Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

infected files in virtfs

Discussion in 'Security' started by jlewis504, Mar 22, 2017.

Tags:
  1. jlewis504

    jlewis504 Registered

    Joined:
    Mar 22, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Oklahoma City, OK
    cPanel Access Level:
    Root Administrator
    A recent security scan showed that I have infected files in the virtfs folder. As I understand simply removing the files is not an option as any files that are mounted to the file will also be removed and will create an even bigger issue. My server provider recommends a complete rebuild of the OS. This is not something I want to do. I have used clamav for the security scan and below is a copy of some of the results. How do I determine if this could be a false positive and what options do I have other than rebuilding the OS for removal?

    home/virtfs/savanaux/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
     
    #1 jlewis504, Mar 22, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Does the scan show the same result for the /usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff file outside of the virtfs path?

    You can also review the following documents for instructions on how to remove a user's jailed shell environment:

    VirtFS - Jailed Shell - Documentation - cPanel Documentation

    Thank you.
     
    #2 cPanelMichael, Mar 23, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - infected files virtfs
  1. JarekN

    Site keeps on getting hacked - infected files

    JarekN, Mar 15, 2018, in forum: Security
    Replies:
    6
    Views:
    143
    cPanelMichael
    Mar 15, 2018
  2. KV Karia

    infected files detected in /tmp - how to find actual file name and path

    KV Karia, Nov 6, 2017, in forum: Security
    Replies:
    5
    Views:
    339
    cPanelMichael
    Nov 8, 2017
  3. sepehrmm

    Account infected with malware script

    sepehrmm, Nov 18, 2017, in forum: Security
    Replies:
    2
    Views:
    350
    cPanelMichael
    Nov 20, 2017
  4. chetanmadaan

    Investigating Malware infected websites questions

    chetanmadaan, Mar 10, 2017, in forum: Security
    Replies:
    3
    Views:
    518
    cPanelMichael
    Mar 12, 2017
  5. Seb45874

    New Thread PHP-FPM and files permissions (.htaccess especially)

    Seb45874, Apr 21, 2018 at 1:34 AM, in forum: EasyApache
    Replies:
    0
    Views:
    8
    Seb45874
    Apr 21, 2018 at 1:34 AM

Share This Page