Sucuri says: Unable to properly scan your site. (HTTP Errors Returned)
Probably because you have Maintenance mode turned on right now, so I can’t tell if you site is still infected or not.
If you want to give me more info or turn your site back on so I can see what you are talking about then I can help you more.
I use clamscan and maldet too, but I’ve never had it flag my plugin before. You host must be using customized YARA Definitions that include the patterns written by Florian Roth. There is no telling how long it might take for his updates to reach the distribution branch that your host is using, so I have modified the relevant code in the latest release of my plugin so that it no longer matches this pattern.
I got a reply from Florian Roth. He says that he has fixed his YARA definitions But I still see the old definitions published on other sites. Where do you get your YARA definition updates?
Yes, this is a False Positive, thanks for reporting this to me. I have notified Florian Roth (the developer who published that YARA Definition), but I am not confident that he can do much about it as it is open source and in distribution for over a year. Plus it may have been forked and redistributed by other developers, so I will be changing my code so that it will not match this definition any more.
This sounds like the classic shared hosting conundrum. Most shared hosting servers are wide open to crossover attacks, where a back-door or cron task on one site will infect many or all of the other sites on the server. If you can’t find the root source of the threat on any of your sites then it could be coming from a site on another account and there may not be much you can do about that.
I suggest switching to another, more secure, hosting environment. I do offer Super Secure Hosting for just such a problem as this and I can guarantee that your sites will not get re-infected on any of my servers. If you are interested in switching to my Super Secure Hosting then you can email me directly and we can discuss you particular hosting needs. If you are going to move to any other hosting providers, I suggest that you spread out your sites on different accounts/servers to minimize the crossover threat and isolate any problems you may bring over to the new server (if you put an infected site on any of my servers it would not be a problem).
PHP code is safe to download, and you can email it to me directly. If you would rather I handle the file directly on your server you can also just send me your login info and I will look at it in-place.
My plugin is obviously not malicious and does not contain a WebShell in it original installation source. However, I cannot tell you if this version that was detected by Maldet was modified or if it is a False Positive unless you send me that file so I can check it.
I have just whitelisted this false threat so that it will not be incorrectly flagged as malicious. Please download the latest definition updates and let me know if you have any more issues like this.
I think this is actually a False Positive. Please don’t do anything with it yet. Let me take a look at the definitions and get back to you…
LOL, I think the design is more modern than that, I would say late 90′s at least. 
I know it’s an old theme and I am admittedly a poor website designer, but I am a decent coder and the process of finding and removing malicious code from an infected site is not a simple task.
I am sorry for any confusing or unintuitive content and I assure you that it is not intentional.
Of all your gripes here the one that stands out for me is that my plugin says that your key is not registered. I have checked your account and found that there are actually no sites registered to this email address. I can see that you did register 4 days ago but I honestly don’t know what happened to your registration.
Furthermore, if it’s saying that your key is not registered it should then present the pre-filled registration form so that you can register the key. If it is not showing you this form on the Anti-Malware Settings page in your wp-admin then something is certainly wrong there. I know this malfunction can only affirm you lack of confidence in my plugin and my coding skills but I would like to help you get to the bottom of this. I believe there is a reasonable explanation for this glitch and I know that I can find it and fix this for you if you are willing to give me this chance to redeem myself.
Would you be willing to send me a screenshot of the Anti-Malware Settings page and check the error console in your browser to see if there are any Javascript errors on that page? Alternatively, if you are willing to provide me with a wp-admin login to your site I will check it myself and let you know what I find.
I am not familiar with iControl, does it use the XMLRPC feature? If so, you can allow access to you XMLRPC in the Firewall Settings or you can add the iControl server IP addresses to the “allow” list in your .htaccess file.
I see your donation on my end. Everything should show up on your end too. Maybe you just need to refresh. If you still don’t see it then please send me a screenshot so that I can understand what’s missing.
There may be a variation between the URL that you already registered and the URL that you are currently using to access your site. Just re-register you current URL from the pre-filled registration form on your current wp-admin page and it should work.
There is probably a setting in your File Manager to show hidden files, but if the permissions are locked down then it may not help anyway.
You may need to get your hosting providers help with elevated privileges so that they can remove those directories for you.
It sounds like maybe you are having some kind of caching issue where you are getting mixed results from the update script, or maybe you server is not able to connect to my server properly for the automatic updates.
If you would like to send me a wp-admin login for one of your sites so I can check it myself then you can email me directly.
