deleted - Suspicious File

shine lee

Member
Apr 20, 2019
8
0
1
KOREA
cPanel Access Level
Root Administrator
You have been exposed to a wormware script. We are working on the issue for that part.

Ask the experts for help.

first..
Thank you for reading despite your busy schedule.

The file has been deleted from your account.

File: /tmp/systemd-private-d99fef119af1470fa6454fd44ee8a883-ea-php74-php-fpm.service-9aIjhy/tmp/1632325446/zillapage/vendor/jaybizzle/crawler-detect/.github
Reason: Suspicious directory
Owner: cloudintvite**

A related email has arrived.

mp/1632325446/zillapage/vendor/jaybizzle/ /tmp/1632325446/zillapage/vendor/hisorange/browser-detect/.


However. Further transmission is suspected.

Will it attack other accounts from resident in memory??

If it penetrated into memory or root...

Is there any way to delete the virus?

The status of loading in memory.

We have deleted the currently exposed files and the files in the domains of the accounts.

We are watching to see if other accounts are contagious.


We need help from talented people.

Please help me.



/opt/alt/php-internal/usr/bin/php -n -d short_open_tag=on -d extension=json.so -d extension=mbstring.so -d extension=leveldb.so -d extension=posix.so -d extension=zip.so -d extension=hyperscan.so /opt/ai-bolit/ai-bolit-hoster.php --smart --deobfuscate --avdb /var/imunify360/files/sigs/v1/aibolit/ai-bolit-hoster-full.db --no-html --memory 2048M --progress /var/imunify360/aibolit/run/e46e3d5fd54e49baad30bba53138d5d2/progress --use-filters --use-heuristics-suspicious --path /home/hotcookk --skip-system-owner --ignore-quarantine --use-template-in-path --skip-imunify360-storage --with-suspicious --size 1048576 --rapid-account-scan /home/.rapid-scan-db/hotcookk --rapid-scan-rescan-frequency 2 --cloudscan-size 10485760 --encode-b64-fn --detached e46e3d5fd54e49baad30bba53138d5d2 --csv_report /var/imunify360/aibolit/run/e46e3d5fd54e49baad30bba53138d5d2/report.csv --quite --shared-mem-progress 4007394523876784678 --create-shared-mem
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,442
1,004
313
cPanel Access Level
Root Administrator
Hey there! Can you let me know how you received this notification? In general, cPanel doesn't offer security scan services, so it would be best to work with an administrator directly to ensure there is nothing wrong with the machine and that things are taken care of. If you need to find an admin we have a list here: System Administration Services
 
  • Like
Reactions: shine lee

shine lee

Member
Apr 20, 2019
8
0
1
KOREA
cPanel Access Level
Root Administrator
Hey there! Can you let me know how you received this notification? In general, cPanel doesn't offer security scan services, so it would be best to work with an administrator directly to ensure there is nothing wrong with the machine and that things are taken care of. If you need to find an admin we have a list here: System Administration Services
imunifyAV
ConfigServer Security & Firewall - csf v14.10
sent a message
I found the file in the relevant account and deleted it.

I don't know if that file is really bad.

The program is being used in several places.

We are using two default security programs.

Interested comments.
thank you.