Im having problems all of a sudden
see report provided by my hosting providor
What do I need to do to fix these
-------- Original Message --------
Subject: cxs Scan on trinity.hostdnx.com (Hits:1) (Viruses:1) (Fingerprints:0)
Date: Tue, 2 Feb 2016 16:15:12 +0800
From: root@trinity.hostdnx.com
To: root@trinity.hostdnx.com
Scanning web upload script file...
Time : Tue, 2 Feb 2016 16:15:12 +0800
Web referer URL :
Local IP : 169.45.177.139
Web upload script user : nobody (99)
Web upload script owner: churchin (503)
Web upload script path : /home/churchin/public_html/Hope-to-the-Nations/wp-admin/admin-ajax.php
Web upload script URL : http://churchinperth.com/Hope-to-the-Nations/wp-admin/admin-ajax.php
Remote IP : 138.122.92.23
Upload data md5sum : fb9f73471df3cd6d6cd3413bc207bbc6
Deleted : No
Quarantined : Yes [/home/quarantine/cxscgi/20160202-161512-VrBlkKktsYsAAG0lP8gAAAAG-file-3nPHSh.1454400912_1]
----------- SCAN REPORT -----------
TimeStamp: Tue, 2 Feb 2016 16:15:12 +0800
(/usr/sbin/cxs --nobayes --cgi --clamdsock /tmp/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --html --ignore /etc/cxs/cxs.ignore --mail root --options mMOLfSGchexdnwZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan /tmp/20160202-161512-VrBlkKktsYsAAG0lP8gAAAAG-file-3nPHSh)
'/tmp/20160202-161512-VrBlkKktsYsAAG0lP8gAAAAG-file-3nPHSh'
ClamAV detected virus = [PHP.Hide-2]
---------- Forwarded message ----------
From: Brad Hinchliffe <admin@netdnx.com>
To: Gary Green 4cm <gary@4cmwebdesign.com>
Cc:
Date: Tue, 02 Feb 2016 19:15:22 +0800
Subject: Fwd: cxs Scan on trinity.hostdnx.com (Hits:1) (Viruses:1) (Fingerprints:0)
-------- Original Message --------
Subject: cxs Scan on trinity.hostdnx.com (Hits:1) (Viruses:1) (Fingerprints:0)
Date: Tue, 2 Feb 2016 04:00:22 +0800
From: root@trinity.hostdnx.com
To: root@trinity.hostdnx.com
Scanning web upload script file...
Time : Tue, 2 Feb 2016 04:00:22 +0800
Web referer URL :
Local IP : 169.45.177.139
Web upload script user : nobody (99)
Web upload script owner: fourcmn (525)
Web upload script path : /home/fourcmn/public_html/4cminews.com/wp-admin/admin-ajax.php
Web upload script URL : http://4cminews.com/wp-admin/admin-ajax.php
Remote IP : 46.118.155.216
Upload data md5sum : b46add7d8e35aabf0544f0c0799ceb15
Deleted : No
Quarantined : Yes [/home/quarantine/cxscgi/20160202-040020-Vq@5VKktsYsAACbthWQAAAAE-file-jwt9Cz.1454356822_1]
----------- SCAN REPORT -----------
TimeStamp: Tue, 2 Feb 2016 04:00:22 +0800
(/usr/sbin/cxs --nobayes --cgi --clamdsock /tmp/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --html --ignore /etc/cxs/cxs.ignore --mail root --options mMOLfSGchexdnwZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan /tmp/20160202-040020-Vq@5VKktsYsAACbthWQAAAAE-file-jwt9Cz)
'/tmp/20160202-040020-Vq@5VKktsYsAACbthWQAAAAE-file-jwt9Cz'
ClamAV detected virus = [PHP.Exploit.C99]
---------- Forwarded message ----------
From: Brad Hinchliffe <admin@netdnx.com>
To: Gary Green 4cm <gary@4cmwebdesign.com>
Cc:
Date: Tue, 02 Feb 2016 19:15:46 +0800
Subject: Fwd: cxs Scan on trinity.hostdnx.com (Hits:1) (Viruses:0) (Fingerprints:0)
-------- Original Message --------
Subject: cxs Scan on trinity.hostdnx.com (Hits:1) (Viruses:0) (Fingerprints:0)
Date: Tue, 2 Feb 2016 00:00:31 +0800
From: root@trinity.hostdnx.com
To: root@trinity.hostdnx.com
----------- SCAN REPORT -----------
TimeStamp: Tue, 2 Feb 2016 00:00:02 +0800
(/usr/sbin/cxs --allusers --nobayes --clamdsock /tmp/clamd --ctime 25 --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --html --ignore /etc/cxs/cxs.ignore --mail root --options OLfmMChexdDZRP --qoptions Mv --quiet --report /root/scandaily.log --sizemax 500000 --ssl --nosummary --sversionscan --timemax 30 --virusscan --voptions fmMhexT --www)
(20) fourcmn, Scanning /home/fourcmn/public_html:
'/home/fourcmn/public_html/fourcm.com/wp-content/uploads/2014'
Skipped - too many resources: 12716 ( > filemax=10000)
---------- Forwarded message ----------
From: Brad Hinchliffe <admin@netdnx.com>
To: Gary Green 4cm <gary@4cmwebdesign.com>
Cc:
Date: Tue, 02 Feb 2016 19:16:10 +0800
Subject: Fwd: cxs Scan on trinity.hostdnx.com (Hits:2) (Viruses:0) (Fingerprints:1)
-------- Original Message --------
Subject: cxs Scan on trinity.hostdnx.com (Hits:2) (Viruses:0) (Fingerprints:1)
Date: Mon, 1 Feb 2016 20:20:01 +0800
From: root@trinity.hostdnx.com
To: root@trinity.hostdnx.com
Scanning web upload script file...
Time : Mon, 1 Feb 2016 20:20:01 +0800
Web referer URL :
Local IP : 169.45.177.139
Web upload script user : nobody (99)
Web upload script owner: fourcmn (525)
Web upload script path : /home/fourcmn/public_html/4cminews.com/wp-admin/admin-ajax.php
Web upload script URL : http://4cminews.com/wp-admin/admin-ajax.php
Remote IP : 94.41.53.210
Upload data md5sum : a1aee5a38d6ebe26d4ffa247fe34d062
Deleted : No
Quarantined : Yes [/home/quarantine/cxscgi/20160201-202000-Vq9NcKktsYsAAFxv7-0AAAAD-file-nJcO89.1454329201_1]
----------- SCAN REPORT -----------
TimeStamp: Mon, 1 Feb 2016 20:20:01 +0800
(/usr/sbin/cxs --nobayes --cgi --clamdsock /tmp/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --html --ignore /etc/cxs/cxs.ignore --mail root --options mMOLfSGchexdnwZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan /tmp/20160201-202000-Vq9NcKktsYsAAFxv7-0AAAAD-file-nJcO89)
'/tmp/20160201-202000-Vq9NcKktsYsAAFxv7-0AAAAD-file-nJcO89'
(compressed file: revslider/MHC.php [depth: 1]) Regular expression match = [decode regex: 1]
(compressed file: revslider/MHC.php [depth: 1]) (decoded file [depth: 1]) Known exploit = [Fingerprint Match] [Shell Exploit [P0310]]
---------- Forwarded message ----------
From: Brad Hinchliffe <admin@netdnx.com>
To: Gary Green 4cm <gary@4cmwebdesign.com>
Cc:
Date: Tue, 02 Feb 2016 19:16:33 +0800
Subject: Fwd: cxs Scan on trinity.hostdnx.com (Hits:1) (Viruses:1) (Fingerprints:0)
-------- Original Message --------
Subject: cxs Scan on trinity.hostdnx.com (Hits:1) (Viruses:1) (Fingerprints:0)
Date: Mon, 1 Feb 2016 13:57:51 +0800
From: root@trinity.hostdnx.com
To: root@trinity.hostdnx.com
Scanning web upload script file...
Time : Mon, 1 Feb 2016 13:57:51 +0800
Web referer URL :
Local IP : 169.45.177.139
Web upload script user : nobody (99)
Web upload script owner: fourcmn (525)
Web upload script path : /home/fourcmn/public_html/4cminews.com/wp-admin/admin-ajax.php
Web upload script URL : http://4cminews.com/wp-admin/admin-ajax.php
Remote IP : 85.128.142.34
Upload data md5sum : 0ef4411264c63458a0e7c1d06e10cce1
Deleted : No
Quarantined : Yes [/home/quarantine/cxscgi/20160201-135751-Vq7z36ktsYsAAC-60ScAAAAH-file-GjaesE.1454306271_1]
----------- SCAN REPORT -----------
TimeStamp: Mon, 1 Feb 2016 13:57:51 +0800
(/usr/sbin/cxs --nobayes --cgi --clamdsock /tmp/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --html --ignore /etc/cxs/cxs.ignore --mail root --options mMOLfSGchexdnwZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan /tmp/20160201-135751-Vq7z36ktsYsAAC-60ScAAAAH-file-GjaesE)
'/tmp/20160201-135751-Vq7z36ktsYsAAC-60ScAAAAH-file-GjaesE'
ClamAV detected virus = [PHP.Hide-2]
---------- Forwarded message ----------
From: Brad Hinchliffe <admin@netdnx.com>
To: gary Green 4cm <gary@4cmwebdesign.com>
Cc:
Date: Tue, 02 Feb 2016 19:17:00 +0800
Subject: Fwd: cxs Scan on trinity.hostdnx.com (Hits:3) (Viruses:0) (Fingerprints:2)
-------- Original Message --------
Subject: cxs Scan on trinity.hostdnx.com (Hits:3) (Viruses:0) (Fingerprints:2)
Date: Mon, 1 Feb 2016 08:33:40 +0800
From: root@trinity.hostdnx.com
To: root@trinity.hostdnx.com
Scanning web upload script file...
Time : Mon, 1 Feb 2016 08:33:40 +0800
Web referer URL :
Local IP : 169.45.177.139
Web upload script user : nobody (99)
Web upload script owner: ()
Web upload script path : /home/fourcmn/public_html/4cminews.com/
Web upload script URL : http://4cminews.com/?page_id=11900/wp-admin/admin-ajax.php
Remote IP : 178.250.29.50
Upload data md5sum : b1b3d1637a3481cd56b1e1be3e12c6a7
Deleted : No
Quarantined : Yes [/home/quarantine/cxscgi/20160201-083340-Vq6n5KktsYsAAC7ka1cAAAAK-file-SsP8Jw.1454286820_1]
----------- SCAN REPORT -----------
TimeStamp: Mon, 1 Feb 2016 08:33:40 +0800
(/usr/sbin/cxs --nobayes --cgi --clamdsock /tmp/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --html --ignore /etc/cxs/cxs.ignore --mail root --options mMOLfSGchexdnwZDRu --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --virusscan /tmp/20160201-083340-Vq6n5KktsYsAAC7ka1cAAAAK-file-SsP8Jw)
'/tmp/20160201-083340-Vq6n5KktsYsAAC7ka1cAAAAK-file-SsP8Jw'
(compressed file: revslider/mil.php [depth: 1]) Regular expression match = [decode regex: 1]
(compressed file: revslider/mil.php [depth: 1]) (decoded file [depth: 1]) Known exploit = [Fingerprint Match] [PHP Injection Exploit [P0366]]
(compressed file: revslider/pbot.php [depth: 1]) Known exploit = [Fingerprint Match] [PHP Exploit [P0174]]