How to scan for malware with ImunifyAV in cPanel

ImunifyAV helps you review suspicious files inside your hosting account when your provider makes it available in cPanel. Use it if your site shows security warnings, if you received a notice about infected files, or if you want to review a folder before restoring content.

The tool can show detections and, depending on the server license, cleanup or quarantine options. Before deleting files, confirm the path, keep a site copy, and check whether the file belongs to your CMS, store, or course platform so you can reinstall it without losing data.

Before you start

• Have access to cPanel for the account where the affected site is hosted.
• Confirm which domain or folder you want to review, usually public_html or a subdomain folder.
• Create a recent backup if you are going to clean, replace, or delete files.
• If the site handles payments, forms, or sensitive information, pause manual changes and ask for help before deleting files.

Open ImunifyAV in cPanel

1. Log in to cPanel from your client area or through your secure hosting URL.
2. Find the Security section.
3. Open ImunifyAV if it appears in your account.
4. Review the initial summary to see whether there are recent scans, detected files, or clean status.

Note: if you do not see ImunifyAV, your plan may use another security tool or the provider may manage scanning. In that case, open a ticket with the domain and the alert message you received.

Review detected files

1. In the ImunifyAV view, open the detections list or marked files list.
2. Read the full path of each file before taking action.
3. Prioritize files inside public folders such as public_html, plugins, themes, or recent uploads.
4. Write down the file name, date, and detection type shown by the tool.
5. If the same pattern appears in many files, avoid bulk deletion until you confirm that you have a backup.

Decide whether to clean, replace, or ask support

1. If ImunifyAV offers a cleanup or quarantine option, review which file it will touch before confirming.
2. If the file belongs to a plugin, theme, or CMS core, consider replacing it from an official source instead of editing it by hand.
3. If the file is an image, a user-uploaded file, or a file you do not recognize, download it only if you need to review it and do not run it on your computer.
4. If the detection affects configuration files such as wp-config.php, .htaccess, or files inside administrator, wp-admin, or vendor, ask for help before deleting them.

Verify the site after cleanup

• ImunifyAV no longer shows new detections for the same paths.
• The site opens in a private window without new browser warnings.
• The CMS dashboard loads and lets you update plugins, themes, or extensions.
• The file you cleaned or replaced has a recent date and does not reappear with strange content.

Common errors

• You deleted a CMS file and the site shows error 500: restore the backup or reinstall the plugin, theme, or core from an official source.
• The detection returns after cleaning: there may be a backdoor, vulnerable plugin, or compromised password left; change access credentials and request a review.
• ImunifyAV does not appear in cPanel: your account may use another scanner or an internal process; contact support with the domain and affected path.

When to ask for help

Ask for help if the alert affects many files, if the site is on browser blocklists, if you do not have a clean backup, or if the tool does not allow cleanup from cPanel. Share the domain, marked paths, approximate scan time, and any exact message you saw on screen.

Recommended reading

• How to clean malware from a website that appears suspicious in the browser
• How to restore backups with the Backup Wizard in cPanel
• How to use File Manager in cPanel