You might want to talk to your provider (assuming you stick with them) and explain what those files are -- likely whatever scanner the freaker was using detected "zip bomb" style activity (small file expanding to really huge file) and didn't understand the alert his software gave him. I'd also be interested to know what software product was being used and what the detection was -- I could possibly pressure a few people into at least changing the wording of the detection. If it was an actual malicious false positive, that could get fixed really quickly (so you won't be flagged up again next time).
I wish I could. I barely got a 'The Data center has null routed because of virus complaints originating from 188.8.131.52.
', followed by a 'In situations such as this, where a server has been compromised, we require the server to be reinstalled with a fresh OS installation. Please let us know how you would like to proceed
' message. And then their ticketing system went down. I don't know what to make of that. I had enjoyed their speedy service for a while, but now I wonder if they are simply no more. The backup of my blog was a week out of date, and as luck would have it I don't have the disk template files anymore. At least I wrote down what I did so I guess I can re-create them again.
Basically they didn't tell me specifically what is going on. Googling my old ip address + virus seems to tell me that because I kept an old copy of vncviewer.exe lying around (because it works great with Qemu/KVM), and compiled and provided executables for NetHACK for Windows NT MIPS & Windows CE i386, I am now 100% suspect.
I don't get it. Others chimed in on here
, but the long story short is that various unrepeatable faceless companies can now cry fowl, and get you not only unplugged, but deleted.
I don't know what is worse, fly by night "virus/security" companies like Symantec, trend and bkav or the knee jerk ISP's (like fragready) who won't listen to their customers, and delete all their stuff.