> I do not know if the virus is on the server, in the files, or in the db. > Here is what I know: > Under each folder of each site, files appear with a name such as: > f68z319m.php > When visitors go to my websites, they get a message that the site is > unsecured > > Does this information help identify the issue, or where to look for the > virus?
Did you look at the contents of those files? Sounds like someone is exploiting code to upload files which could then be used to do all sorts of nasty things. That could be an issue with drupal or packages on your system being out of date. Often that is just the first step and once they upload one file they use it to upload a lot more in hidden directories and modifying files and such... I hope you have a recent backup... _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
