My client just recieved the following email text by his host. They have shut his site down. I have downloaded the webscan ref. and it states 344 infected files (if I'm reading it correctly). We have defender installed on the site.
I have created a FTP account for support, but as this is public did not want to place it here.
(EMAIL CONTENT BELOW)
We have discovered malware present in your account and some malicious scripts that found to be sending Spam emails.
In order to prevent further abuse/spam, we have suspended your account.
Malware report for your account can be found at /stats/websitescan.txt
If you don’t feel comfortable removing the infected files yourself, we recommend contacting a third party professional who can assist with removing malware, such as SiteLock.
If you choose to clean the infected files on your own, we have a few recommendations below to get you started.
– Check your account for any additional, unfamiliar files and remove them.
– Update all applications/scripts (WordPress, Joomla! etc.) and their plugins, modules, themes to its latest/stable/secure versions.
– Change your account/FTP and your application's admin passwords.
– Ensure all computers used for accessing your accounts are frequently scanned for viruses, spyware and malware.
– Uninstall/remove any plugin, module, or theme files that you are not using. Even if they are disabled, the script resides on your account and they can still be exploited if there is a vulnerability.
Please note that your site will need to be completely updated and hardened against further attacks. Repeated compromises may result in permanent suspension of your account. It is in the best interest of our customers that we take security very seriously.
Thank you for understanding our firm stance on this matter.