In case the malware scanner has flagged files as critical, you can proceed about it in the following ways:
- Download the file from your webserver to a local computer, as a backup. This is advised because in some rare cases, malware works in such a way that deleting it could cause some issues with the website’s functionality. In such situations, you can just re-upload the file you have downloaded as a backup.
- You can use the View File button to view the code and check the malicious code present in the file. In some cases, the entire file could be malware and in others, the malicious code would be inserted into an existing file. If you are really sure that the entire file is malicious, you can go ahead and remove the file by clicking the Delete this File button, as shown in the image below.
In cases where the malicious code has been inserted into an existing file, please edit the file via the site’s cPanel or over FTP/SSH connection and remove just the malicious text. Please note that not all obfuscated code is malicious. Developers are known to sometimes obfuscate legit code.
In case the malware scanner has flagged files as high or medium, these are core-file changes that occur due to changes in spacings or copyrights after an update. As such, these can be ignored. You can also use the View File Difference button to compare the contents of the flagged file with the original file from the respective CMS repository.
As for alerts regarding any sensitive files (ZIP, SQL, etc.) found on the server, please make sure that these files are not accessible directly to the general public via URL. It is recommended to download them to a local computer and remove them from the server.
In case you need further help removing the malware, depending on the malware cleanup option available in your subscription, you can always reach out to us.