[clamav-users] Installing question

J.R. themadbeaker at gmail.com
Wed Mar 27 13:12:29 EDT 2019


> I do not know if the virus is on the server, in the files, or in the db.
> Here is what I know:
> Under each folder of each site, files appear with a name such as:
> f68z319m.php
> When visitors go to my websites, they get a message that the site is
> unsecured
>
> Does this information help identify the issue, or where to look for the
> virus?

Did you look at the contents of those files? Sounds like someone is
exploiting code to upload files which could then be used to do all
sorts of nasty things. That could be an issue with drupal or packages
on your system being out of date. Often that is just the first step
and once they upload one file they use it to upload a lot more in
hidden directories and modifying files and such...

I hope you have a recent backup...


More information about the clamav-users mailing list