False antivirus alert


Recommended Posts

I've tried to upload zip archive on my website, powered by your shared hosting, but the file was deleted and I've got notification about trojan.

I think, the problem is that your system overreacts to this cmd file in the archive:


@echo off
shutdown -s -f -t 10 -c "Shutting down..."


and I don't think that standard console shutdown command is an any kind of trojan or virus.


The first ticket I've submitted (SQK-184-66659) is still opened. It ends w/ this message:



I will escalate this ticket to the Abuse department for further assistance.

Victor R.
Support Department, Hawk Host


I've got no response since than after a week of waiting tried to resubmit it myself (VDW-527-93913), but still - no answer at all.


Is there something that can be done to fix this issue?


I've attached the original zip archive, that I've got a trouble with. (this is the program I wrote in VB .NET - just a little timer that can launch selected program or open a document on a time out)


Link to comment
Share on other sites

This is the original trojan notification, if it can help:



> Hello,
> Our systems performed a routine malware/virus scan on your account and
> unfortunately located infected/malicious files. We've automatically moved
> the infected files(s) out of your public_html directory into a safe,
> quarantined directory. Below is the file our scanners were able to locate:
> /home/lastofav/public_html/timebomblite/timebomblite-1.2.3.zip
> (quarantined to
> /home/hawkinfected/cxsuser/lastofav/timebomblite-1.2.3.zip.1386892426_1)
> ClamAV detected virus = [Trojan.BAT.Shutdown-2]
> Accounts are commonly exploited through outdated software, compromised
> cPanel/FTP login details, or vulnerable themes/plugins in your
> applications. We suggest rotating your cPanel and FTP passwords immediately
> in the event they were compromised. Instructions on how to reset your
> cPanel password can be found at
> https://support.hawkhost.com/index.php?/Knowledgebase/Article/View/47/0/how-can-i-reset-my-cpanel-password
> If you would like more information regarding this infection, or are
> looking for our assistance in cleaning up your account, please contact our
> support team by either emailing [email protected] or submitting a
> ticket at https://support.hawkhost.com.

Link to comment
Share on other sites



I'll see if I can track down the ticket I'm not sure why it was sent to abuse as this issue would never get resolved there.


It's worth noting though if ClamAV virus signatures are picking up on this archive it's highly likely we're not the only ones who would be blocking this archive.  A good chunk of virus scanners would be blocking this file.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.