TheHacker False Positive & Blacklist Removal
By DrGlenn — USA-based WordPress security specialist· 290+ cleanups across 34 countries· Updated June 22, 2026
Is a TheHacker detection a real problem?
TheHacker is a retired / discontinued engine. “The Hacker” antivirus by Hacksoft (Peru) was discontinued; hacksoft.com.pe is now only a security blog. It is no longer an active VirusTotal engine, so any verdict is legacy data. If you are seeing a TheHacker detection — almost always on an old VirusTotal report — it is very likely a stale, cached result from an engine that is no longer maintained, not proof your site is infected today.
What to do about it
- Re-scan with my free Is My Site Hacked? checker and on VirusTotal.
- Check whether any currently-maintained engines (Google Safe Browsing, Microsoft, Bitdefender, Norton, etc.) also flag you. If only retired engines like TheHacker show a hit, it is effectively a false positive you can disregard.
- If a live engine flags you too, your site likely has a real infection — get it cleaned and the detections clear.
Need a real cleanup or a delisting handled?
I am a USA-based WordPress security specialist. If your site is genuinely flagged by current engines, I remove the infection completely, submit the delistings on your behalf, and harden the site so it stays clean — one accountable person, not an overseas queue.
Get my site cleaned · See how it works · read my client reviews.
Frequently asked questions
Is a TheHacker detection dangerous? On its own, rarely — because TheHacker is no longer maintained, its verdicts are old. What matters is whether any current engine also flags you. Re-scan to be sure.
How do I remove a TheHacker detection? There is no active submission channel for a retired engine. Confirm your site is clean, ignore the stale flag, and if live engines also detect you, get a full cleanup.
More removal guides: Cylance (now Arctic Wolf), Cybereason, Agnitum (Outpost) · all vendor guides · full report-link directory.