Jump to content

[Solved] Suspended: Elmyra


Recommended Posts

Hello,

 

My account name is elmyra.

I've had a website on the stevie server since 2011.

My domain is at: clerith.heliohost.org

 

I do not know why my account was suspended. Some pages of my site are still available, but when I click into other pages, I get a page saying that my account has been suspended.

 

Would you please clarify why this has happened, and explain how to reactivate my account?

 

As I remember, I last visited by cpanel last week so I do not think it's because I've been inactive or anything like that.

 

I would appreciate your help. Thank you.

Link to comment
Share on other sites

Your account was suspended for the following reason:

 

Malware. 1 file(s). PHP.ShellExec FOUND

 

That means that there are some malware files found on your account.

 

For your safety and to protect your website from potential further corruption the account has been suspended.

 

To find the infected files we recommend making a backup of your site, download the backup file to your computer, and scan the backup using a reputable virus and malware scanner. If you're having trouble locating the offending files please ask and we can provide more information.

 

If you are you certain that it is a false-positive, we strongly encourage you to file a false positive form here: http://cgi.clamav.net/sendvirus.cgi

 

Your account should be unsuspended now, but keep in mind that this is a temporary unsuspension. You have 24 hours starting at the time of this post to clean your account of any and all malicious files or your account will be resuspended.

Link to comment
Share on other sites

I believe I've already done that. I ran Malwarebytes Anti-Malware on my home computer on 4/5/2014, and it found the following: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle). Malwarebytes Anti-Malware program deleted and quarantined against this malware successfully.

 

Can I assume that the malware has also been deleted from my account?

Link to comment
Share on other sites

Registry entries like the one listed are completely irrelevant to your hosting account.

 

You need to download a backup of your account, extract it, then run the scanner on those files. Delete anything found infected from both the backup and your account.

Link to comment
Share on other sites

Thanks very much to both of you - I'm unfamiliar with things like this.

 

So the problem file is v.php?

 

BTW, I already have a copy of my site on my computer, and I've run Malwarebytes' Anti-Malware on it. Should I just reload the entire thing? If there's an easier way to do it, I don't know how. *blush*

 

Again, thanks for all of your help!

Link to comment
Share on other sites

Yes, ClamAV is matching v.php as being the infected file. :)

 

If you didn't place v.php yourself in public_html, it is possible that other files *could* be infected, however.

Link to comment
Share on other sites

No, I didn't place v.php in public html myself. In fact, I didn't load that file at all.

 

I assume I should delete the file - but I'm not sure what else I need to do. How do I tell which files are infected and which aren't? Should I just delete all files and reload them from the copy I have stored on my computer?

 

Sorry I'm so ignorant about this stuff, but I've never had to deal with it before. And thanks again for all of your help!

Link to comment
Share on other sites

If you want to be completely sure all the malware is gone, removing all the files for your website and restoring them from your computer would be the way to do it.

 

To start though, please delete the v.php file so you don't get suspended again for it.

Link to comment
Share on other sites

Thank you VERY much! I've deleted the v.php file, and I've spent the last four hours deleting and then re-loading the files for my site from my computer. However, I do not think my computer is fast enough to restore all files within 24 hours (I only have a phone connection).

 

So I hope I will continue to have access to the file manager so I can continue uploading in case some files still look infected. I'm trying to do it as fast as I can.

 

Once again, thank you very much for your help!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...