wp-vcd wordpress malware removal step-by-step full solution
- By Preneesh AV --
- 28-Oct-2018 --
- 85 Comments
What is this WP-VCD malware?
WP-VCD is a WordPress malware inject by wp-vcd.php into WordPress core file and Rewrite function.php and class.wp.php file to put the malicious code and creates a secret admin user and hacker can control full website by put WP-VCD malware.
Remove WP-VCD malware from website or theme and plugins?
This malware injects in premium theme free version, so beware full before using premium themes free by downloading untrusted websites.
i) Please create a backup before doing this.
ii) Delete malware creator file form your theme and plugins. otherwise, malware will generate again. WP-VCD malware creator script file and is “class.theme-modules.php” and “class.plugin-modules.php”
Then right click theme and plugin folder, then click “search everything” if have plugin find with this “class.plugin-modules” and have then find “class.theme-modules”, do same in grepWin.
Find WP-VCD malware generator into theme and plugins?
After downloading theme and plugins extract the file, for search malware generator file you need to download two software, Everything, and grepWin
After installing both software you get two options if you right client any folder.In “search everything” if you found any file, delete them. Then in “Search with grepWin” if you found any file in search, you can see like this
Then right click theme and plugin folder, then click “search everything” if have plugin find with this “class.plugin-modules” and have then find “class.theme-modules”, do same in grepWin.
In “search everything” if you found any file, delete them. Then in “Search with grepWin” if you found any file in search, you can see like this
Open them and delete code .
if (file_exists(dirname(__FILE__) . '/class.plugin-modules.php')) include_once(dirname(__FILE__) . '/class.plugin-modules.php');
Remove files
/wp-vcd.php'
/wp-includes/wp-vcd.php
/wp-includes/class.wp.php
/wp-includes/wp-cd.php
/wp-includes/wp-feed.php
/wp-includes/wp-tmp.php
Go to /wp-includes/wp-post.php
Remove the following code. mostly found as first line.
if (file_exists(dirname(__FILE__) . '/wp-vcd.php')) include_once(dirname(__FILE__) . '/wp-vcd.php');
Theme files may be infected which need to be corrected to remove malicious code.
* File appears to be malicious:
wp-content/themes/twentyfifteen/functions.php
* File appears to be malicious:
wp-content/themes/twentyseventeen/functions.php
* File appears to be malicious:
wp-content/themes/twentysixteen/functions.php
