Skip to main content

How to resolve infection found by ImunifyAV

Comments

6 comments

  • cPRex Jurassic Moderator
    Hey there! Is your Imunify license purchased through cPanel directly? If so, it would be best to create a ticket so we can see the specific issue in action and escalate to CloudLinux if necessary, as I would expect the tool to provide enough information for an end user to be able to handle it. While that formatting certainly does look like a cron job, it's not clear to me where that would be present. Do you see that file present in /var/tmp?
    0
  • tkserver
    Thanks cPRex. My imunify license is the "free" version through cPanel, which only scans but does not do any fixes. For a few years now I've been able to rectify manually any infections it has found until now. I did look in /var/tmp and the file is not present there.
    0
  • cPRex Jurassic Moderator
    Could you submit a ticket so we can check it out?
    0
  • tkserver
    Sure. Thanks. Do I do that by clicking submit a ticket in your signature? I did that and then get to a "submit a request" option at the bottom of the page. Is a request the same as a ticket? :-)
    0
  • cPRex Jurassic Moderator
    That's the one!
    0
  • SimpleSonic
    That is a cron job backdoor malware and is easily removed, but the real issue is how the attacker was able to create the cron job to begin with. Therefore, just removing the cron job is not going to "fix" the issue. Also, you might want to consider using Imunify360 to give you proactive protection rather than just using ImunifyAV which requires manual intervention when malware is found.
    0

Please sign in to leave a comment.