Got this email from Godaday and was wondering if this is something that I need to address or not.
We recently completed a routine security checkup of our servers and platforms. Our scans flagged your mydomain name hosting accounts as containing possible malware.
Please sign in to your hosting account and review the following content and remove or fix the files listed below:
You should never see a php file in the js directory. That indicates an infection. But before you delete it, scan your entire site (including images) to find where the file is referenced and make the appropriate adjustments. Many of the other files seem to be old files that are not used but seem to have made it into the distributions or you have developers who have modified the files and kept the old ones on the site as backup. I would think the README is a false positive.
At one time we had wordpress installed on the same server and it got infected. We removed it a couple of years ago. Some of these file dates are from 2013 to 2015. I just deleted them all except
Our EZ Admin Helper has a scanner for known cs-cart specific intrusions. It provides lots of other features too (see the Attachment tab for docs) or go here.