deleted - Suspicious File

[shine lee]

You have been exposed to a wormware script. We are working on the issue for that part.

Ask the experts for help.

first..
Thank you for reading despite your busy schedule.

The file has been deleted from your account.

File: /tmp/systemd-private-d99fef119af1470fa6454fd44ee8a883-ea-php74-php-fpm.service-9aIjhy/tmp/1632325446/zillapage/vendor/jaybizzle/crawler-detect/.github
Reason: Suspicious directory
Owner: cloudintvite**

A related email has arrived.

mp/1632325446/zillapage/vendor/jaybizzle/ /tmp/1632325446/zillapage/vendor/hisorange/browser-detect/.


However. Further transmission is suspected.

Will it attack other accounts from resident in memory??

If it penetrated into memory or root...

Is there any way to delete the virus?

The status of loading in memory.

We have deleted the currently exposed files and the files in the domains of the accounts.

We are watching to see if other accounts are contagious.


We need help from talented people.

Please help me.

/opt/alt/php-internal/usr/bin/php -n -d short_open_tag=on -d extension=json.so -d extension=mbstring.so -d extension=leveldb.so -d extension=posix.so -d extension=zip.so -d extension=hyperscan.so /opt/ai-bolit/ai-bolit-hoster.php --smart --deobfuscate --avdb /var/imunify360/files/sigs/v1/aibolit/ai-bolit-hoster-full.db --no-html --memory 2048M --progress /var/imunify360/aibolit/run/e46e3d5fd54e49baad30bba53138d5d2/progress --use-filters --use-heuristics-suspicious --path /home/hotcookk --skip-system-owner --ignore-quarantine --use-template-in-path --skip-imunify360-storage --with-suspicious --size 1048576 --rapid-account-scan /home/.rapid-scan-db/hotcookk --rapid-scan-rescan-frequency 2 --cloudscan-size 10485760 --encode-b64-fn --detached e46e3d5fd54e49baad30bba53138d5d2 --csv_report /var/imunify360/aibolit/run/e46e3d5fd54e49baad30bba53138d5d2/report.csv --quite --shared-mem-progress 4007394523876784678 --create-shared-mem

 

[cPRex]

Hey there! Can you let me know how you received this notification? In general, cPanel doesn't offer security scan services, so it would be best to work with an administrator directly to ensure there is nothing wrong with the machine and that things are taken care of. If you need to find an admin we have a list here: System Administration Services

 

[shine lee]

Hey there! Can you let me know how you received this notification? In general, cPanel doesn't offer security scan services, so it would be best to work with an administrator directly to ensure there is nothing wrong with the machine and that things are taken care of. If you need to find an admin we have a list here: System Administration Services

imunifyAV
ConfigServer Security & Firewall - csf v14.10
sent a message
I found the file in the relevant account and deleted it.

I don't know if that file is really bad.

The program is being used in several places.

We are using two default security programs.

Interested comments.
thank you.

 

[cPRex]

Thanks for the details - if that is a case, my previous advice of having an admin check the account to ensure there are no other issues would still be the best way to move forward.