Have Securi scanner results. Now how to delete 240 infected files?
Hello,
Maybe, this question belongs not to this forum.
I have scanned website with Securi scanner ant it gave results in txt file like this, 240 infected files:
How would you delete these long list of files in different directories? I can delete them manually, but maybe you can tell me a better solution. Thanks
/home1/aquariu9/public_html/horaactual/dfksil11.php: SL-PHP-BACKDOOR-GENERIC-aws.UNOFFICIAL FOUND
/home1/aquariu9/public_html/horaactual/lt8xzlvc.php: SL-PHP-BACKDOOR-GENERIC-aws.UNOFFICIAL FOUND
/home1/aquariu9/public_html/caricaturesse/agozt9vh.php: SL-PHP-BACKDOOR-GENERIC-aws.UNOFFICIAL FOUND
/home1/aquariu9/public_html/mouselaptop/wp-content/themes/Events/timthumb.php.BACKUP: EIG.PHP.TimThumb-115.UNOFFICIAL FOUND
............How would you delete these long list of files in different directories? I can delete them manually, but maybe you can tell me a better solution. Thanks
-
Hey there! If I had a long list of files with output like that, I would likely place it in a text file and then use a "for" loop to work through them and delete them in as automated a way as possible. You may need some extra programming when pulling the file name list to remove the ":" at the end of each file, but I would expect that to work well. We have a guide on creating a simple command to do this work here: 0 -
Thanks for the answer. I will look into that. I'm new to malware curing and found just now, that I can't just delete all these files, because, some of them are required for sites, but are injected with malicious php code. I will need to open all of them and search for suspicious php code and delete it. A long night waiting :) 0 -
That's another thing to consider for sure. If some of those files are not just randomly-generated names, but are actual files on the site, you'll need to manually open them and see where the code is injected and remove that. It might be a good idea to work with a security professional to see if you can track down the reason why this happened in the first place so you could prevent this in the future. 0 -
Yes it may be helpful to consult with a security professional. At this moment I see old Woocommerce v3.9.3, and site is http (not secure). Perhaps that's the first things to fix and also to change passwords for database and WordPress. 0 -
I would definitely recommend changing any passwords associated with those sites, both for cPanel and for Wordpress itself. While it may not be entirely necessary, I'd rather do it and know those were changed and not have to worry about that. 0 -
Thanks for your support! 0 -
You're very welcome!! 0
Please sign in to leave a comment.
Comments
7 comments