As a part of our WordPress maintenance package, we also offer Malware Removal and regular backups. During such a service, last week we noticed a malware in the functions.php file on one of our clients.

One Google search later we also found the original malware script that was used.

What we did to solve this problem

1. In wp-include directory, delete wp-vcd.php and class.wp.php files
2. In wp-include directory, open post.php and detele first php tag added by Malware.
3. Open theme’s functions.php file, and delete the above codes.

This should stop all popups on your site. But justa regular clean up is not enough. Consider increasing your wesbite security by setting up a Firewall, scheduling backups and monitor login attempts.