Not sure how this happened - I was running a BD deep system scan and within that time frame a '2025 - name of my website - backup file' downloaded as zip on my laptop. I do not have any website backups on my laptop nor did I download it.
Inside were old infected emails 2020-2023 sent to a non-existent bluehost email I never owned, with a bluehost server number which is not my server. My site is clean. Called bluehost and verified again via scan it is clean, that is not my server number, I have no email on my site with them. The emails were going to a non-existent 'account' on bluehost so my only assumption is something somewhere kicked in last night (what?) to download an enticing enough looking labeled current-to-the-date-and-year backup file of my site - but with old infected emails starting from 2020. I don't understand the coincidence that the zip file would appear while running the system scan, in downloads, as if I had just downloaded it., labeled the way it was. Would BD somehow 'download' a file labeled as 'backup' for my website, taking the info from the infected emails (which I had no way to receive and never received) or is this something I clicked on while shopping at a reputable online retailer earlier in the evening signing up and successfully making an order which went throuhg no problems legit? I am admittedly a Luddite but this is very strange to me 🤪. I don't click links or go to sketch areas, even 'trusted' emails I frequently send off to spoof, am so cautious but this has me STUMPED! Laptop acting fine, clean, no other issues besides that zip file being downloaded same time as the BD deep scan and being flagged by BD. Anyone?
Some of the infections were:
XF:AShadow.1630
Trojan.HTML.phishing.CAZ
Various TrojanGenericKD's
XML.Formulas.Abracadabra.10.Gen
