lastofavari Posted December 27, 2013 Report Share Posted December 27, 2013 I've tried to upload zip archive on my website, powered by your shared hosting, but the file was deleted and I've got notification about trojan. I think, the problem is that your system overreacts to this cmd file in the archive: @echo off shutdown -s -f -t 10 -c "Shutting down..." and I don't think that standard console shutdown command is an any kind of trojan or virus. The first ticket I've submitted (SQK-184-66659) is still opened. It ends w/ this message: Hello, I will escalate this ticket to the Abuse department for further assistance. ------------------------------ Victor R. Support Department, Hawk Host I've got no response since than after a week of waiting tried to resubmit it myself (VDW-527-93913), but still - no answer at all. Is there something that can be done to fix this issue? I've attached the original zip archive, that I've got a trouble with. (this is the program I wrote in VB .NET - just a little timer that can launch selected program or open a document on a time out) timebomblite-1.2.3.zip Quote Link to comment Share on other sites More sharing options...
lastofavari Posted December 27, 2013 Author Report Share Posted December 27, 2013 This is the original trojan notification, if it can help: > Hello, > > Our systems performed a routine malware/virus scan on your account and > unfortunately located infected/malicious files. We've automatically moved > the infected files(s) out of your public_html directory into a safe, > quarantined directory. Below is the file our scanners were able to locate: > > /home/lastofav/public_html/timebomblite/timebomblite-1.2.3.zip > (quarantined to > /home/hawkinfected/cxsuser/lastofav/timebomblite-1.2.3.zip.1386892426_1) > ClamAV detected virus = [Trojan.BAT.Shutdown-2] > > Accounts are commonly exploited through outdated software, compromised > cPanel/FTP login details, or vulnerable themes/plugins in your > applications. We suggest rotating your cPanel and FTP passwords immediately > in the event they were compromised. Instructions on how to reset your > cPanel password can be found at > https://support.hawkhost.com/index.php?/Knowledgebase/Article/View/47/0/how-can-i-reset-my-cpanel-password > > If you would like more information regarding this infection, or are > looking for our assistance in cleaning up your account, please contact our > support team by either emailing [email protected] or submitting a > ticket at https://support.hawkhost.com. > Quote Link to comment Share on other sites More sharing options...
Tony Posted December 28, 2013 Report Share Posted December 28, 2013 Hello, I'll see if I can track down the ticket I'm not sure why it was sent to abuse as this issue would never get resolved there. It's worth noting though if ClamAV virus signatures are picking up on this archive it's highly likely we're not the only ones who would be blocking this archive. A good chunk of virus scanners would be blocking this file. Quote Link to comment Share on other sites More sharing options...
lastofavari Posted December 30, 2013 Author Report Share Posted December 30, 2013 Thanks for getting into it! Avast! antivirus is currently ok with it, although earlier (few months) it was falsely reporting too. I probably will try to built in shutdown feature directly into my tool. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.