CMC (CMC InfoSec) False Positive & Blacklist Removal
By DrGlenn — USA-based WordPress security specialist· 290+ cleanups across 34 countries· Updated June 22, 2026
Is CMC (CMC InfoSec) flagging your website or file?
If CMC (CMC InfoSec) is flagging your site or a file — often as generic detections under the “CMC” engine (e.g. Trojan/Generic, Heur labels) — it is either a real infection or a false positive. Here is how to get it cleared.
Step 1 — Confirm it is really a false positive
Do not request removal while malware is still present, or the flag returns. Check first:
- Run my free Is My Site Hacked? checker.
- Cross-check on VirusTotal.
If anything turns up, get it fully cleaned first — deleting the visible malware is not enough if a backdoor remains.
Step 2 — Report the false positive to CMC (CMC InfoSec)
CMC (Vietnam) takes false positives by email. Submit here: PSIRT@cmccybersecurity.com (email)
- Re-scan on VirusTotal and note the exact “CMC” label and SHA-256.
- Email PSIRT@cmccybersecurity.com with the sample/URL, hash, detection name, and why it is clean.
- Attach the file (zipped, password “infected”) or a download link.
- Wait for the signature update and re-scan.
Good to know: CMC rebranded toward cmccybersecurity.com, so the old cmcinfosec.com address may bounce — use PSIRT@cmccybersecurity.com. CMC is a current VirusTotal engine.
Step 3 — If it keeps coming back
A detection that returns after you have been cleared almost always means the infection was never fully removed — usually a backdoor in a theme file, a rogue admin user, or malware in the database. That is exactly what I fix, as a USA-based WordPress security specialist who handles the cleanup and the delistings for you.
Get my site cleaned · See how it works · read my client reviews.
Frequently asked questions
How long does CMC (CMC InfoSec) take to clear a false positive? Once the site/file is genuinely clean and you have submitted the request, most are resolved within a few days.
It keeps coming back — why? Because the real infection is still there. A full cleanup stops the loop.
More removal guides: Bitdefender, Clean-MX, Acronis · all vendor guides · full report-link directory.