Virus on Dedicated Server

  • Answered
The web development company setting up my website on the Dedicated Server (elite) which I have with your company - has sent the following email message to me about a virus on the server:

"We have found that there is virus on your server, please send message to your host provider to Scan all server files with CALM AV ANTIVIRUS as- public html and other all database files, and change all passwords and provide all logs to us.

If there is need to delete any files then please send file name to us."

Can you please attend to this as soon as possible.
Hello Ian, and thanks for your question. I have installed the ClamAV plugin for cPanel on your server as requested. You should now see under the Advanced section in cPanel, there is now a Virus Scanner icon that will allow you to scan either your files or e-mails. I also have written an article that details how to install and configure the ClamAV plugin for cPanel which also has instructions for how to run a scan on your own in the future. I went ahead and did a full scan of your home directory and it didn't come back with any results. However I took a manual look at your files and it looks like your .htaccess file was injected with malicious re-direct code to a Russian website's CGI script. I went ahead and left a copy in your home directory as .htaccess-HACKED, and removed the malicious re-direct code from the original file. If you have any follow-up questions to this problem I might suggest submitting an actual support ticket for it so that we can start talking about your account directly instead of in this public forum. In order to submit a ticket, please shoot an e-mail to ([email protected]) being sure to include your username, and the original cPanel password of your account or the last 4 digits of the credit card on file for verification. Let us know if you have any further questions at all. - Jacob