Tjoene Posted May 27, 2014 Posted May 27, 2014 Your account was suspended for the following reason: /home1/wwb/public_html/components/com_wrapper/eh9sth.php That means that there are some malware files found on your account. For your safety and to protect your website from potential further corruption the account has been suspended. To find the infected files we recommend making a backup of your site, download the backup file to your computer, and scan the backup using a reputable virus and malware scanner. If you're having trouble locating the offending files please ask and we can provide more information. If you are you certain that it is a false-positive, we strongly encourage you to file a false positive form here: http://cgi.clamav.net/sendvirus.cgi Your account should be unsuspended now, but keep in mind that this is a temporary unsuspension. You have 24 hours starting at the time of this post to clean your account of any and all malicious files or your account will be resuspended.
wwb Posted May 27, 2014 Author Posted May 27, 2014 Thanks for the response. However, I still can not access my account to check on the suspected infection. Am not being authenticated by CPanel however many times I try logging in. Please help me access my account so that I can review the files and confirm the suspected malware.
wwb Posted May 27, 2014 Author Posted May 27, 2014 Thanks. It now works. Let me review the files and do the necessary.
wwb Posted May 28, 2014 Author Posted May 28, 2014 I have submitted the suspect file to CLAMAV since none of the antivirus or malware scanners could detect any issue with the file, after downloading a backup to local computer. I hope my account shall remain active as CLAMAV is working on this, since the 24-hours that I was given shall be elapsing soon. I believe that it was a false-positive detection.
wwb Posted May 31, 2014 Author Posted May 31, 2014 I can not access my account. Does it remain unavailable until CLAMAV responds to my false-positive report?
Byron Posted May 31, 2014 Posted May 31, 2014 Okay of unsuspended your account again. This is the file that needs to be deleted: /home1/wwb/public_html/components/com_wrapper/eh9sth.php
Recommended Posts