Here’s what I would do. USE AT YOUR OWN RISK
- Back up the files and MySQL
- Delete mvf.php
- Try editing .htaccess again and see if it works.
You can also try opening the mvf.php and seeing what’s in there. You can also try installing a security plugin like WordFence to scan your site, but I’d do a full malware clean up. WordFence offers that as well if you don’t know how.