I got infection by a malware in some Wordpress websites that are installed in a remote Windows Server 2016 with IIS
The malware is PHP/Remoteshell.C and Windows Defender catch it and put some files in the quarantine
Obviously those Wordpress websites are not working due some files are in the quarantine.
Example of infected files
plugins\google-analytics-for-wordpress\includes\admin\notifications\notification-bounce-rate.php
plugins\custom-sidebars\inc\class-custom-sidebars-cloning.php
My question is: Is possible to clean up or eradicate the malware from the infected files without the physical cancellation of the infected files ? The problem is that i don't have any backup of those older websites, so for me is necessary to clean up the files without delete them
My doubt is that the antivirus software (Windows Defender) by hitting the REMOVE button, deletes the file physically instead of cleaning it from the virus
I tried also restore the infected files with Windows Defender in their original folder, then disable the Windows Defender real-time protection, then scan the files with Malwarebytes premium, but it don't found the malware at all
Any help is appreciated for get rid of this problem
Thank you in advance
