The rms_unique_wp_mu_pl_fl_nm.php file is part of a remote access hack.
You probably got it from a plugin download from thewordpressclub.org who include it on every plugin ( read their terms & conditions – this allows them remote access to any site with a plugin downloaded from them ) even though they say the plugin is original and untouched.
Try deleting it and it will keep re-installing itself. Until you uninstall the plugin that runs rms-script-ini.php and rms-script-mu-plugin.php when installed.
Be careful with any so-called nulled or cracked plugin. They cause more trouble than they are worth.
So FTP into your site and go through the plugins until you find the 2 files above and remove the plugin/s. Then delete the rms_unique_wp_mu_pl_fl_nm.php file, job done.
Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.
