Hello,
Bluehost claims that my website is infected with malwares etc. So they deactivate my account. I am able to log into Bluehost's cpanel but I can't log into wordpress admin. I called them and they showed me a Malware.txt file which lists hundreds of files might have been infected. If their claim is true. My options are pretty followed:
1) Do the manual clean up myself. I know nothing about coding so I don't know if i should delete every file on the Malware.txt document or go through each one and locate the malicious code and remove it. I don't even know what to look for in those hundreds of files
2) Pay Bluehost $200 for site doctor. I read some articles from a couple of other bloggers who had the same issue and they paid $50 for Site Doctor. Am I missing something here?
Here are the links to the bloggers' claim
http://www.smartactiveblogger.com/false-malware-alert-deactivated-bluehost-account
http://easywebdesigntutorials.com/what-i-did-when-my-site-was-hacked
3) Recommended by Sucuri, I downloaded the Sucuri's script called WordPress-Fix.txt and uploaded to my FTP folder as a php file. However, I am unable to run it since my account has been deactivated. I called Bluehost and they said they can't run it.
https://blog.sucuri.net/2010/05/simple-cleanup-solution-for-the-latest-wordpress-hack.html
4) Do you know of a cheaper 3rd part Security service to purchase in order to clean up my site?
I just need to re-activate my site in order to install security measure to prevent this from happening again.
Appreciate any help!