Just completed a scan as the site is churning out 100′s of spam emails and the scan found lots of infected files and back doors which is great, however the emails continued to flow so by using the php mail log I tracked down the file they where using
https://www.dropbox.com/s/djd6k40z52f32e6/start74.php?dl=0
Thought I would send you a copy to see why the scan did not pick it up
Reagrds
Rob
Thanks for posting that code! I just added that new variant to my definition updates so it can now be automatically fiexd using my plugin.
I have found some more
https://www.dropbox.com/s/e2gkvggve6y9qyz/tempfs.php?dl=0
finds file but can’t clean, I have moved the file out of the sites folder and job done but thought you might like to see it just in case
https://www.dropbox.com/s/c5jo176rprfzepr/header.php?dl=0
Theme breaks when cleaned
Rob
Thanks for sending these to me! I have fixed the definition that found that threat in your theme header so that it no longer breaks the syntax of that file when it fixes it (it was accidentally removing too much code).
I am working on that other threat now to see why it does not clean it…
Did you manage to find the reason it would not clean the file
Rob
No, Actually that threat is already in my definitions but I think it’s not finding it on your server because of a memory_limit setting in your php.ini file, because that file is very large.
Its finding the file ok, just won’t clean it, memoery limit is set to 256m is that too low ?
256m is a lot but maybe it needs 512m for this file, it is a really large file. Also, maybe there is some other reason it’s not cleaning it, like file permissions or process timeout. Is there an error message of any kind when it fails?