grep -r "wp_class_support"
returns no results!
===Identified Malware===
Checking the files:
Both wp-content/themes and wp-content/plugins have an Oct 18 date on them. But both have subdirs with older access dates and seem clean. And the directory 2017/10 has Oct 4th dates on it but is empty. This is consistent with a numerically named php file being executed from here and then deleted.
According to the malware report it should target two additional files. We don't have WordFence, so only one is relevant:
locate wfScanEngine.php
locate class-wp-upgrader.php