Virus warning from hosting, coppermine file quarantined

[Delia_35]

I just moved my website to a new host and during the move they said they found a malicious file (/include/inc.php) in coppermine and quarantined it. Has anyone else had this problem? Any idea how I can fix it?

[Delia_35]

I can't figure out how to edit posts, but I forgot to say that I'm currently running the newest release (just upgraded a few days ago).

[phill104]

Can we have a link to your install. Does it all work OK? Are you sure that is the complete filename as that is not a normal filename from the package.

[Delia_35]

Here's my install:
http://www.scarlettsweb.net/photogallery

Seems to be working ok. That was the file name in the email I got. Here's the full thing:
  'ClamAV detected virus = [{HEX}php.cmdshell.Macker.297.UNOFFICIAL]':    /home/heatrvyf/public_html/scarlettsweb.net/backup-11.24.2015_02-21-04_scarlett/homedir/public_html/photogallery/include/inc.php

[Αndré]

photogallery/include/inc.php

That's no Coppermine file, so it's fine that they removed it.

[Delia_35]

Ok, thank you! Very strange my old host didn't detect it. But I guess I should be grateful that my new one did.

[gmc]

Delia,
Please check your site for other occurrences of that file and remove...

The message seems to indicate they found it in a 'backup' directory:
'ClamAV detected virus = [{HEX}php.cmdshell.Macker.297.UNOFFICIAL]':    /home/heatrvyf/public_html/scarlettsweb.net/backup-11.24.2015_02-21-04_scarlett/homedir/public_html/photogallery/include/inc.php

You want to be sure it doesn't also exist in the 'live' directories..
You indicated a recent upgrade to CPG - be sure any other software you use is updated as well - to insure you have no known security exposures.