Title: New WordPress hack/virus
Last modified: August 21, 2016

---

# New WordPress hack/virus

 *  [dev22](https://wordpress.org/support/users/dev22/)
 * (@dev22)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/new-wordpress-hack/)
 * i am using wordpress 3.5.1 and lately my site was hacked (18/4).
 * as a result my site stopped completely loading returning blank page.
 * i found new folder in wp-content/plugins called “tv1”. it contains 3 files
 * class-wp-importer-cron.php
    mod_system.php tumblr-importer.php
 * this is the actual hack, especially file “mod_system.php”. it is chmoded to CHMOD
   200 so you cant normally view it. after changing chmod you can view the file 
   and you see actual virus which basically does lot of nasty thing with the whole
   server.
 * code here: [http://pastebin.com/wFC0xhEC](http://pastebin.com/wFC0xhEC)
 * i didnt analyze it all as it has 68 kB of code in it but it hacks your admin 
   user for sure and also creates shell to access your server.
 * i would appreciate if someone could fix this ASAP as it is very serious bug or
   at least point me in direction what is causing this.
 * i am really annoyed by fixing my wordpress every 2 months for new viruses and
   malware…

Viewing 1 replies (of 1 total)

 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/new-wordpress-hack/#post-3675191)
 * You need to start working your way through these resources:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * Anything less will probably result in the hacker walking straight back into your
   site again.
 * Additional Resources:
    [Hardening WordPress](http://codex.wordpress.org/Hardening_WordPress)
   [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) 
   [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)

Viewing 1 replies (of 1 total)

The topic ‘New WordPress hack/virus’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 1 reply
 * 2 participants
 * Last reply from: [esmi](https://wordpress.org/support/users/esmi/)
 * Last activity: [13 years, 1 month ago](https://wordpress.org/support/topic/new-wordpress-hack/#post-3675191)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics