Sign in to follow this  
lastofavari

False antivirus alert

Recommended Posts

I've tried to upload zip archive on my website, powered by your shared hosting, but the file was deleted and I've got notification about trojan.

I think, the problem is that your system overreacts to this cmd file in the archive:

 

@echo off
shutdown -s -f -t 10 -c "Shutting down..."

 

and I don't think that standard console shutdown command is an any kind of trojan or virus.

 

The first ticket I've submitted (SQK-184-66659) is still opened. It ends w/ this message:

 

Hello,

I will escalate this ticket to the Abuse department for further assistance.

------------------------------
Victor R.
Support Department, Hawk Host

 

I've got no response since than after a week of waiting tried to resubmit it myself (VDW-527-93913), but still - no answer at all.

 

Is there something that can be done to fix this issue?

 

I've attached the original zip archive, that I've got a trouble with. (this is the program I wrote in VB .NET - just a little timer that can launch selected program or open a document on a time out)

timebomblite-1.2.3.zip

Share this post


Link to post
Share on other sites

This is the original trojan notification, if it can help:

 

 

> Hello,
>
> Our systems performed a routine malware/virus scan on your account and
> unfortunately located infected/malicious files. We've automatically moved
> the infected files(s) out of your public_html directory into a safe,
> quarantined directory. Below is the file our scanners were able to locate:
>
> /home/lastofav/public_html/timebomblite/timebomblite-1.2.3.zip
> (quarantined to
> /home/hawkinfected/cxsuser/lastofav/timebomblite-1.2.3.zip.1386892426_1)
> ClamAV detected virus = [Trojan.BAT.Shutdown-2]
>
> Accounts are commonly exploited through outdated software, compromised
> cPanel/FTP login details, or vulnerable themes/plugins in your
> applications. We suggest rotating your cPanel and FTP passwords immediately
> in the event they were compromised. Instructions on how to reset your
> cPanel password can be found at
> https://support.hawkhost.com/index.php?/Knowledgebase/Article/View/47/0/how-can-i-reset-my-cpanel-password
>
> If you would like more information regarding this infection, or are
> looking for our assistance in cleaning up your account, please contact our
> support team by either emailing support@hawkhost.com or submitting a
> ticket at https://support.hawkhost.com.
>

Share this post


Link to post
Share on other sites

Hello,

 

I'll see if I can track down the ticket I'm not sure why it was sent to abuse as this issue would never get resolved there.

 

It's worth noting though if ClamAV virus signatures are picking up on this archive it's highly likely we're not the only ones who would be blocking this archive.  A good chunk of virus scanners would be blocking this file.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this