Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

infected files in virtfs

Discussion in 'Security' started by jlewis504, Mar 22, 2017.

Tags:
  1. jlewis504

    jlewis504 Registered

    Joined:
    Mar 22, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Oklahoma City, OK
    cPanel Access Level:
    Root Administrator
    A recent security scan showed that I have infected files in the virtfs folder. As I understand simply removing the files is not an option as any files that are mounted to the file will also be removed and will create an even bigger issue. My server provider recommends a complete rebuild of the OS. This is not something I want to do. I have used clamav for the security scan and below is a copy of some of the results. How do I determine if this could be a false positive and what options do I have other than rebuilding the OS for removal?

    home/virtfs/savanaux/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
     
    #1 jlewis504, Mar 22, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,659
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Does the scan show the same result for the /usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff file outside of the virtfs path?

    You can also review the following documents for instructions on how to remove a user's jailed shell environment:

    VirtFS - Jailed Shell - Documentation - cPanel Documentation

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Mar 23, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - infected files virtfs
  1. JarekN

    Site keeps on getting hacked - infected files

    JarekN, Mar 15, 2018, in forum: Security
    Replies:
    6
    Views:
    262
    cPanelMichael
    Mar 15, 2018
  2. KV Karia

    infected files detected in /tmp - how to find actual file name and path

    KV Karia, Nov 6, 2017, in forum: Security
    Replies:
    5
    Views:
    443
    cPanelMichael
    Nov 8, 2017
  3. net@work

    Checking `bindshell'... INFECTED (PORTS: 465 45454)

    net@work, May 16, 2018, in forum: Security
    Replies:
    6
    Views:
    143
    net@work
    May 18, 2018
  4. sepehrmm

    Account infected with malware script

    sepehrmm, Nov 18, 2017, in forum: Security
    Replies:
    2
    Views:
    442
    cPanelMichael
    Nov 20, 2017
  5. chetanmadaan

    Investigating Malware infected websites questions

    chetanmadaan, Mar 10, 2017, in forum: Security
    Replies:
    3
    Views:
    557
    cPanelMichael
    Mar 12, 2017

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice