Just scanned white paper from site.If you unpack a theme or plugin and run it through site such as virus total. Will this register infected files? Thanks and make it great, Prx
i´m not shure but you can do a few steps to check it for yourself.
you must do this as root!
if you have some shell experience , you can use the following methods for identifying the malware.
1) Quick check for social*.png files ,
find /home -type f -iname "social*.png" -exec grep -E -o 'php.{0,80}' {} \; -print //replace "home" with your directory. eg. /var/www/public_html
if you see any files from the above result , then you must delete those files immediately,
2) Check all png file ,
find /home -type f -iname '*.png' -print0 | xargs -0 file | grep "PHP script" > /root/cryptoinfected.txt
Now check all the files listed in /root/cryptoinfected.txt and remove it
3) Check all other files,
You must need to check all other files too , because it is not only infected by png fines and jpeg files!
4) Use clamav or maldetect
Because of all the new info about 'cryptoPHP' lately, most antivirus apps should detect it with their latest updates.
My Norton detects it.
I'm sure if the creators give a d***, they will at least change the name of the social.png with the php script to something different and adapt the code.
(02-06-2015 10:18 PM)crixxu Wrote: [ -> ]i´m not shure but you can do a few steps to check it for yourself.
you must do this as root!
if you have some shell experience , you can use the following methods for identifying the malware.
1) Quick check for social*.png files ,
find /home -type f -iname "social*.png" -exec grep -E -o 'php.{0,80}' {} \; -print //replace "home" with your directory. eg. /var/www/public_html
if you see any files from the above result , then you must delete those files immediately,
2) Check all png file ,
find /home -type f -iname '*.png' -print0 | xargs -0 file | grep "PHP script" > /root/cryptoinfected.txt
Now check all the files listed in /root/cryptoinfected.txt and remove it
3) Check all other files,
You must need to check all other files too , because it is not only infected by png fines and jpeg files!
4) Use clamav or maldetect
Great share, reps for you :-)
@tlandn that´s very kind of you! thanks a lot!