0

i have found an unknown file at my wp-admin folder.i have used the wordfence plugin for scan and here's the error message:

" Unknown file in WordPress core: wp-admin/e9e6c70243f58b4144b87db4e3541ed9 "

What's interesting is i deleted it multiple times using wordfence and manually with file manager but after after refreshing the page it comes again and again.Any suggestion on how to get rid of this?

File name: e9e6c70243f58b4144b87db4e3541ed9

File type: text/x-generic

File contents: "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjlkMzI0N2IyMmE4Y2Q1MzA5Y2IzZjk1MzgwNjM1NmQyM2I0ZDViN2M2NTFkM2U2OGY2ODk4NGZjZThhM2I2YjI0ZjkyYjQwMDg0ZmUxMGY3In0.eyJhdWQiOiI5NSIsImp0aSI6IjlkMzI0N2IyMmE4Y2Q1MzA5Y2IzZjk1MzgwNjM1NmQyM2I0ZDViN2M2NTFkM2U2OGY2ODk4NGZjZThhM2I2YjI0ZjkyYjQwMDg0ZmUxMGY3IiwiaWF0IjoxNTk4MDQ3NjE3LCJuYmYiOjE1OTgwNDc2MTcsImV4cCI6MTU5ODA1MTIxNywic3ViIjoiIiwic2NvcGVzIjpbXSwidXNlciI6eyJpZCI6NzE1NzA5MywiZ3JvdXBfaWQiOm51bGwsInBhcmVudF9pZCI6bnVsbCwiYXJlYSI6InJlc3QifX0.NrDtOGrX3j5abiQYRZogP2qv5FHwh_gzAQZPMnZz2J4bOiVZk1n39VvSNQp-B_YjeFFA_bwnzjrt-f1BotVldq13Kh-4opeziKTD9tyEUJRHzspc4sYXR5M7ykh2OIRLxtGwspZUEB4Ts9Ioftr2o2DCWmajFJhZcSLrvg6X1S2uDMo2FSiOEV22PAKJZd0FTOWpb_lD1tt73mFLkbAjsqUs8KXpPRS49w3dAvnx9vSCWowa-kaagnNOfBibSR8AhyLs15glrjMuD8MOAqnLIOuO17FGHkxOu4ux67Iw3ZoTkBgCMYg27zxgBxm8Fh9U6kMXLCWX7WsIvc7w4p0qhA"

razu
  • 1
  • 3
  • How do you know it's malicious? CMS systems like Wordpress put all sorts of junk in all sorts of places. If it's malware, it doesn't need to sit in your admin folder and look suspicious. It'll be named notepad.sys or something and be in your Windows folder. – FoulFoot Aug 22 '20 at 01:27
  • This is a base64 encoded version of this: https://bshaffer.github.io/oauth2-server-php-docs/overview/jwt-access-tokens/ – Kaboodleschmitt Aug 22 '20 at 02:44
  • HI,Kaboodleschmitt. so it's not a malicious program right? Actually i am worried because it always back after i delete that,can you please tell me why i was not able to delete this? – razu Aug 22 '20 at 07:08

0 Answers0