BPS virus scan false positive¿?

[AbZu2]

My admin page failed to load and displayed the error:
<h4>Not Found</h4>
The requested URL was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Contacted my host provider BlueHost. They did a virus scan. I was informed that I should delete all the files in the scanreport.txt from the file manager.

/home3/abzutwoc/#public_html/wp-content/bps-backup/autorestore/root-files/500.php: SL-PHP-EVAL_REQUEST-axof.UNOFFICIAL FOUND
/home3/abzutwoc/#public_html/wp-content/bps-backup/quarantine/root-files/wp-links.php: SL-PHP-EVAL_REQUEST-avzd.UNOFFICIAL FOUND
/home3/abzutwoc/#public_html/500.php: SL-PHP-EVAL_REQUEST-axof.UNOFFICIAL FOUND
/home3/abzutwoc/public_html1/wp-content/plugins/bulletproof-security/admin/wizard/swizard-functions.php: SL-PHP-FILEHACKER-md5-amte.UNOFFICIAL FOUND
/home3/abzutwoc/public_html1/wp-content/bps-backup/autorestore/root-files/500.php: SL-PHP-EVAL_REQUEST-axof.UNOFFICIAL FOUND
/home3/abzutwoc/public_html/wp-content/bps-backup/autorestore/root-files/500.php: SL-PHP-EVAL_REQUEST-axof.UNOFFICIAL FOUND

Deleted the following files but not those listed above because they mention bps. Deleting the files below did not fix my problem  with my admin page loading. Before following through with the recommendation by BlueHost to eliminate the above files, I thought it best to check with this forum.

> /home3/abzutwoc/public_html1/old/500.php: SL-PHP-EVAL_REQUEST-axof.UNOFFICIAL FOUND
> /home3/abzutwoc/public_html/wp-content/plugins/gomugomu/tr.php: SL-PHP-UPLOADER-1-in.UNOFFICIAL FOUND
> /home3/abzutwoc/public_html/wp-content/plugins/gomugomu/td.php: SL-PHP-FILEMANAGER-an.UNOFFICIAL FOUND
> /home3/abzutwoc/public_html/wp-content/plugins/gomugomu/404.php: SL-PHP-UPLOADER-1-tc.UNOFFICIAL FOUND
> /home3/abzutwoc/public_html/wp-content/plugins/gomugomu/th.php: SL-PHP-SHELL-md5-crxz.UNOFFICIAL FOUND
> /home3/abzutwoc/public_html/old/500.php: SL-PHP-EVAL_REQUEST-axof.UNOFFICIAL FOUND

I never installed a plugin called gomugomu

[AITpro Admin]

Contact me directly via email:  info @ ait-pro dot com.  Lately there have been a lot of AnonymousFox hacks going on.  BPS Pro does protect against AnonymousFox hacks from being successful, but AnonymousFox hacks tend to break the website due to way they attack both your web host control panel/server and your website.

[AITpro Admin]

The problem with your website displaying a 404 error was due to BlueHost changing the php handler htaccess code for PHP 7.4.  I have saved your new BlueHost php handler htaccess code in BPS Custom Code.

This current hack was blocked by BPS Pro AutoRestore|Quarantine and the Plugin Firewall.  Your site was attacked by AnonymousFox on 2020-12-10 (2 years ago) and BPS Pro AutoRestore|Quarantine successfully stopped that hack.  I have deleted the old AnonymousFox hacker files that were in Quarantine from 2 years ago.  I deleted the hidden hacker plugin:  gomugomu, which was rendered useless/inaccessible by the BPS Pro Plugin Firewall. The old hacker files that were in autorestore backup have been deleted.

I did not find anything else that is malicious or suspicious under your hosting account.

Note:  I changed your PHP server version, which kills all system processes in case there was a malicious process.  You are still using PHP 7.4.

[AbZu2]

What a great plugin and great service. Thank you very much. Very much appreciated.

[Author]

Posts