256m is a lot but maybe it needs 512m for this file, it is a really large file. Also, maybe there is some other reason it’s not cleaning it, like file permissions or process timeout. Is there an error message of any kind when it fails?
No, Actually that threat is already in my definitions but I think it’s not finding it on your server because of a memory_limit setting in your php.ini file, because that file is very large.
Thanks for sending me this login info. I can see that it was not my plugin that caused this error on your site.
The errors are caused be the static calls to get_sidebars() and name_to_class() on lines 52 and 57 in wp-content/themes/AVADA-3.0/framework/plugins/multiple_sidebars.php
My plugin didn’t touch that file and I restored the two files it did fix in your theme but that did not fix the error so I removed those two malicious threats again. It looks like that theme is using bad code and it needs to be fixed. Maybe there is an update or something. You should check with the developer or reinstall the theme (or another theme).
Thanks for sending these to me! I have fixed the definition that found that threat in your theme header so that it no longer breaks the syntax of that file when it fixes it (it was accidentally removing too much code).
I am working on that other threat now to see why it does not clean it…
It sounds like whatever security hole allowed this hacker to exploit your site is still there. If you have run a Complete Scan on your entire site but the same threats keep coming back then the root of the problem might not be inside this site at all.
Is this site hosted on a shared server with other sites? Is possible that one of the other sites on this server is infected and that infection is spreading onto your site.
It seems to be working fine now. I can see that both plugins have the protection installed on you login page now and there is no conflict. You server’s sessions are working normally now and you should not get blocked when you try to login. I’m not sure what caused the problem you originally had but looks like it’s working fine now.
Please let me know if you have any more problems with it.
No, I am not asking to see any scan log because the details I want to see are not saved. The full detail of a scan are only presented in real time at the end of the scan.
If you have already downloaded the latest definition updates then please run the Complete Scan again and show me what it finds.
It looks like you have disabled my plugin so I cannot test it on your site. The error you got was a “No Session” error, which means that your server was not maintaining a persistant session thoughout your login attempts. I can’t tell you why your sessions are not working without access to your site but I can see that you are also using All-in-One WordPress Security maybe there was a conflict with that plugin’s login page additions, I will test that plugin on my site. Which of the two plugins did you install first? and What was the last change you made to you security or serv setting before you started having this problem?
Yes, I see that those links are redirecting to a drug sales website. Have you downloaded the latest definition updates for my plugin and ran another Complete Scan?
Can you send me the results of your last Complete Scan via email?
This is a different kind of threat, maybe it was there from the fist hack, can you fix it with my plugin and then check the infection dates in the Quarantine to see if they are the same as the last infection or if they are newer?
My plugin has always been capable of scanning the site’s root directory, so if you have other sites installed within that directory it may be able to scan them all. You can change the directory level where the scan starts on the Scan Settings page or add all those other site directories to the list of folders to exclude from the scan if you want to.
Yes, I would “network activate” the plugin so that it can be run from any of the site, however you should know that only a Network Admin can run the scans.
Because the files are shared by all the site on a multisite install this means that fixing one site will fix them all.
Thanks again for send me the whole code in this file. I fixed the definition for that threat so now the whole script will be removed, which should fix the problem of the site going down. Please download the new definition update and try it again to make sure it works for you.
Let me know if you have any more problems.
Thanks for posting that code for me. This is a new variation on an old threat. I have added the new variant to my definition updates so that it too can now be automatically fixed using my plugin.
Thanks for helping to keep this project on the cutting edge 
These URLs are currently returning 404 errors (which is good), this means that you have already removed the threat that was producing those pages. It looks like Google indexed those pages on the 12th and cached the spam content that was displayed at that time. Now you just have to wait for Google to re-index your site and clear out the cache for those pages. It may take some time but you can upload a current XML sitemap to Google Webmaster Tools and sometimes Request a Review to speed up the process of re-indexing those pages.
