Deceptive Site

Malware/Virus: Fix and Remove “WP-VCD” from my WordPress

Leave a reply

My Wordfence (a security plugin for WordPress) alarmed with the “Critical Problems” flag due to the result of the malware / virus scan from my website. I had a similar incident before, and it was a nightmare for me to fix and retrieve the suspended website back to normal.

The Malware Files

  • wp-content/themes/Divi/functions.php
  • wp-core.php
  • unzipper.php
  • wp-includes/wp-vcd.php
  • wp-includes/wp-tmp.php
  • wp-includes/wp-feed.php

The hacker used “wp-” for naming the files, so it’s hard to determine if these are core WordPress files.

However, I was able to know before Google suspend my website away with the red screen, “Deceptive Site ahead”.

This malware is called, “WP-VCD”. It could create random administrator users to control my settings, and in a worse case, my whole hosting server can be infected.

The Solution

The solution was simple. I was able to just trash/remove below files straight from the file manager on my hosting server (The root directory called, “public_html”).

  • wp-core.php
  • unzipper.php
  • wp-includes/wp-vcd.php
  • wp-includes/wp-tmp.php
  • wp-includes/wp-feed.php

However, the infected “functions.php” file was a bit tricky. The malware attack was placed on the existed theme file so can’t just remove it. You would have to edit the “functions.php” file to fix 100%. But, don’t panic. I will carefully show you what to edit from the file.

Use FTP program like Filezilla, or go to the Cpanel -> File Manager -> Root Directory – “wp-content” -> themes -> (your theme) -> functions.php. Open up the file, and remove the first set of PHP snippets code like below. In my case, remove the very first line of file to the line 184 until you see the ending PHP bracket ?>.

REMOVE THE BLUE HIGHLIGHTED CODE

One side note is always back up each files before you permanently terminate in case you have to go back, and do it as soon as possible before Google red flag on your precious webpage.

Related posts:

  1. (Resolved) Fix PHP / MultiPHP Version Upgrade Error in WHM/Cpanel
  2. Remove Automatic and Tags in WordPress
  3. Remove Product Description and Reviews Tabs in Woocommerce Storefront Theme
  4. Use CSS to remove auto-generated empty <p> tags in WordPress
  5. Remove Proudly powered by WordPress Theme and Replace with Your Own © Copyright Information
  6. How to Remove “Bootstrap WordPress Theme” on WP Bootstrap Starter Template
  7. Remove “Storefront designed by WooThemes” on Woocommerce Storefront Theme
  8. cPanel: Change / Increase Maximum Upload File Size
  9. Remove automatic <BR> & <P> tags in WordPress
  10. Why FileZilla Upload Files Repeatedly Saying “File Transfer failed after transferring”?
  11. WordPress Appearing Strange Weird Characters / Codes
  12. Remove ‘Built with Storefront & WooCommerce’ with CSS lines on WordPress Storefront Theme
  13. How to Make Bootstrap Nav Top Level Menu Clickable With Dropdowns
  14. Force an Anchor Tag Not Clickable with CSS
  15. Temporarily Disable / Make a Website Offline in WHM
  16. (No Programming) Use JavaScript to Load Header and Footer Templates. Works Just Like PHP Include
  17. Add a Copyright Text / Info Using CSS on WordPress Websites
  18. How to Remove or Uninstall Plugins like Phantasm in Adobe Illustrator?
  19. All-in-one Bootstrap 4 / Jquery Responsive HTML Template
  20. Use Dropbox as Website Server Hosting FTP

Leave a Reply

Your email address will not be published. Required fields are marked *