidden script file) '/home/itfekxul/myurdustuff.com/wp-includes/js/tinymce/plugins/media/about.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-includes/js/tinymce/plugins/media/about.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-includes/js/tinymce/plugins/media/alfa-rex.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-includes/js/tinymce/plugins/media/alfa-rex.php56' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-includes/js/tinymce/plugins/media/alfa-rex.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-includes/js/tinymce/plugins/media/alfa-rex.php8' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/myurdustuff.com/wp-includes/js/tinymce/plugins/media/wp-login.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/public_html/wp-content/plugins/ears-magic-master/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-Spam v4.1 < v5.1] '/home/itfekxul/public_html/wp-content/plugins/ears-magic-master/wp-content/plugins/duracelltomi-google-tag-manager/duracelltomi-google-tag-manager-for-wordpress.php' # Script version check [OLD] [Google Tag Manager for Wordpress v1.9 < v1.16.2] '/home/itfekxul/public_html/wp-content/plugins/ears-magic-master/wp-content/plugins/google-analytics-dashboard-for-wp/gadwp.php' # Script version check [OLD] [Google Analytics Dashboard for WP (GADWP) v5.3.5 < v7.15.2] '/home/itfekxul/public_html/wp-content/plugins/ears-magic-master/wp-content/plugins/jetpack/jetpack.php' # Script version check [OLD] [Jetpack by WordPress.com v6.7 < v12.1] '/home/itfekxul/public_html/wp-content/plugins/ears-magic-master/wp-content/plugins/really-simple-ssl/rlrsssl-really-simple-ssl.php' # Script version check [OLD] [Really Simple SSL v3.1.2 < v7.0.1] '/home/itfekxul/public_html/wp-content/plugins/ears-magic-master/wp-content/plugins/wordpress-seo/wp-seo.php' # Script version check [OLD] [Yoast SEO v9.2.1 < v20.7] '/home/itfekxul/public_html/wp-content/plugins/ears-magic-master/wp-content/plugins/wordpress-seo/vendor/pimple/pimple/ext/pimple/pimple.c' # Suspicious file type [application/x-c] '/home/itfekxul/public_html/wp-content/plugins/ears-magic-master/wp-content/plugins/worker/init.php' # Script version check [OLD] [ManageWP - Worker v4.6.3 < v4.9.17] '/home/itfekxul/public_html/wp-content/plugins/ears-magic-master/wp-content/plugins/wp-smushit/wp-smush.php' # Script version check [OLD] [Smush v2.9.1 < v3.12.6] '/home/itfekxul/public_html/wp-content/plugins/ears-magic-master/wp-includes/version.php' # Script version check [OLD] [Wordpress v4.9.7 < v6.2.2] '/home/itfekxul/public_html/wp-content/plugins/mailchimp-for-wp/mailchimp-for-wp.php' # Script version check [OLD] [MC4WP: Mailchimp for WordPress v4.8.6 < v4.9.4] '/home/itfekxul/public_html/wp-content/plugins/mailchimp-for-wp/integrations/wp-comment-form/about.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/public_html/wp-content/plugins/mailchimp-for-wp/integrations/wp-comment-form/about.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/public_html/wp-content/plugins/mailchimp-for-wp/integrations/wp-comment-form/alfa-rex.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/public_html/wp-content/plugins/mailchimp-for-wp/integrations/wp-comment-form/alfa-rex.php56' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/public_html/wp-content/plugins/mailchimp-for-wp/integrations/wp-comment-form/alfa-rex.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/public_html/wp-content/plugins/mailchimp-for-wp/integrations/wp-comment-form/alfa-rex.php8' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/public_html/wp-content/plugins/mailchimp-for-wp/integrations/wp-comment-form/wp-login.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/public_html/wp-content/plugins/woocommerce/woocommerce.php' # Script version check [OLD] [WooCommerce v6.1.2 < v7.7.0] '/home/itfekxul/public_html/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/itfekxul/softaculous_backups/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.446.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/assets/js/base/components/cart-checkout/totals/footer-item/test/__snapshots__/about.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/assets/js/base/components/cart-checkout/totals/footer-item/test/__snapshots__/about.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/assets/js/base/components/cart-checkout/totals/footer-item/test/__snapshots__/alfa-rex.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/assets/js/base/components/cart-checkout/totals/footer-item/test/__snapshots__/alfa-rex.php56' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/assets/js/base/components/cart-checkout/totals/footer-item/test/__snapshots__/alfa-rex.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/assets/js/base/components/cart-checkout/totals/footer-item/test/__snapshots__/alfa-rex.php8' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/assets/js/base/components/cart-checkout/totals/footer-item/test/__snapshots__/wp-login.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/itfekxul/stlogos.com/wp-content/plugins/wordpress-seo/admin/views/tabs/tool/about.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/wordpress-seo/admin/views/tabs/tool/about.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/wordpress-seo/admin/views/tabs/tool/alfa-rex.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/wordpress-seo/admin/views/tabs/tool/alfa-rex.php56' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/wordpress-seo/admin/views/tabs/tool/alfa-rex.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/wordpress-seo/admin/views/tabs/tool/alfa-rex.php8' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/wordpress-seo/admin/views/tabs/tool/wp-login.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/wordpress-seo/js/dist/languages/about.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/wordpress-seo/js/dist/languages/about.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/wordpress-seo/js/dist/languages/alfa-rex.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/wordpress-seo/js/dist/languages/alfa-rex.php56' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/wordpress-seo/js/dist/languages/alfa-rex.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/wordpress-seo/js/dist/languages/alfa-rex.php8' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-content/plugins/wordpress-seo/js/dist/languages/wp-login.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-includes/images/2BR2E0.gif' # Suspicious image file (hidden script file) '/home/itfekxul/stlogos.com/wp-includes/sodium_compat/src/Core32/SecretStream/about.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-includes/sodium_compat/src/Core32/SecretStream/about.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-includes/sodium_compat/src/Core32/SecretStream/alfa-rex.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-includes/sodium_compat/src/Core32/SecretStream/alfa-rex.php56' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-includes/sodium_compat/src/Core32/SecretStream/alfa-rex.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-includes/sodium_compat/src/Core32/SecretStream/alfa-rex.php8' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/stlogos.com/wp-includes/sodium_compat/src/Core32/SecretStream/wp-login.php' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] # Scan Timeout (30 secs) while processing: '/home/itfekxul/suncoasthealth.com.au/themeforest-0rehm69c-medical-clinic-health-doctor-medical-wordpress-theme-wordpress-theme.zip' '/home/itfekxul/suncoasthealth.com.au/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/itfekxul/theolympicssports.com/about.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2155]] '/home/itfekxul/theolympicssports.com/index.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1926]] '/home/itfekxul/theolympicssports.com/wp-content/plugins/litespeed-cache/assets/img/wp-scr1pts.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2155]] '/home/itfekxul/tmp/alfanew.php7' # (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [{HEX}php.gzbase64.inject.456.UNOFFICIAL] '/home/itfekxul/tmp/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.446.UNOFFICIAL] ----------- SCAN SUMMARY ----------- Scanned directories: 26906 Scanned files: 149326 Ignored items: 1888 Suspicious matches: 111 Viruses found: 78 Fingerprint matches: 5 Data scanned: 9315.12 MB Scan peak memory: 318348 kB Scan time/item: 0.028 sec Scan time: 4927.691 sec