TheHacker False Positive & Blacklist Removal

By DrGlenn — USA-based WordPress security specialist· 290+ cleanups across 34 countries· Updated June 22, 2026

Is a TheHacker detection a real problem?

TheHacker is a retired / discontinued engine. “The Hacker” antivirus by Hacksoft (Peru) was discontinued; hacksoft.com.pe is now only a security blog. It is no longer an active VirusTotal engine, so any verdict is legacy data. If you are seeing a TheHacker detection — almost always on an old VirusTotal report — it is very likely a stale, cached result from an engine that is no longer maintained, not proof your site is infected today.

What to do about it

  1. Re-scan with my free Is My Site Hacked? checker and on VirusTotal.
  2. Check whether any currently-maintained engines (Google Safe Browsing, Microsoft, Bitdefender, Norton, etc.) also flag you. If only retired engines like TheHacker show a hit, it is effectively a false positive you can disregard.
  3. If a live engine flags you too, your site likely has a real infection — get it cleaned and the detections clear.

Need a real cleanup or a delisting handled?

I am a USA-based WordPress security specialist. If your site is genuinely flagged by current engines, I remove the infection completely, submit the delistings on your behalf, and harden the site so it stays clean — one accountable person, not an overseas queue.

Get my site cleaned · See how it works · read my client reviews.

Frequently asked questions

Is a TheHacker detection dangerous? On its own, rarely — because TheHacker is no longer maintained, its verdicts are old. What matters is whether any current engine also flags you. Re-scan to be sure.

How do I remove a TheHacker detection? There is no active submission channel for a retired engine. Confirm your site is clean, ignore the stale flag, and if live engines also detect you, get a full cleanup.

More removal guides: Cylance (now Arctic Wolf), Cybereason, Agnitum (Outpost) · all vendor guides · full report-link directory.