Hard to tell if your WordPress is infected. Or a WordPress plug-in is generating this.
Could you please list all your active plug-ins? This might help someone familiar with the plug-in tell you if it generates the files you mention.
Sure…
AddThis Social Bookmarking Widget
blogville-directory-plugin
Contact Form 7
Google XML Sitemaps
Meta SEO Pack
Really Simple CAPTCHA
WP-PageNavi
As a temporary fix, I have changed the permissions on “K106336.txt” to 000 so that it can not be read written or executed at any level and also deleted the contents of the file so that it won’t take up any/all remaining server space. This effort stopped the file being written overnight last night.
I’m running 2.8.6 if that is also helpful.
A quick look at your list, with a little assistance from the Plug-in Directory, doesn’t show anything likely to be creating your files.
Now would be an ideal time to check what error logs you can see. And to ask your web host to check their error logs. Looking for error messages associated with trying to write to K106336.txt. Those messages should narrow it down to the .php file that is doing the writes.
It sure sounds like some sort of malware/infection that dumps data into these .txt files for easy harvesting later, since the .txt files would be easily visible to anyone who knew where they are.
on the topic of logs….does your host offer access logs?
Mine has em (godaddy)
By checking the timestamp when the txt file is edited/accessed, you could reference that time on an access log and see what exactly is writing to the file. If not, giving your host the exact time to check could help you out….
In my Raw Access Log I found…
[25/Jan/2010:23:26:14 -0600] “GET /K106336.txt HTTP/1.1″ 404 7575 “-” “Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 GTB6 (.NET CLR 3.5.30729) Creative ZENcast v2.01.01”
[25/Jan/2010:23:26:15 -0600] “GET /K106336.txt HTTP/1.1″ 404 7499 “-” “Mediapartners-Google”
