So after two days of wondering why my sites are lagging so much, I finally made it through my files via filezilla. I found some amazing s**t. There is a new file out there called inc.php, that is a particularly bad one. if you own a network like I do, it could be months before your able to actually find it an eliminate it. This came out of a wordpress installation, and we know those are vulnerable, but none the less, this is a nasty piece of work that everyone needs to know about. it uses a find .pwd parameter that allows the hacker to own your password. I am not sure of any other names that it is going around as at the moment, but I know that avira did give it a new ranking and name classification, meaning that it is something new. Hopefully that helps some of you to get it out there, and I know someone will be googling inc.php soon, and I hope they find this article, so they know they are infected. Bottom line, CHMOD, and check ur S**T! UPDATE: HERE IS WHAT VIRUSTOTAL HAD TO SAY ABOUT IT, 530AM est: I think what it is trying to say is that it's pretty new and pretty mean. that was the comment section. Only a few of the antiviruses (Avira, Avast and Trend Micro) had any positive result. AND THAT'S BECAUSE I SENT IT TO THEM OVER 6 HOURS AGO!!!