WP-VCD is a malware that nests in various WordPress files. If it is not completely removed, the code can execute itself again and again.
If you use so-called Nulled Premium Plugins or Themes, these are modified files that can be found freely on the Internet and, unlike the original manufacturer’s site, are available free of charge. However, the disadvantage is that these usually also contain malicious code, which can damage large parts of the website as soon as the files are activated on the server.
Solution: In general, it is important to consider whether you want to download programs from unknown sources. If this has already been done, one should consider the following points.
1.) Backup the entire website.
2.) Delete the following files:
/wp-includes/wp-vcd.php
/wp-includes/class.wp.php
/wp-includes/wp-cd.php
/wp-includes/wp-feed.php
/wp-includes/wp-tmp.php
/wp-includes/class.theme-modules.php
/wp-includes/class.plugin-modules.php
3) Clean the source code in the following file:
/wp-includes/class.wp.php
/wp-content/themes/_usedTheme/functions.php
4) Search the server for the source by locating the following files:
class.theme-modules.php
class.plugin-modules.php
The easiest way to find the files is to access the web server via shell and use the following command to search all files on the server and then remove them.
find / -name gesuchteDatei.php