In recent days, I've published a lot on a WordPress malware attack that basically ruined my shared hosting account, with 16 domains.
Since then, I have opened a reseller account and I am moving the owner of the sites. On the notice of some posters, I use the plug-in All-in-One WordPress Migration, but I make sure to export only the publications (ie What I disable options to export themes, plugins or even essential WordPress files, as these could all be corrupted).
I just checked out the file manager and noticed some suspicious .txt files in / wp-content that looked like the activity I saw earlier:
Does this mean that the malware has been moved to the new host? And if so, does this mean that the SQL databases that I reported were themselves corrupted and loaded into the new file system?