So there's a couple wordpress themes that I downloaded earlier and when I run them through virus total ClamAV detects PUA.Script.Obfus. Found this in the footer: Code: <?php $_F=__FILE__;$_X='Pz4JPGQ0diA0ZD0iZjIydDVyIj4NCgkJRDVzNGduIGJ5IDwxIGhyNWY9Imh0dHA6Ly93d3cuSjFja1oxcC5DMm0iIHQ0dGw1PSJKMWNrejFwIC0gRDE0bHkgTjV3cyBTdDJyNDVzIj5KMWNrejFwIC0gRDE0bHkgTjV3cyBTdDJyNDVzPC8xPiANCgk8L2Q0dj4NCjwvZDR2PjwvZDR2PjwvZDR2Pg0KPC9iMmR5Pg0KPC9odG1sPg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?> Scanning all files individually now to see if anything gets detected in them. It's no biggie if it's only in the footer file as I can steal that from the demo footer. How can I find out if this is anything to worry about or just a false positive? edit-Only in the footer on this one. deleted it, scanned and it's clean.