Title: MALWARE found in plugin?
Last modified: November 30, 2016

---

# MALWARE found in plugin?

 *  [TVoltz](https://wordpress.org/support/users/tvoltz/)
 * (@tvoltz)
 * [9 years, 6 months ago](https://wordpress.org/support/topic/malware-found-in-plugin/)
 * Wordfence is alerting that “This file is suspected malware: wp-content/plugins/
   genesis-simple-sidebars/README.md”
 * This file’s signature matches a known malware file. The title of the malware 
   is ‘Win.Malware.Agent1592130909/CRDF-1’.

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [dlmweb](https://wordpress.org/support/users/dlmweb/)
 * (@dlmweb)
 * [9 years, 6 months ago](https://wordpress.org/support/topic/malware-found-in-plugin/#post-8499485)
 * Ditto.
    WordFence has flagging this file on at least a dozen client sites that
   use GSS plugin.
 * Nathan, Ron, can you check please?
    Thank you.
 *  [agruden](https://wordpress.org/support/users/agruden/)
 * (@agruden)
 * [9 years, 6 months ago](https://wordpress.org/support/topic/malware-found-in-plugin/#post-8499569)
 * Am receiving the same alert on my sites as well. They do not appear to be newly
   installed or updated files by the time/date stamp.
 *  [wfryan](https://wordpress.org/support/users/wfryan/)
 * (@wfryan)
 * [9 years, 6 months ago](https://wordpress.org/support/topic/malware-found-in-plugin/#post-8499614)
 * The file was flagged because it matched the signature Win.Malware.Agent1592130909/
   CRDF-1 from the ClamAV databases. This and one other signature in those databases
   were hashes for single byte files (this one was a single \n character), so we’ve
   manually removed those two from the list we check against.
 *  [ross.feldman](https://wordpress.org/support/users/rossfeldman/)
 * (@rossfeldman)
 * [9 years, 6 months ago](https://wordpress.org/support/topic/malware-found-in-plugin/#post-8499926)
 * Ditto on the alert but it was found in a disabled plugin (Timber) so I removed
   the plugin from the site.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘MALWARE found in plugin?’ is closed to new replies.

 * ![](https://ps.w.org/genesis-simple-sidebars/assets/icon-256x256.png?rev=1335778)
 * [Genesis Simple Sidebars](https://wordpress.org/plugins/genesis-simple-sidebars/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/genesis-simple-sidebars/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/genesis-simple-sidebars/)
 * [Active Topics](https://wordpress.org/support/plugin/genesis-simple-sidebars/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/genesis-simple-sidebars/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/genesis-simple-sidebars/reviews/)

 * 4 replies
 * 5 participants
 * Last reply from: [ross.feldman](https://wordpress.org/support/users/rossfeldman/)
 * Last activity: [9 years, 6 months ago](https://wordpress.org/support/topic/malware-found-in-plugin/#post-8499926)
 * Status: not resolved