WordPress malware keeps creating .ico files that are actually malicious php files. How to clean?
The .ico files contain obfuscated code. This malware also creates 8 letter php files with random names like hzgt33ez.php that also have obfuscated code. A scanner has identified those as backdoors. The problem is even if you delete all the .ico and 8 letter php files, tomorrow they appear again. I have deleted them a million times. I have spent days and months on google and I have seen 50 other people having the same infection and nobody has a solution that would preserve the sites but kill the virus. This malware also adds a line of code to your index.php wp-config and wp-settings. This line is obfuscated but it uses “include” and calls those .ico files. Almost all other sites on the server eventually get crosscontaminated because it jumps from folder to folder.