Everything can do it :p

Blog

Remove Crypto PHP

Posted by in cms on

Terkadang kesal jika website kita ada penyusup yg menggunakan CryptoPHP, yang berarti Spam ini akan menyelinapkan script php ke dalam script site kita.
isinya dengan redirect url ke site-site dan nantinya IP server kita akan terkena blacklist, karena di anggap melakukan flooding http.

Berikut langkah untuk pengecakan dan pencegahan cryptoPHP.

If you have some shell experience , please use the following methods for identifying the malware

1) Quick check for social*.png files ,
find /home/ -type f -iname “social*.png” -exec grep -E -o ‘php.{0,80}’ {} \; -print

if you see any files from the above result , then you must delete those files immediately,

2)Check all png file ,
find /home -type f -iname ‘*.png’ -print0 | xargs -0 file | grep “PHP script” > /root/cryptoinfected.txt

Now check all the files listed in /root/cryptoinfected.txt and remove it

3) Check all other files,
You must need to check all other files too , because it is not only infected by png fines and jpeg files,

4) Use clamav or maldetect
You may please update your clamav database and maldetect database . After that run a scan , this will detect the mallware
freshclam
maldetect -U

One thought on “ Remove Crypto PHP

  • Mr WordPress says:

    Hi, this is a comment.
    To delete a comment, just log in and view the post's comments. There you will have the option to edit or delete them.

Comments are closed.

Tweets