I've just run cPanels virus scanner and its reported 5 " PHP.Trojan.WebShell-7 " files detected in oldcagefs\tmp
Is this directory anything to do with Wordfence? It contains several hundred files named 'sess_randomstringhere' and 'wordence01.tmp' (& 02,03 etc etc), as well as the infected files.
I've downloaded the files, but even my local anti-virus wont let me open them.
If they are not part of wordfence, maybe you would like me to send them to you, so you can incorporate some sort of defence into the plugin?
Thanks :)