Jump to content

Recommended Posts

Posted

Username: animo

Server: ?

main domain: animo.heliohost.org

 

I can't remember my server I was on. I used to check it in cpanel, which I can't access now.

If my memory is right, I logged in a few weeks ago (not more than a month).

 

Kind regards,

Posted

Your account was suspended for the following reason:

 

Malware. 1 file(s). ANDR.Trojan.GingerBreak FOUND

 

That means that there are some malware files found on your account.

 

For your safety and to protect your website from potential further corruption the account has been suspended.

 

To find the infected files we recommend making a backup of your site, download the backup file to your computer, and scan the backup using a reputable virus and malware scanner. If you're having trouble locating the offending files please ask and we can provide more information.

 

If you are you certain that it is a false-positive, we strongly encourage you to file a false positive form here: http://cgi.clamav.net/sendvirus.cgi

 

Your account should be unsuspended now, but keep in mind that this is a temporary unsuspension. You have 24 hours starting at the time of this post to clean your account of any and all malicious files or your account will be resuspended.

Posted

My complete backup failed, so I deleted most uncessary files, and downloaded the files I want to keep. I scanned them and found no virus (Antivir Antivirus). I didn't find any suspicious files myself.

Do you know in which file the virus was detected?

Judging from the name of the malware, it were probably the android files on the server. They were there for a test a long time ago (python libs for android), and have now been deleted.

Is it possible to receive an e-mail when this situation occurs again?

Posted
My complete backup failed, so I deleted most uncessary files, and downloaded the files I want to keep. I scanned them and found no virus (Antivir Antivirus). I didn't find any suspicious files myself. Do you know in which file the virus was detected? Judging from the name of the malware, it were probably the android files on the server. They were there for a test a long time ago (python libs for android), and have now been deleted. Is it possible to receive an e-mail when this situation occurs again?

 

I'm not told specifically what files are infected. Seems like the scanner was alerted by an Android 2.3 rooting application if you ask me. The suspension is our way of alerting you, might seem harsh but it keeps the account inaccessible to outside threats and the like until you decide to try and find out what's wrong. So all in all the system as it is is perfectly fine. An email can go weeks before being read, or an email service can send it to the junk/spam folder and delete it before the user catches it, the account suspended page isn't so easy to miss.

Posted

Thanks for the confirmation.

I think it's more than logical to shutdown a webpage contains a virus/malware.

In my case, I got the message from a regular visitor that the site was down. A quick e-mail may have prevented an unhappy visitor (and maybe more).

(My spam filter learns quick, and I often check my spam-folder.)

 

Kind Regards,

Guest
This topic is now closed to further replies.
×
×
  • Create New...