Sthabile Posted January 10, 2014 Posted January 10, 2014 Hi, my domain is suspended due to suspected malware infection, could you kindly help me identify the problematic files on my serveruser name : sthabileserver: steviedomain: mrgrindsmith.com
Byron Posted January 10, 2014 Posted January 10, 2014 Your account was suspended for the following reason: Malware. 1 file(s). PHP.Trojan.Spambot FOUND That means that there are some malware files found on your account. For your safety and to protect your website from potential further corruption the account has been suspended. To find the infected files we recommend making a backup of your site, download the backup file to your computer, and scan the backup using a reputable virus and malware scanner. If you're having trouble locating the offending files please ask and we can provide more information. If you are you certain that it is a false-positive, we strongly encourage you to file a false positive form here: http://cgi.clamav.net/sendvirus.cgi Your account should be unsuspended now, but keep in mind that this is a temporary unsuspension. You have 24 hours starting at the time of this post to clean your account of any and all malicious files or your account will be resuspended.
Sthabile Posted January 10, 2014 Author Posted January 10, 2014 Hi, please help me identify the files, my antivirus comes up empty And I keep getting logged out
Byron Posted January 10, 2014 Posted January 10, 2014 The file is located here: /home1/sthabile/public_html/wp-content/uploads/2013/12/signoutNJ12.php 1
Sthabile Posted January 14, 2014 Author Posted January 14, 2014 the back ups I downloaded loose the file structure when I extract them, can I log in and delete the file on my server?
Byron Posted January 14, 2014 Posted January 14, 2014 This support request is being escalated to our root admin.
Krydos Posted January 15, 2014 Posted January 15, 2014 suspected malware infectionSuspected??!?!! Each time your account is unsuspended it starts trying to send about 50,000 spam emails per day which not only is against our ToS, but it causes massive load and basically crashes the entire server. Normally we don't edit or delete user's files for them, but you've already had way more than enough time to solve this yourself and you choose to do nothing. This makes me think that you're using the malware script and sending the emails on purpose. If you aren't actually the spammer that is trying to use our servers to send your spam emails you really need to secure your website to prevent hackers from uploading scripts to your account. You are responsible for your account and responsible for updating your CMS to prevent backdoors and responsible for anything your account does. Anyways, the file Byron told you about has already been deleted, and your account is unsuspended now. Please don't let this happen again. 1
Recommended Posts