----------- SCAN REPORT ----------- TimeStamp: Sun, 19 Sep 2021 21:20:46 +0100 (/usr/sbin/cxs --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --noforce --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/r17elec/public_html/scanSept19.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --nounofficial --virusscan --vmrssmax 2000000 --xtra /etc/cxs/cxs.xtra /home/r17elec/) Scanning /home/r17elec: '/home/r17elec/access-logs' # Symlink to [/usr/local/apache/domlogs/r17elec] '/home/r17elec/www' # Symlink to [public_html] '/home/r17elec/.cagefs/opt/alt/php44/link/conf' # Symlink to [/opt/alt/php44/etc/php.d] '/home/r17elec/.cagefs/opt/alt/php51/link/conf' # Symlink to [/opt/alt/php51/etc/php.d] '/home/r17elec/.cagefs/opt/alt/php52/link/conf' # Symlink to [/opt/alt/php52/etc/php.d] '/home/r17elec/.cagefs/opt/alt/php53/link/conf' # Symlink to [/opt/alt/php53/etc/php.d] '/home/r17elec/.cagefs/opt/alt/php54/link/conf' # Symlink to [/opt/alt/php54/etc/php.d] '/home/r17elec/.cagefs/opt/alt/php55/link/conf' # Symlink to [/opt/alt/php55/etc/php.d] '/home/r17elec/.cagefs/opt/alt/php56/link/conf' # Symlink to [/opt/alt/php56/etc/php.d] '/home/r17elec/.cagefs/opt/alt/php70/link/conf' # Symlink to [/opt/alt/php70/etc/php.d] '/home/r17elec/.cagefs/opt/alt/php71/link/conf' # Symlink to [/opt/alt/php71/etc/php.d] '/home/r17elec/.cagefs/opt/alt/php73/link/conf' # Symlink to [/opt/alt/php73/etc/php.d] '/home/r17elec/.cagefs/tmp/.s.PGSQL.' # Symlink to [/var/run/postgres/.s.PGSQL.] '/home/r17elec/.cagefs/tmp/.s.PGSQL.5432' # Symlink to [/var/run/postgres/.s.PGSQL.5432] '/home/r17elec/.cagefs/tmp/mysql.sock' # Symlink to [/var/lib/mysql/mysql.sock] '/home/r17elec/.cpanel/ea-php-cli/public_html/doodlesdesign.co.uk/.ea-php-cli.cache' # Symlink to [ea-php56] '/home/r17elec/.cpanel/ea-php-cli/public_html/doodlesdesign.co.uk/downloader/.ea-php-cli.cache' # Symlink to [ea-php56] '/home/r17elec/.cpanel/ea-php-cli/public_html/doodlesdesign.co.uk/downloader/js/.ea-php-cli.cache' # Symlink to [ea-php56] '/home/r17elec/.cpanel/ea-php-cli/public_html/electrocigs.co.uk/.ea-php-cli.cache' # Symlink to [ea-php56] '/home/r17elec/.cpanel/ea-php-cli/public_html/youmediaprint.co.uk/.ea-php-cli.cache' # Symlink to [ea-php56] '/home/r17elec/.cphorde/meta/latest' # Symlink to [horde.backup.sql.20151015] '/home/r17elec/basebotanics.youmediatest.co.uk/wp-content/themes/betheme/functions/admin/class-mfn-dashboard.php' # Universal decode regex match = [universal decoder] '/home/r17elec/etc/r17elec.rcube.db.latest' # Symlink to [r17elec.rcube.db.1629936752] '/home/r17elec/etc/3cpestsolutions.com/info.rcube.db.latest' # Symlink to [info.rcube.db.1629936752] '/home/r17elec/etc/bicycle-repairs.co.uk/info.rcube.db.latest' # Symlink to [info.rcube.db.1629936752] '/home/r17elec/etc/chrisdavies.me.uk/info.rcube.db.latest' # Symlink to [info.rcube.db.1629936752] '/home/r17elec/etc/contactcapital.co.uk/tessa.rcube.db.latest' # Symlink to [tessa.rcube.db.1629936753] '/home/r17elec/etc/doodlesdesign.co.uk/info.rcube.db.latest' # Symlink to [info.rcube.db.1629936752] '/home/r17elec/etc/electrocigarettes.co.uk/sales.rcube.db.latest' # Symlink to [sales.rcube.db.1629936752] '/home/r17elec/etc/ellisequine.co.uk/info.rcube.db.latest' # Symlink to [info.rcube.db.1617152818] '/home/r17elec/etc/epiccardcompany.com/info.rcube.db.latest' # Symlink to [info.rcube.db.1629936752] '/home/r17elec/etc/fusionforex.co.uk/info.rcube.db.latest' # Symlink to [info.rcube.db.1629936752] '/home/r17elec/etc/russell-roofing.co.uk/info.rcube.db.latest' # Symlink to [info.rcube.db.1629936752] '/home/r17elec/etc/sandstonetrailcottages.com/info.rcube.db.latest' # Symlink to [info.rcube.db.1629936752] '/home/r17elec/etc/sandstonetrailcottages.com/ray.rcube.db.latest' # Symlink to [ray.rcube.db.1629936752] '/home/r17elec/etc/specialchina.co.uk/sales.rcube.db.latest' # Symlink to [sales.rcube.db.1629936753] '/home/r17elec/etc/thelowerrectory.co.uk/sally.rcube.db.latest' # Symlink to [sally.rcube.db.1629936753] '/home/r17elec/etc/traditionalbeercompany.co.uk/info.rcube.db.latest' # Symlink to [info.rcube.db.1629936752] '/home/r17elec/etc/traditionalbeercompany.co.uk/liz.rcube.db.latest' # Symlink to [liz.rcube.db.1629936752] '/home/r17elec/etc/tyresntubes.co.uk/carl.rcube.db.latest' # Symlink to [carl.rcube.db.1617152817] '/home/r17elec/etc/you-media.co.uk/info.rcube.db.latest' # Symlink to [info.rcube.db.1617152818] '/home/r17elec/mail/.accounts@traditionalbeercompany_co_uk' # Symlink to [traditionalbeercompany.co.uk/accounts] '/home/r17elec/mail/.accounts@traditionalbeercompany_com' # Symlink to [traditionalbeercompany.com/accounts] '/home/r17elec/mail/.accounts@tyresntubes_co_uk' # Symlink to [tyresntubes.co.uk/accounts] '/home/r17elec/mail/.admin@traditionalbeercompany_co_uk' # Symlink to [traditionalbeercompany.co.uk/admin] '/home/r17elec/mail/.admin@traditionalbeercompany_com' # Symlink to [traditionalbeercompany.com/admin] '/home/r17elec/mail/.carl@tyresntubes_co_uk' # Symlink to [tyresntubes.co.uk/carl] '/home/r17elec/mail/.dave@thekitchenfaceliftcompany_co_uk' # Symlink to [thekitchenfaceliftcompany.co.uk/dave] '/home/r17elec/mail/.david-a-roberts@eastarchem_co_uk' # Symlink to [eastarchem.co.uk/david-a-roberts] '/home/r17elec/mail/.info@3cpestsolutions_com' # Symlink to [3cpestsolutions.com/info] '/home/r17elec/mail/.info@bestloansforpeoplewithbadcredit_org_uk' # Symlink to [bestloansforpeoplewithbadcredit.org.uk/info] '/home/r17elec/mail/.info@bicycle-repairs_co_uk' # Symlink to [bicycle-repairs.co.uk/info] '/home/r17elec/mail/.info@billhancock_co_uk' # Symlink to [billhancock.co.uk/info] '/home/r17elec/mail/.info@blozone_co_uk' # Symlink to [blozone.co.uk/info] '/home/r17elec/mail/.info@cherryhillpavilion_co_uk' # Symlink to [cherryhillpavilion.co.uk/info] '/home/r17elec/mail/.info@chrisdavies_me_uk' # Symlink to [chrisdavies.me.uk/info] '/home/r17elec/mail/.info@doodlesdesign_co_uk' # Symlink to [doodlesdesign.co.uk/info] '/home/r17elec/mail/.info@dpamperparties_co_uk' # Symlink to [dpamperparties.co.uk/info] '/home/r17elec/mail/.info@eastarchem_co_uk' # Symlink to [eastarchem.co.uk/info] '/home/r17elec/mail/.info@ellisequine_co_uk' # Symlink to [ellisequine.co.uk/info] '/home/r17elec/mail/.info@enchantedstrings_co_uk' # Symlink to [enchantedstrings.co.uk/info] '/home/r17elec/mail/.info@epiccardcompany_com' # Symlink to [epiccardcompany.com/info] '/home/r17elec/mail/.info@fusionforex_co_uk' # Symlink to [fusionforex.co.uk/info] '/home/r17elec/mail/.info@justlawns_org_uk' # Symlink to [justlawns.org.uk/info] '/home/r17elec/mail/.info@malfest_com' # Symlink to [malfest.com/info] '/home/r17elec/mail/.info@mjsportshorses_co_uk' # Symlink to [mjsportshorses.co.uk/info] '/home/r17elec/mail/.info@morvenbrowne_co_uk' # Symlink to [morvenbrowne.co.uk/info] '/home/r17elec/mail/.info@oakdens_com' # Symlink to [oakdens.com/info] '/home/r17elec/mail/.info@okelltech_com' # Symlink to [okelltech.com/info] '/home/r17elec/mail/.info@rebelimports_co_uk' # Symlink to [rebelimports.co.uk/info] '/home/r17elec/mail/.info@russell-roofing_co_uk' # Symlink to [russell-roofing.co.uk/info] '/home/r17elec/mail/.info@sandstonetrailcottages_com' # Symlink to [sandstonetrailcottages.com/info] '/home/r17elec/mail/.info@tableoakfurnitureland_co_uk' # Symlink to [tableoakfurnitureland.co.uk/info] '/home/r17elec/mail/.info@thegardenroommalpas_co_uk' # Symlink to [thegardenroommalpas.co.uk/info] '/home/r17elec/mail/.info@thegoodlifepork_co_uk' # Symlink to [thegoodlifepork.co.uk/info] '/home/r17elec/mail/.info@thekitchenfaceliftcompany_co_uk' # Symlink to [thekitchenfaceliftcompany.co.uk/info] '/home/r17elec/mail/.info@theyoudirectory_com' # Symlink to [theyoudirectory.com/info] '/home/r17elec/mail/.info@traditionalbeercompany_co_uk' # Symlink to [traditionalbeercompany.co.uk/info] '/home/r17elec/mail/.info@traditionalbeercompany_com' # Symlink to [traditionalbeercompany.com/info] '/home/r17elec/mail/.itunes@theyoudirectory_com' # Symlink to [theyoudirectory.com/itunes] '/home/r17elec/mail/.liz@traditionalbeercompany_co_uk' # Symlink to [traditionalbeercompany.co.uk/liz] '/home/r17elec/mail/.matthew@traditionalbeercompany_co_uk' # Symlink to [traditionalbeercompany.co.uk/matthew] '/home/r17elec/mail/.matty@tyresntubes_co_uk' # Symlink to [tyresntubes.co.uk/matty] '/home/r17elec/mail/.nick@traditionalbeercompany_co_uk' # Symlink to [traditionalbeercompany.co.uk/nick] '/home/r17elec/mail/.parcels@traditionalbeercompany_co_uk' # Symlink to [traditionalbeercompany.co.uk/parcels] '/home/r17elec/mail/.ray@sandstonetrailcottages_com' # Symlink to [sandstonetrailcottages.com/ray] '/home/r17elec/mail/.richard@traditionalbeercompany_co_uk' # Symlink to [traditionalbeercompany.co.uk/richard] '/home/r17elec/mail/.richard@traditionalbeercompany_com' # Symlink to [traditionalbeercompany.com/richard] '/home/r17elec/mail/.sales@electrocigarettes_co_uk' # Symlink to [electrocigarettes.co.uk/sales] '/home/r17elec/mail/.sales@specialchina_co_uk' # Symlink to [specialchina.co.uk/sales] '/home/r17elec/mail/.sales@traditionalbeercompany_co_uk' # Symlink to [traditionalbeercompany.co.uk/sales] '/home/r17elec/mail/.sales@traditionalbeercompany_com' # Symlink to [traditionalbeercompany.com/sales] '/home/r17elec/mail/.sally@thelowerrectory_co_uk' # Symlink to [thelowerrectory.co.uk/sally] '/home/r17elec/mail/.tessa@contactcapital_co_uk' # Symlink to [contactcapital.co.uk/tessa] '/home/r17elec/mail/bicycle-repairs.co.uk/info/new/1599728446.M774299P1978961.zeus4.easy-internet.co.uk,S=711817,W=721614' # ClamAV detected virus = [Xls.Dropper.Generic-9823786-0] '/home/r17elec/mail/bicycle-repairs.co.uk/info/new/1615824014.M667911P3916017.zeus4.easy-internet.co.uk,S=2032550,W=2058985' # ClamAV detected virus = [Win.Packed.Generickdz-9843460-0] '/home/r17elec/mail/bicycle-repairs.co.uk/info/new/1615918510.M546257P953446.zeus4.easy-internet.co.uk,S=1510252,W=1529998' # ClamAV detected virus = [Win.Packed.LokiBot-9843605-0] '/home/r17elec/mail/bicycle-repairs.co.uk/info/new/1616071768.M880035P2925562.zeus4.easy-internet.co.uk,S=1817009,W=1840746' # ClamAV detected virus = [Win.Packed.Pwsx-9845703-0] '/home/r17elec/mail/bicycle-repairs.co.uk/info/new/1616176004.M34209P69157.zeus4.easy-internet.co.uk,S=1420615,W=1439134' # ClamAV detected virus = [Win.Packed.Pwsx-9846518-0] '/home/r17elec/mail/bicycle-repairs.co.uk/info/new/1617254901.M710525P683454.zeus4.easy-internet.co.uk,S=631695,W=640018' # ClamAV detected virus = [Win.Packed.Generic-9865064-0] '/home/r17elec/mail/bicycle-repairs.co.uk/info/new/1618916163.M85238P4117652.zeus4.easy-internet.co.uk,S=975332,W=988081' # ClamAV detected virus = [Win.Packed.Generickdz-9857119-0] '/home/r17elec/mail/bicycle-repairs.co.uk/info/new/1618925727.M21497P71397.zeus4.easy-internet.co.uk,S=963889,W=976455' # ClamAV detected virus = [Win.Packed.Generickdz-9857119-0] '/home/r17elec/mail/bicycle-repairs.co.uk/info/new/1629229819.M541298P565016.cp18.uk.netnerd.com,S=3600446,W=3649803' # ClamAV detected virus = [Win.Malware.Agent-9886872-0] '/home/r17elec/mail/billhancock.co.uk/info/new' # Skipped - too many resources: 10041 ( > filemax=10000) '/home/r17elec/public_html/cgi-bin/cgiecho' # Linux Binary/Executable [application/x-executable] '/home/r17elec/public_html/cgi-bin/cgiemail' # Linux Binary/Executable [application/x-executable] '/home/r17elec/public_html/cgi-bin/entropybanner.cgi' # Linux Binary/Executable [application/x-sharedlib] '/home/r17elec/public_html/cgi-bin/randhtml.cgi' # Linux Binary/Executable [application/x-sharedlib] '/home/r17elec/public_html/news/configuration.php' # Symlink to [/home/r17elec/public_html/news/configuration.php] '/home/r17elec/public_html/news/wp-config.php' # Symlink to [/home/r17elec/public_html/news/wp-config.php] '/home/r17elec/public_html/store/wrap_agc.c' # Suspicious file type [application/x-c] '/home/r17elec/public_html/store/protected/wrap_mgr.c' # Suspicious file type [application/x-c] '/home/r17elec/public_html/www.morvenbrowne.co.uk' # Suspicious directory '/home/r17elec/public_html/www.specialchina.co.uk' # Suspicious directory ----------- SCAN SUMMARY ----------- Scanned directories: 32870 Scanned files: 287223 Ignored items: 1518 Suspicious matches: 114 Viruses found: 9 Fingerprint matches: 0 Data scanned: 21040.05 MB Scan peak memory: 375020 kB Scan time/item: 0.036 sec Scan time: 11428.197 sec