In some cases, malware-infected sites may not be able to delete malicious files due to permission errors (write permission errors).
When you connect to the server with FTP software and try to delete the malware, you cannot delete or move the malicious file due to a file write permission error.
The reason for this is most likely that the malware has rewritten the write permissions of one level up where WordPress is located to be unwritable, causing a permission error.
Set the permissions of the folder one level above where the malicious file is located and the malicious file you want to delete to 755 (writable by administrator permissions) before deleting it.
If you cannot change the write permission of the folder one level above, or if it immediately reverts back to not writable on its own
On some servers, you may not be able to use FTP software to select the folder above the one containing WordPress and change the permissions.
In this case, you may be able to change the permissions via the program by creating a PHP file like the one below, uploading it to a writable folder one level below the WordPress folder, and accessing it with a browser.
fix.php
<?php
@chmod("../../", 0755);//make the permissions on the two upper folders writable
If the WordPress folder immediately reverts back to un-writable on its own.
In this case, malware may have become resident in the server process and immediately revert the changed folder’s writable permissions.
Therefore, to make the folder writable, you must stop the main body or resident process that is creating the malware that resides in the process.
The process may be stopped with a PHP program such as the following
*The code below may stop PHP and in some cases may require a server restart. Use at your own risk.
shell_exec("ps aux | grep -i php | awk {'print $2'} | xargs kill -9");
You can also use the Malware Detection Plug-in to inspect and remove the malware itself.
Free] WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
