Showing results for 
Show  only  | Search instead for 
Did you mean: 

GoDaddy thinks I have malware, scans say I do not.

I've received both an email and a phone call from GoDaddy saying "scans flagged your hosting accounts as containing possible malware." My site is a simple 5-pager created using Sandvox (on a Mac, obviously). Scanning the site using both "" and the Mac "Malwarebytes" app returns a clean bill of health - no malware detected. (also no blacklisting, no injected spam, no defacements).


I'm a running the latest version of Sandvox and have never tinkered with the template I've chosen (named Blueprint), other than to add either text, photos, or links. GoDaddy seems to think the following files are the problem:

rex.multi_vars.004 - html/.hcc.thumbs/.hcc.email_noversion.php

htaccess.spam-seo.redirect.006 - html/.htaccess

rex.multi_vars.004 - html/cinmwkdd.php

php.spam-seo.doorway-gen.043 - html/krissy-bitterness.php

rex.multi_vars.004 - html/php_uploads/4bc3cbf4_noversion.php

rex.multi_vars.004 - html/sandvox_Blueprint_modern/images/ie6/note-center_bck_old.php

rex.multi_vars.004 - html/sandvox_Blueprint_modern/images/note-center_backup.php

rex.multi_vars.004 - html/sandvox_Blueprint_modern/License_noversion.php

rex.multi_vars.004 - html/sandvox_Blueprint_modern/modern/h2-annotation-bg_indesit.php

rex.multi_vars.004 - html/tour_dates_infoold.php

rex.multi_vars.004 - html/_Media/mcolavolpe_resume_2015-2_med_hr_ver1.php

rex.multi_vars.004 - html/_Resources/jquery-1.9.1.min_prevv1.php


So I'm confused as to what I'm supposed to now since there doesn't appear to be anything wrong. 

Thanks in advance!




Do those files exist in the content sandvox uploads?


If all your content is available locally it'd probably be pretty easy to delete everything and upload a known good copy of your site. Even if you're not using php you should probably make sure your hosting is set to the newest version it supports as well.

Thanks for your response. I did some more research based on your reply and I think I narrowed it down to a fairly common .htaccess hack. There's one file in the list i cannot delete, however, since it's read-only. Hopefully it's not part of the problem.