4Probably not what you want to hear, but systems that have been infected by malware usually cannot be trusted. Partial recovery might lead you to think your system is secure again, which may not be the case. I would recommend wiping everything and reinstalling from scratch. – Frédéric Hamidi – 2013-01-12T11:57:48.973

Frédéric, you're right! I'm still need to do some research on that. But it looks like malware got in by a web shell script, through some plugin in old unupdated wordpress. but that should be still confirmed. The script its self was just creating directories with index.html files with redirect to some spammy websites. That all harm I've found has been done so far – None – 2013-01-12T12:06:51.773

1

Sorry to say that, but the fact that you've not found more doesn't prove the absence of more. Related: How do I deal with a compromised server?

@Jonas, no doubt! I still need to do some deep research. But from what I have found out already, this is the work of this script "Web Shell by oRb". And as far as I can tell, this script got in through some wordpress plugins. Thanks for the link, will read it – Alex Reds – 2013-01-15T22:41:42.247

@AlexReds from what I was able to find, its the worst category of malware you can get, as it gives the attacker something similar to a shell. – Jonas Schäfer – 2013-01-16T11:12:43.317