SMW-INJ-18831-js.spam.remote-1

jlucho

Well-Known Member
Aug 5, 2006
95
1
158
hi

I have a hosting account with this infection alert (imunyAV detects it) but Clamav, Maldet, CXS do not detect it

SMW-INJ-18831-js.spam.remote-1
view image here ( https://i.imgur.com/jTW2KT8.png )

How can I clean only the malicious code from these files?
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,743
1,869
363
cPanel Access Level
Root Administrator
Hey there! It would be better to work with an admin familiar with server security to see how these files were modified before you make any additional changes, as that will alter the timestamps. If the source isn't found, the problem could just happen again.

After that, it might be best to restore the site from a backup that doesn't have the alterations.
 

ankeshanand

Well-Known Member
Mar 29, 2021
206
60
103
India
cPanel Access Level
Root Administrator
Only The root Administrator can fix these Files if he Makes Backups Daily/Weekly/Monthly.

From the WHM, Go to Imunify360 and Go to Settings>Backups. Enable Backups. If Imunify360 Finds any Old version of those infected files, It will give you an option to Clean the Files from the Backup but all those options are only available to the Server root user and not to a cPanel Account User.
 

AlphaPrime

Active Member
Aug 23, 2021
42
6
8
Romania
cPanel Access Level
Root Administrator
One of my clients has this one SMW-INJ-17160-php.spam.drwy-0
How to remove it? I have only Imunify+ and finds my only the index.php
From what I see on my client cpanel... This virus changes his htacces file!
 

Spirogg

Well-Known Member
Feb 21, 2018
700
157
43
chicago
cPanel Access Level
Root Administrator
I have only Imunify+
email support at cloudlinux since they are the makers of this program if you have a lic. they will be able to help you.