I've had this for few months. The only thing i was able to do is to pay for virus protection but it is so expensive. Is there a way to find those hidden files? Do you think they are in the db or in the files? I am moving out to another server right now. Is there a good process to do this without copying the virus along with the files?
Thanks for your help On Wed, Mar 27, 2019 at 10:13 AM J.R. via clamav-users < clamav-users@lists.clamav.net> wrote: > > I do not know if the virus is on the server, in the files, or in the db. > > Here is what I know: > > Under each folder of each site, files appear with a name such as: > > f68z319m.php > > When visitors go to my websites, they get a message that the site is > > unsecured > > > > Does this information help identify the issue, or where to look for the > > virus? > > Did you look at the contents of those files? Sounds like someone is > exploiting code to upload files which could then be used to do all > sorts of nasty things. That could be an issue with drupal or packages > on your system being out of date. Often that is just the first step > and once they upload one file they use it to upload a lot more in > hidden directories and modifying files and such... > > I hope you have a recent backup... > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- *Mohamed Omar Makram, CPA* *Osiris CPA, PLLC <http://tucson-az-cpa.com/>Tele: (520) 906-1863* *Fax: (520) 448-0706*
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
