Hi Eli!
Just one info for you. Namely, I scanned one of the sites with your fantastic plugin and for the following line in the wp-config.php file I got just warningthat it is a Potential Threat and in fact it is is real threat/backdoor script:
if(isset($_GET[w5838t])){ $auth_pass=”";$color=”#df5″;$default_action=”FilesMan”;$default_use_ajax=true;$default_charset=”Windows-1251″;exit; }
Can you change this in the GOTML so it recognize this php line as Known threat or similar so GOTML can clean it?
Thx, Ivica
First of all Eli: thank you a lot!!! You literally saved me: fast and efficiently… I really didn’t know how to clean this mess.
For all others who read this post: I made a donation to Eli (I believe first one 
) and I feel so good! If you have any security issues and you can’t clean your site, Eli must be your choice, if you want to get your site up and running (and clean) as speed as possible.
Eli, thx again, the best money I invested so far, I’m so glad I asked you for help
Ivica
Hi!
I used your fantastic tool (with updated definitions and with full scan) who cleaned a lot of infected files on my hacked site: http://test.california-gym.hr.
However, after “cleaning” the most sensitive file (wp-config.php with 1 backdoor script) my web site is broken. can you, please, tell me is it anyhow possible to clean this very important file, without breaking the site?
I would give you (Forum admin) all access details if needed to e-mail, to examine the situation and clean mentioned file, if anyhow possible. Thx a lot in advance!
Regards, Ivica
