php.malware.magento.598.UNOFFICIAL Virus on my new website

I’ve been tackling this also. Reset all passwords, cleared out all files but yet it comes back every few days.

• This reply was modified 1 year, 2 months ago by sparks8844.

I have same problem.
My C panel virus scanner finds some infected files, remove or quarantine them, but some days later same files are affected.
the biggest problem is my site speed decreased too much.

Check with your provider to see if it’s chewing up a lot of CPU time. I had some threads that needed to be killed.

Hi @onlinemartez1,

Are the flagged scan results direct output from ClamAV or are they mirrored in your Wordfence scans? If it’s the former, the results may be false-positives due to the type of logs being archived containing references to security issues. It may be appropriate to speak to your host or ClamAV support in that case to confirm – as I wouldn’t want to ignore a legitimate issue.

If it’s the latter, could please I see a copy of the full output from the Wordfence scan?

Thanks,
Peter.

Hi @onlinemartez1.

How was your issue resolved? Were they false positives?

Thanks

I have the same problem, deleting files and appearing again… in minutes… what can i do?

I’m having the same issue since July. Around the 20th of each month the virus shows up in my virus scans on cPanel. They do not show up in Wordfence. They are coming from AWSTATS. I’ve asked my hosting provider to help resolve this as it seems to be coming from their end. I don’t know what they are doing to resolve this. Feel like I might be moving to a new hosting provider soon.
Anyone else having theirs show up in AWSTATS log files and zip files in the tmp and log directories?

Yes, I have the same every 2-3 days. I upload the files to https://www.virustotal.com/gui/home/upload and they all come out clean.

Following as I’m seeing this same issue on a new client’s CPanel

Hello, has anyone been able to resolve this? Or has anyone been able to confirm that these are false positives? I have found some files flagged as this as well and after uploading to Virus Total, they returned as zero found viruses. Any help would be greatly appreciated. Thanks in advance.

The host my client has the website on said that it was a false positive coming from Updraft. It took them 6 months to finally tell me that after countless back and forths. I have not received a virus report since they finally told me this. I have requested deep scans of the entire directory from them every week. So far so good. So maybe that was it.

Of course, after I posted that, what happens this morning? Another warning about this virus.