Answer the question
In order to leave comments, you need to log in
How to remove virus from Wordpress site with SCAN REPORT?
I have websites on hostiq.ua hosting.
A letter has arrived:
"Good afternoon,
The anti-virus scanning system has detected an infection of the files of your account "HQ2 -t - domoctroy.ru".
This type of activity violates the rules for using our services, which are located at the link: https://hostiq.ua/acceptable-use -policy/
Due to the activity of the detected infection, we were forced to block the operation of the sites of your
account.Please
take measures to eliminate the infection and its causes and respond to this notification within 48 hours, otherwise we will be forced to suspend the service.
complaint is listed in the attached scan report. We look forward to hearing from
you."
There is nowhere to attach the report, but I will give a couple of lines:
----------- SCAN REPORT -----------
TimeStamp: Mon, 15 Apr 2019 21:37:52 +0000
(/usr /sbin/cxs --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --noforce --html --ignore /etc/cxs/cxs.ignore - -options MfSGhDZvmb --qoptions Mv --report /home/domoctro/cxs-home_domoctro-2019-04-15.log --sizemax 500000 --ssl --summary --sversionscan --timemax 30 --nounofficial --virusscan . /)
Scanning /home/domoctro:
'/home/domoctro/.cagefs/opt/alt/php72/var/lib/Exception_wp.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscation Exploit [P1557]]
'/home /domoctro/.cl.selector/Exception_wp.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscation Exploit [P1557]]
'/home/domoctro/.cpanel/ea-php-cli/credit.wse-znay.ru/wp-admin/Exception_wp.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscation Exploit [P1557]]
'/home/domoctro/.cphorde/meta/Exception_wp.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscation Exploit [P1557]]
'/home/domoctro/ .htpasswds/Exception_wp.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscation Exploit [P1557]]
How can I remove the virus?
SOS! SOS! HELP!
PS: sites were bought on Telderi (for a penny), I bought the domain name myself. The seller from Telderi was engaged in the installation of the main site and additional ones on the hosting. He promised to help with the problem (and dug somewhere on the hosting - he gave him access to the control panel), but then he disappeared somewhere and not a word or a spirit.
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question