site is www.melissashelby.com
Received Malware warning when pulling it up 4 days ago. Looks like the problem might have happened while I was using the wordpress basic uploader for photos. The day the malware message showed up several of the uploaded photos started showing up blank with a question mark. The folder they were uploaded into no longer had my site's UID. The files that were blank also had the same invalid site id.
In addition, a folder labled rreeqs was added to my site with a bunch of trash that looked like hundreds of stupid links. A file labled wp-config.php.mar04 was also created and had my password, etc, in it. Every single one of my htm files and my valid wp-config.php file had a bogus js string added to them. I deleted all the js. Tech support - several hours later - was able to delete rreeqs (which I couldn't) and convert the UID on my upload folder back to the correct UID. In addition, I decided it was time to clean up a bunch of unnecesary files/folders/domains that i didn't use
Next morning, host is down for maintenance for several hours. When they come back up, it's like my site has been reverted back to where it was the previous day. All the clean up of unnecessary files is undone. Rreeqs and wp-config.php.mar04 and the bad UID are back. The only place I found the bad js string, however was in my wp-config.php. I did not have to reclean all of the other files. I had changed my passwords the night before so the wp-config.php.mar04 had the old password instead of the new one.
3 days later and I am still waiting on tech support to acknowledge my trouble ticket and at least respond to me. I want those files off my domain and can't do it myself. Or can I? Any ideas on what it is. Do you think my suspicion is correct that it came through the wordpress basic uploader or am I way off on that?