Sending spam and exceeding the CPU resources are often the result of malicious processes. As a rule, the website owner may find out about the presence of viruses only after the account is suspended.
If you received such a notification, contact support to remove the account suspension, after which access will be restored.
Infection with a virus happens through external requests to the website, so it is crucial to block access to the websites while viruses are being eliminated. If you don’t do it, the website will be re-infected and your virus removal efforts will be useless. Technical support will open access to the account while keeping access to the websites blocked.
First, you need to run an antivirus scan. You will need a dedicated website antivirus software. Here are some of them: Manul, ai-bolit, Santi. We recommend using ai-bolit, as it offers good results out of free antivirus software.
To run an antivirus scan, follow these steps:
1. Sign in to your account. In the panel on the left, select a corresponding hosting service. In the left panel, enable SSH access.
2. Sign in using SSH with the help of putty utility. You can download it from the official website at putty.org. To sign in, use the cPanel credentials from your account: login, password and host. Port 22.
3. Run this command in putty:
mkdir ai && mkdir ai/reports && cd ai
4. Go to the official website of the antivirus and download the archive with the antivirus: ai-bolit.zip (Ai-bolit for a website, universal version). Upload the archive into the ai folder in your account. Run the following command in putty:
unzip ai-bolit.zip && php $HOME/ai/ai-bolit/ai-bolit.php --path=$HOME --report=$HOME/ai/reports/report.html --mode=2 --skip=jpg,png,gif,jpeg,JPG,PNG,GIF,bmp,xml,zip,rar,css,avi,mov
Remember that content of the clipboard can be pasted in the putty window with a regular right-click or by pressing Shift+Ins.
5. Wait until the scan is finished. Find a report in the ai/reports folder.
Signs of infected files:
- unreadable or too general file names;
- digits in file names;
- unreadable variable names;
- the presence of hashes, base64_decode, eval, exec functions.
To eliminate viruses, replace infected files with clean copies of the engine/module/theme downloaded from official sources. If the downloaded copy does not contain a certain file, delete it.