dmratcliffe

Account Suspended

8 posts in this topic

Looking at your account, it's infected a lot of malware/viruses.

root@tesla [/]# clamscan -r -i /home/dmrat/
/home/dmrat/public_html/Mcdrugs.co/w24114868n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/Mcdrugs.co/w19788275n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/Junkmail.tk/w18722775n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/Junkmail.tk/w82652133n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/dmratcliffe.tk/w83963164n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/dmratcliffe.tk/w43226829n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-content/plugins/customize-admin/libworker.so: Unix.Trojan.Roopre-1 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-content/plugins/customize-admin/info.php: Win.Trojan.Shell-49 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-content/plugins/customize-admin/error.php: Php.Exploit.C99-23 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-content/plugins/customize-admin/sys.php: Win.Trojan.Agent-1426769 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-content/themes/zerif-lite/w2513n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/dmratcliffe.tk/w13245847n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-admin/css/colors/midnight/syslib.php: Php.Malware.Agent-1426971 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-admin/css/colors/midnight/libworker.so: Unix.Trojan.Roopre-1 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-admin/css/colors/midnight/lib.php: Php.Malware.Agent-1426971 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-admin/maint/readme.php: Win.Trojan.Agent-1426769 FOUND
/home/dmrat/public_html/LifeSucks.tk/w84224915n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/LifeSucks.tk/w57024216n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/.trash/Junkmail.tk/wp-content/plugins/customize-admin/info.php: Win.Trojan.Shell-49 FOUND
/home/dmrat/.trash/Junkmail.tk/wp-content/plugins/customize-admin/error.php: Php.Exploit.C99-23 FOUND
/home/dmrat/.trash/Junkmail.tk/wp-content/plugins/customize-admin/sys.php: Win.Trojan.Agent-1426769 FOUND
/home/dmrat/.trash/Junkmail.tk/wp-admin/css/colors/midnight/syslib.php: Php.Malware.Agent-1426971 FOUND
/home/dmrat/.trash/Junkmail.tk/wp-admin/css/colors/midnight/libworker.so: Unix.Trojan.Roopre-1 FOUND
/home/dmrat/.trash/Junkmail.tk/wp-admin/css/colors/midnight/lib.php: Php.Malware.Agent-1426971 FOUND 

I deleted all of it but I'm not comfortable unsuspending your account, you don't know what changes and injections those made to your files.

Do you want a full backup of your account and you can start over from scratch?

Share this post


Link to post
Share on other sites
11 hours ago, Eli L said:

Looking at your account, it's infected a lot of malware/viruses.


root@tesla [/]# clamscan -r -i /home/dmrat/
/home/dmrat/public_html/Mcdrugs.co/w24114868n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/Mcdrugs.co/w19788275n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/Junkmail.tk/w18722775n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/Junkmail.tk/w82652133n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/dmratcliffe.tk/w83963164n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/dmratcliffe.tk/w43226829n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-content/plugins/customize-admin/libworker.so: Unix.Trojan.Roopre-1 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-content/plugins/customize-admin/info.php: Win.Trojan.Shell-49 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-content/plugins/customize-admin/error.php: Php.Exploit.C99-23 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-content/plugins/customize-admin/sys.php: Win.Trojan.Agent-1426769 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-content/themes/zerif-lite/w2513n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/dmratcliffe.tk/w13245847n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-admin/css/colors/midnight/syslib.php: Php.Malware.Agent-1426971 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-admin/css/colors/midnight/libworker.so: Unix.Trojan.Roopre-1 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-admin/css/colors/midnight/lib.php: Php.Malware.Agent-1426971 FOUND
/home/dmrat/public_html/dmratcliffe.tk/wp-admin/maint/readme.php: Win.Trojan.Agent-1426769 FOUND
/home/dmrat/public_html/LifeSucks.tk/w84224915n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/public_html/LifeSucks.tk/w57024216n.php: Win.Trojan.Trojan-888 FOUND
/home/dmrat/.trash/Junkmail.tk/wp-content/plugins/customize-admin/info.php: Win.Trojan.Shell-49 FOUND
/home/dmrat/.trash/Junkmail.tk/wp-content/plugins/customize-admin/error.php: Php.Exploit.C99-23 FOUND
/home/dmrat/.trash/Junkmail.tk/wp-content/plugins/customize-admin/sys.php: Win.Trojan.Agent-1426769 FOUND
/home/dmrat/.trash/Junkmail.tk/wp-admin/css/colors/midnight/syslib.php: Php.Malware.Agent-1426971 FOUND
/home/dmrat/.trash/Junkmail.tk/wp-admin/css/colors/midnight/libworker.so: Unix.Trojan.Roopre-1 FOUND
/home/dmrat/.trash/Junkmail.tk/wp-admin/css/colors/midnight/lib.php: Php.Malware.Agent-1426971 FOUND 

I deleted all of it but I'm not comfortable unsuspending your account, you don't know what changes and injections those made to your files.

Do you want a full backup of your account and you can start over from scratch?

I'd love a backup if I could have one, do you know why or how this happened? or have an idea, wordpress or anything?

 

Share this post


Link to post
Share on other sites
8 hours ago, dmratcliffe said:

I'd love a backup if I could have one, do you know why or how this happened? or have an idea, wordpress or anything?

 

Probably a combination of not keeping WP or your scrips updated, and downloading plugins/themes/scripts from unsafe and not trusted sources. Downloading pirated software is also common too.

Share this post


Link to post
Share on other sites
On 6/1/2016 at 9:55 PM, Eli L said:

Probably a combination of not keeping WP or your scrips updated, and downloading plugins/themes/scripts from unsafe and not trusted sources. Downloading pirated software is also common too.

My wordpress was up to date and I never really used public scripts or used extentions.

I would mainly just like my main servers website if you could give me a copy of that and are the databases O.K?
Everything else I can remake but that would take much longer and since switching computers I seem to have misplaced site backups and am trying to find them but they may be gone.

Share this post


Link to post
Share on other sites

 

5 hours ago, dmratcliffe said:

My wordpress was up to date and I never really used public scripts or used extentions.

I would mainly just like my main servers website if you could give me a copy of that and are the databases O.K?
Everything else I can remake but that would take much longer and since switching computers I seem to have misplaced site backups and am trying to find them but they may be gone.

I sent you a PM with the backup. Is everything there?

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now