Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!


Affected versions: 2.3.3 and older, possibly more


  • Presence of wp-info.txt
  • Displayed version changed without upgrading.
  • Database modifications
  • New files ending in _new, _old, .pngg, .jpgg, .giff appearing inside writable directory

Please add details and fixes.

  • Remove _new/_old/.pngg/.jpgg/.giff files across entire server. This requires shell access and sudo/su privilages:
    • sudo find / -name wp-info.txt -exec /bin/rm -f '{}' \;
    • sudo find / -name *_new.php -exec /bin/rm -f '{}' \;
    • sudo find / -name *_old.php -exec /bin/rm -f '{}' \;
    • sudo find / -name *php.pngg -exec /bin/rm -f '{}' \;
    • sudo find / -name *php.jpgg -exec /bin/rm -f '{}' \;
    • sudo find / -name *php.giff -exec /bin/rm -f '{}' \;

Existing conversation found at:

Simptoms, identifying the virus and how to get rid of it found at:

See also