Diff Engine shell file being flagged as Hash: denied

Just had a notice sent to a site admin from your system identifying an infected site. Looking into the report, your scanner is flagging: …/wp-includes/Text/Diff/Engine/shell.php as infected based on: Hash: denied

I first attempted to restore (replace with original) from the core and repeated scans show the same issue. Reinstalled the WP 6.6.2 update and get the same result. I then took the suspect file (actually all four from that directory) from a different site (same WP version on different server) and uploaded it to the first site, only to have the same alert generated.

When I subsequently scanned the 2nd site, it is showing the exact same warning of an infected site.
Do I have multiple sites with the same infection, or is there possibly an issue with the hash that is being used here to check the shell.php file? These files look like they’ve been out there since 10/23 and only just now is the CleanTalk scanner flagging them.

Thanks!

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer