Chris beat me to it. Good speed Chris. I found others with this problem that weren't using WordPress, so it isn't a WordPress problem. As Chris points out, it is a local virus problem that steals your FTP credentials which then gives the person who receives this information a blank check to do anything they want to your site.
As Chris recommends, change all your FTP passwords. I'd also recommend that you change your WordPress passwords and re-install WordPress to ensure that all files are as they should be. You can easily do this by going to Tools > Upgrade and then clicking Re-install Automatically. To fully clean your WordPress install, you should remove and re-install all of your plugins and themes. That would be the quickest, easiest way to ensure that you don't have any hidden code modifications. It is worth pointing out that even after doing all of this, it is possible that new files were loaded onto your site that would allow them to gain a foothold again. To fully remove all the changes, you might have to make a complete copy of all the site files, delete everything, do a fresh manual installation of WordPress, and then copy back your wp-content/uploads files. Then you will need to reinstall all your themes and plugins. At this point, you should go through all the wp-content/uploads directories and delete any PHP files that you find. This is a very good reminder that a compromised local system can compromise your servers and websites. Make sure you keep your systems clean. Chris Jean http://gaarai.com/ http://wp-roadmap.com/ http://dnsyogi.com/ Chris Carter wrote: > Saw this on WP.org > > http://wordpress.org/support/topic/281767 > > Looks like a grumbman virus .. scan every PC you're using to FTP ... This > happened to a WP site of mine that I accessed FTP on my sister's PC > > Fucking virusues ... It apparently searches for FTP cridentals, then > transmits them.. > > change your FTP PWD. > > On Thu, Jul 23, 2009 at 3:52 PM, Paleo Pat <[email protected]> wrote: > > >> Oh.... Whew! My heart was racing there for a second... :D >> >> >> >> >> >> >> On Thu, Jul 23, 2009 at 4:50 PM, Navjot Singh <[email protected] >> >>> wrote: >>> >>> Sorry to mention..blog was on 2.8.1...didn't got time to upgrade...now >>> upgrading. >>> >>> On Fri, Jul 24, 2009 at 2:17 AM, Paleo Pat<[email protected]> >>> >> wrote: >> >>>> yikes! Not good. Hope there's a patch soon. >>>> _______________________________________________ >>>> wp-testers mailing list >>>> [email protected] >>>> http://lists.automattic.com/mailman/listinfo/wp-testers >>>> >>>> >>> _______________________________________________ >>> wp-testers mailing list >>> [email protected] >>> http://lists.automattic.com/mailman/listinfo/wp-testers >>> >>> >> _______________________________________________ >> wp-testers mailing list >> [email protected] >> http://lists.automattic.com/mailman/listinfo/wp-testers >> >> > _______________________________________________ > wp-testers mailing list > [email protected] > http://lists.automattic.com/mailman/listinfo/wp-testers > _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
