Advantage premiun malicious code

After having a white page of death on my blog, I had contacted my providers support for help or suggestions. According to them, I had malicious code on my blog. They had pointed out to a log file, but turned out to be stats log. Finaly I found a solution via the web and the community.And got my site back up. But I replied to them that they didNt point me to the right logs. This morning they are saying that the vantage them is malicious code. Here is an excerpt of the answer by support;
Hello,
Please open the stats/scan.txt file through Filemanager. You can see the list of malicious files. However, I have added malicious file list below. Please remove the malicious file from account and upload the fresh copy of website files.
Malicious files:

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/themes/vantage/loops/loop-blog_noversion.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/themes/vantage/premium/functions.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/themes/vantage/premium/extras/mobilenav/images/next_indesit.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/themes/station/core/images/guide/positions_new.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/themes/pixel/images/comments_prevv1.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/themes/twentythirteen/inc/custom-header_new.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/themes/twentythirteen/languages/twentythirteen_ver1.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/themes/twentythirteen/genericons/font/genericons-regular-webfont_prevv1.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/themes/twentyfourteen/page-templates/full-width_old.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/themes/twentyfourteen/js/featured-content-admin_new.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/themes/twentyfourteen/genericons/Genericons-Regular_bck_old.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/plugins/wordpress-seo/vendor/composer/installers/tests/Composer/eb212a23_noversion.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/plugins/starbox/themes/business/3f7fe4ac_old.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/plugins/starbox/themes/admin/Notices_infoold.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/plugins/envira-gallery-themes/themes/showcase/.sass-cache/5360a7da_old.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/plugins/wordpress-social-login/includes/admin/components/networks/index_new.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/plugins/theme-my-login/modules/themed-profiles/admin/themed-profiles-admin_indesit.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/plugins/jetpack/modules/custom-css/custom-css_ver1.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/plugins/jetpack/modules/shortcodes/soundcloud_indesit.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/plugins/jetpack/views/admin/network-admin-footer_ver1.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-content/plugins/wp-plus-one/languages/wp-plus-one-es_ES_noversion.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-includes/SimplePie/HTTP/Parser_old.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-includes/SimplePie/Decode/612ddbbe_noversion.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-includes/js/swfupload/handlers_old.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-includes/js/tinymce/skins/wordpress/wp-content_bck_old.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-includes/js/tinymce/plugins/wpfullscreen/plugin_new.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-includes/js/tinymce/plugins/tabfocus/plugin_indesit.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-includes/js/tinymce/wp-mce-help_ver1.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-includes/js/jquery/ui/widget.min_old.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-includes/Text/Diff/Renderer_noversion.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-includes/certificates/ca-bundle_prevv1.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-admin/js/theme.min_prevv1.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-admin/options-reading_prevv1.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-admin/maint/repair_noversion.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-admin/includes/ms-deprecated_old.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-admin/css/colors/ocean/colors-rtl.min_prevv1.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-admin/css/colors/midnight/colors_noversion.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-admin/css/colors/_admin_ver1.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-admin/css/colors/coffee/colors_bck_old.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-admin/css/login-rtl_bck_old.php

/home/users/web/b1306/pow.mderom/blog/blog/wp-admin/images/comment-grey-bubble_infoold.php

/home/users/web/b1306/pow.mderom/cpv/htdocs/components/com_ndyfdf/cwfmkn.php

/home/users/web/b1306/pow.mderom/cpv/htdocs/components/com_hcibwc/pztctw.php

/home/users/web/b1306/pow.mderom/cpv/htdocs/components/com_ghbl/setz.php

/home/users/web/b1306/pow.mderom/cpv/htdocs/templates/akoautumnfog/index.php

/home/users/web/b1306/pow.mderom/cpv/htdocs/templates/JavaBean/hzuy.php

/home/users/web/b1306/pow.mderom/cpv/htdocs/language/hzuy.php

/home/users/web/b1306/pow.mderom/cpv/htdocs/index.php
If you have any further questions, please update this ticket from the Support Console.
Sincerely,
Kiran S

Technical Specialist
Please advise,
Marc Derome

URL: http://thruemyeyes.maximumd.ca

Hi Marc

Very sorry to hear about this. I know that it can be very frustrating having something like this happen.

First off I can assure you that the standard version of Vantage doesn’t have any malicious code. What can happen is that a plugin actually modifies a theme’s files to add malicious code. This is a way of ensuring the malicious code stays on your site, even after you disable the plugin.

So what I’d suggest is that you start by deactivating every single theme and plugin that you have installed, including Vantage. You can’t be sure which have been infected. Then reinstall Vantage Premium from a fresh ZIP file (let me know if you need help finding this). Then reinstall any plugins that you had before, making sure you only install plugins that you got from trusted sources, like the WordPress plugin directory.

Once you’ve done all that, ask your hosts to take another look to make sure you’re in the clear.

9 years, 6 months ago Greg Priday
Hi, I Work Here

Hi Marc
Very sorry to hear about this. I know that it can be very frustrating having something like this happen.
First off I can assure you that the standard version of Vantage doesn’t have any malicious code. What can happen is that a plugin actually modifies a theme’s files to add malicious code. This is a way of ensuring the malicious code stays on your site, even after you disable the plugin.
So what I’d suggest is that you start by deactivating every single theme and plugin that you have installed, including Vantage. You can’t be sure which have been infected. Then reinstall Vantage Premium from a fresh ZIP file (let me know if you need help finding this). Then reinstall any plugins that you had before, making sure you only install plugins that you got from trusted sources, like the WordPress plugin directory.
Once you’ve done all that, ask your hosts to take another look to make sure you’re in the clear.

Replies on this thread are closed. Please create a new thread if you have a question, or purchase a SiteOrigin Premium license if you need one-on-one email support.

Page Builder

Widgets Bundle

SiteOrigin CSS

SiteOrigin Installer

WordPress Themes

Site Packs

Support Forum

SiteOrigin Blog

Advantage premiun malicious code

Get The Most Out of SiteOrigin with SiteOrigin Premium