yashrs Posted June 23, 2015 Posted June 23, 2015 Your account was suspended for the following reason: CryptPHP. Please remove the files as soon as possible because this is the malware which causes us to get blocked by email providers. That means that there are some malware files found on your account. For your safety and to protect your website from potential further corruption the account has been suspended. To find the infected files we recommend making a backup of your site, download the backup file to your computer, and scan the backup using a reputable virus and malware scanner. If you're having trouble locating the offending files please ask and we can provide more information. If you are you certain that it is a false-positive, we strongly encourage you to file a false positive form here: http://cgi.clamav.net/sendvirus.cgi Your account should be unsuspended now, but keep in mind that this is a temporary unsuspension. You have 24 hours starting at the time of this post to clean your account of any and all malicious files or your account will be resuspended.
Byron Posted June 23, 2015 Posted June 23, 2015 I don't think this was found by clamscan. Let me escalate this to Krydos and see what he says.
Krydos Posted June 24, 2015 Posted June 24, 2015 Cryptophp has been wreaking havoc on our servers and very negatively affecting thousands of users. I can't just unsuspend your account. What I can do is provide you with a full backup of your data, which will include the malware files, wipe your account clean, and unsuspend the mostly empty account. Your databases, mail accounts, domains, etc will all still exist, but your files will all be deleted to ensure the infection is gone. I suggest you read http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/ and other information about keeping your site malware free to arm yourself with the knowledge of how to prevent this from happening again. This will be your only chance, and if your site ends up getting suspended again for cryptophp it will be a permanent suspension with no chance of recovery. Would you like to proceed?
Recommended Posts