สวัสดี บุคคลทั่วไป

ติดตั้ง ClamAV ใน Directadmin และเพิ่ม rule พิเศษสำหรับค้าหา PHP Backdoor

  • 3 ตอบ
  • 1642 อ่าน

0 สมาชิก และ 1 บุคคลทั่วไป กำลังดูหัวข้อนี้

ClamAV เป็น Software ป้องกันไวรัสที่ได้รับความนิยมสูงในผู้ใช้งาน Linux และในเนื้อหาวันนี้จะแนะนำการ Install ใน Directadmin และเพิ่ม rule พิเศษสำหรับการค้นหา  PHP Backdoor / Malware

 

ติดตั้ง ClamAV บน Directadmin

cd /usr/local/directadmin/custombuild
./build update
./build set clamav yes
./build clamav
เพิ่ม Rules จาก rfxn สำหรับค้นหา PHP Shell / Backdoor โดยแก้ไขไฟล์  /etc/freshclam.conf  และเพิ่มคำสั่งด้านล่างเข้าไป

DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.ndb
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.hdb
 

สั่ง Update rule

freshclam
 

ทดสอบ Scan Virus/Malware

 clamscan -ri --move=/tmp/virus /home
ความหมายคือให้ scan Virus ทุกไฟล์ใน /home โดยถ้าเจอจะนำไปเก็บไว้ที่ /tmp/virus

 



 

ผมได้ทดสอบนำ malware / backdoor ต่างๆมาทดสอบแล้วได้ผลและค้าหาเจอมากกว่า 90%  และเจอในส่วนของ false positive บ้าง ในบทความต่อๆไปจะม่พูดเรื่องการ custom rule ของ ClamAV เพื่อลด false positive อีกครั้ง

 

แหล่งที่มา : https://d.thaihosttalk.com/t/clamav-anti-malwere-php/40398

Re: ติดตั้ง ClamAV ใน Directadmin และเพิ่ม rule พิเศษสำหรับค้าหา PHP Backdoor
« ตอบกลับ #1 เมื่อ: กุมภาพันธ์ 16, 2020, 11:27:36 AM »
/home/vouchercar/imap/vouchercar.com/sales/Maildir/new/1581669970.H208694P27899.ns1.thaidreamhost.com: Win.Malware.Generic-7586959-0 FOUND
/home/vouchercar/imap/vouchercar.com/sales/Maildir/new/1581669970.H208694P27899.ns1.thaidreamhost.com: moved to '/tmp/virus/1581669970.H208694P27899.ns1.thaidreamhost.com'
/home/vouchercar/domains/vouchercar.com/private_html/images/category/category45.php: {HEX}Malware.Expert.generic.uploader.78.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/private_html/images/category/category45.php: moved to '/tmp/virus/category45.php'
/home/vouchercar/domains/vouchercar.com/private_html/mobile/leaf.php: {HEX}php.malware.fopo.547.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/private_html/mobile/leaf.php: moved to '/tmp/virus/leaf.php'
/home/vouchercar/domains/vouchercar.com/public_html/https/images/category/category45.php: {HEX}Malware.Expert.generic.uploader.78.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/https/images/category/category45.php: moved to '/tmp/virus/category45.php.001'
/home/vouchercar/domains/vouchercar.com/public_html/https/mobile/leaf.php: {HEX}php.malware.fopo.547.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/https/mobile/leaf.php: moved to '/tmp/virus/leaf.php.001'
/home/vouchercar/domains/vouchercar.com/public_html/wp-logout.php: {HEX}Malware.Expert.generic.malware.144.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/wp-logout.php: moved to '/tmp/virus/wp-logout.php'
/home/vouchercar/domains/vouchercar.com/public_html/images/upload/upload150.php: {HEX}Malware.Expert.mr.dellationx196.bogor.blackhat.1.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/images/upload/upload150.php: moved to '/tmp/virus/upload150.php'
/home/vouchercar/domains/vouchercar.com/public_html/images/upload/wso.php: {HEX}php.shell.black-id.700.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/images/upload/wso.php: moved to '/tmp/virus/wso.php'
/home/vouchercar/domains/vouchercar.com/public_html/images/category/category45.php: {HEX}Malware.Expert.generic.uploader.78.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/images/category/category45.php: moved to '/tmp/virus/category45.php.002'
/home/vouchercar/domains/vouchercar.com/public_html/mobile/leaf.php: {HEX}php.malware.fopo.547.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/mobile/leaf.php: moved to '/tmp/virus/leaf.php.002'
/home/vouchercar/domains/vouchercar.com/public_html/redomain/model/admin.productsetting.php: {HEX}Malware.Expert.generic.eval.21.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/redomain/model/admin.productsetting.php: moved to '/tmp/virus/admin.productsetting.php'
/home/vouchercar/domains/vouchercar.com/public_html/redomain/template3_old_files.tgz: {HEX}Malware.Expert.generic.eval.21.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/redomain/template3_old_files.tgz: moved to '/tmp/virus/template3_old_files.tgz'
/home/rackwell/domains/rackwell.com/public_ftp/incoming/menu_settings.php: {HEX}Malware.Expert.generic.malware.118.UNOFFICIAL FOUND
/home/rackwell/domains/rackwell.com/public_ftp/incoming/menu_settings.php: moved to '/tmp/virus/menu_settings.php'
/home/rackwell/domains/rackwell.com/public_ftp/incoming/system_m.php: {HEX}Malware.Expert.generic.malware.124.UNOFFICIAL FOUND
/home/rackwell/domains/rackwell.com/public_ftp/incoming/system_m.php: moved to '/tmp/virus/system_m.php'
/home/rackwell/domains/rackwell.com/.htpasswd/menu_settings.php: {HEX}Malware.Expert.generic.malware.118.UNOFFICIAL FOUND
/home/rackwell/domains/rackwell.com/.htpasswd/menu_settings.php: moved to '/tmp/virus/menu_settings.php.001'
/home/rackwell/domains/rackwell.com/.htpasswd/system_m.php: {HEX}Malware.Expert.generic.malware.124.UNOFFICIAL FOUND
/home/rackwell/domains/rackwell.com/.htpasswd/system_m.php: moved to '/tmp/virus/system_m.php.001'
/home/rackwell/domains/rackwell.com/logs/Feb-2020.tar.gz.3: {HEX}Malware.Expert.malware.url.hastebin.com.0.UNOFFICIAL FOUND
/home/rackwell/domains/rackwell.com/logs/Feb-2020.tar.gz.3: moved to '/tmp/virus/Feb-2020.tar.gz.3'
/home/rackwell/domains/rackwell.com/stats/menu_settings.php: {HEX}Malware.Expert.generic.malware.118.UNOFFICIAL FOUND
/home/rackwell/domains/rackwell.com/stats/menu_settings.php: moved to '/tmp/virus/menu_settings.php.002'
/home/rackwell/domains/rackwell.com/stats/system_m.php: {HEX}Malware.Expert.generic.malware.124.UNOFFICIAL FOUND
/home/rackwell/domains/rackwell.com/stats/system_m.php: moved to '/tmp/virus/system_m.php.002'
/home/arcobaleno/imap/arcobaleno-cm.com/info/Maildir/new/1559605223.H864044P25281.ns1.thaidreamhost.com: Win.Trojan.Autoit-7585910-0 FOUND
/home/arcobaleno/imap/arcobaleno-cm.com/info/Maildir/new/1559605223.H864044P25281.ns1.thaidreamhost.com: moved to '/tmp/virus/1559605223.H864044P25281.ns1.thaidreamhost.com'
/home/arcobaleno/imap/arcobaleno-cm.com/info/Maildir/new/1580825548.H331367P31837.ns1.thaidreamhost.com: Doc.Dropper.Agent-7577303-0 FOUND
/home/arcobaleno/imap/arcobaleno-cm.com/info/Maildir/new/1580825548.H331367P31837.ns1.thaidreamhost.com: moved to '/tmp/virus/1580825548.H331367P31837.ns1.thaidreamhost.com'
/home/kpatara/imap/kpatara.com/kpataralumber/Maildir/new/1580355228.H913817P14275.ns1.thaidreamhost.com: Win.Trojan.Autoit-7585910-0 FOUND
/home/kpatara/imap/kpatara.com/kpataralumber/Maildir/new/1580355228.H913817P14275.ns1.thaidreamhost.com: moved to '/tmp/virus/1580355228.H913817P14275.ns1.thaidreamhost.com'
/home/kpatara/imap/kpatara.com/kpataralumber/Maildir/new/1579604528.H221652P30408.ns1.thaidreamhost.com: Win.Trojan.VBGeneric-7556888-0 FOUND
/home/kpatara/imap/kpatara.com/kpataralumber/Maildir/new/1579604528.H221652P30408.ns1.thaidreamhost.com: moved to '/tmp/virus/1579604528.H221652P30408.ns1.thaidreamhost.com'
/home/kpatara/imap/kpatara.com/kpataralumber/Maildir/new/1581316337.H984732P28113.ns1.thaidreamhost.com: Win.Malware.Generic-7583833-0 FOUND
/home/kpatara/imap/kpatara.com/kpataralumber/Maildir/new/1581316337.H984732P28113.ns1.thaidreamhost.com: moved to '/tmp/virus/1581316337.H984732P28113.ns1.thaidreamhost.com'
/home/kpatara/imap/kpatara.com/kpataralumber/Maildir/new/1580897814.H349300P12248.ns1.thaidreamhost.com: Win.Trojan.Vebzenpak-7581586-0 FOUND
/home/kpatara/imap/kpatara.com/kpataralumber/Maildir/new/1580897814.H349300P12248.ns1.thaidreamhost.com: moved to '/tmp/virus/1580897814.H349300P12248.ns1.thaidreamhost.com'
/home/kpatara/imap/kpatara.com/vuttipong/Maildir/new/1430321169.H939242P20198.ns165.thaidreamhost.com: Win.Dropper.Upatre-7524255-0 FOUND
/home/kpatara/imap/kpatara.com/vuttipong/Maildir/new/1430321169.H939242P20198.ns165.thaidreamhost.com: moved to '/tmp/virus/1430321169.H939242P20198.ns165.thaidreamhost.com'
/home/campthai/imap/campthai.com/sale/Maildir/new/1581303983.H908334P19670.ns1.thaidreamhost.com: Win.Malware.Generic-7583833-0 FOUND
/home/campthai/imap/campthai.com/sale/Maildir/new/1581303983.H908334P19670.ns1.thaidreamhost.com: moved to '/tmp/virus/1581303983.H908334P19670.ns1.thaidreamhost.com'
/home/campthai/imap/campthai.com/sale/Maildir/new/1581381106.H218340P14559.ns1.thaidreamhost.com: Win.Trojan.Autoit-7585910-0 FOUND
/home/campthai/imap/campthai.com/sale/Maildir/new/1581381106.H218340P14559.ns1.thaidreamhost.com: moved to '/tmp/virus/1581381106.H218340P14559.ns1.thaidreamhost.com'
/home/campthai/imap/campthai.com/sale/Maildir/new/1568607191.H633690P10652.ns1.thaidreamhost.com: Win.Trojan.Autoit-7585910-0 FOUND
/home/campthai/imap/campthai.com/sale/Maildir/new/1568607191.H633690P10652.ns1.thaidreamhost.com: moved to '/tmp/virus/1568607191.H633690P10652.ns1.thaidreamhost.com'
/home/campthai/imap/campthai.com/sale/Maildir/new/1581390324.H104791P17653.ns1.thaidreamhost.com: Xls.Dropper.Agent-7585263-0 FOUND
/home/campthai/imap/campthai.com/sale/Maildir/new/1581390324.H104791P17653.ns1.thaidreamhost.com: moved to '/tmp/virus/1581390324.H104791P17653.ns1.thaidreamhost.com'
/home/campthai/imap/campthai.com/sale/Maildir/new/1581385532.H520186P27724.ns1.thaidreamhost.com: Win.Trojan.Autoit-7585910-0 FOUND
/home/campthai/imap/campthai.com/sale/Maildir/new/1581385532.H520186P27724.ns1.thaidreamhost.com: moved to '/tmp/virus/1581385532.H520186P27724.ns1.thaidreamhost.com'
/home/campthai/imap/campthai.com/sale/Maildir/new/1580955089.H209497P15931.ns1.thaidreamhost.com: Win.Trojan.Autoit-7585910-0 FOUND
/home/campthai/imap/campthai.com/sale/Maildir/new/1580955089.H209497P15931.ns1.thaidreamhost.com: moved to '/tmp/virus/1580955089.H209497P15931.ns1.thaidreamhost.com'
/home/campthai/imap/campthai.com/info/Maildir/new/1580955089.H174090P15930.ns1.thaidreamhost.com: Win.Trojan.Autoit-7585910-0 FOUND
/home/campthai/imap/campthai.com/info/Maildir/new/1580955089.H174090P15930.ns1.thaidreamhost.com: moved to '/tmp/virus/1580955089.H174090P15930.ns1.thaidreamhost.com'
/home/campthai/imap/campthai.com/info/Maildir/new/1568588740.H516940P15548.ns1.thaidreamhost.com: Win.Trojan.Autoit-7585910-0 FOUND
/home/campthai/imap/campthai.com/info/Maildir/new/1568588740.H516940P15548.ns1.thaidreamhost.com: moved to '/tmp/virus/1568588740.H516940P15548.ns1.thaidreamhost.com'
/home/campthai/imap/campthai.com/info/Maildir/new/1581381838.H252162P16372.ns1.thaidreamhost.com: Win.Trojan.Autoit-7585910-0 FOUND
/home/campthai/imap/campthai.com/info/Maildir/new/1581381838.H252162P16372.ns1.thaidreamhost.com: moved to '/tmp/virus/1581381838.H252162P16372.ns1.thaidreamhost.com'
/home/campthai/imap/campthai.com/info/Maildir/new/1581385532.H494001P27723.ns1.thaidreamhost.com: Win.Trojan.Autoit-7585910-0 FOUND
/home/campthai/imap/campthai.com/info/Maildir/new/1581385532.H494001P27723.ns1.thaidreamhost.com: moved to '/tmp/virus/1581385532.H494001P27723.ns1.thaidreamhost.com'
/home/campthai/imap/campthai.com/info/Maildir/new/1581302416.H984816P12986.ns1.thaidreamhost.com: Win.Malware.Generic-7583833-0 FOUND
/home/campthai/imap/campthai.com/info/Maildir/new/1581302416.H984816P12986.ns1.thaidreamhost.com: moved to '/tmp/virus/1581302416.H984816P12986.ns1.thaidreamhost.com'
/home/campthai/imap/campthai.com/info/Maildir/new/1581390324.H78183P17652.ns1.thaidreamhost.com: Xls.Dropper.Agent-7585263-0 FOUND
/home/campthai/imap/campthai.com/info/Maildir/new/1581390324.H78183P17652.ns1.thaidreamhost.com: moved to '/tmp/virus/1581390324.H78183P17652.ns1.thaidreamhost.com'
/home/teradev/domains/teraconsultant.com/public_html/Card/.97b7f.php: {HEX}Malware.Expert.generic.uploader.40.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/Card/.97b7f.php: moved to '/tmp/virus/.97b7f.php'
/home/teradev/domains/teraconsultant.com/public_html/Card/.e4858.php: {HEX}Malware.Expert.generic.base64.decode.assert.0.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/Card/.e4858.php: moved to '/tmp/virus/.e4858.php'
/home/teradev/domains/teraconsultant.com/public_html/cu_intranet/.26f7a.php: {HEX}Malware.Expert.generic.uploader.40.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/cu_intranet/.26f7a.php: moved to '/tmp/virus/.26f7a.php'
/home/teradev/domains/teraconsultant.com/public_html/cu_intranet/assets/plugins/bootstrap-datetimepicker/screenshot/daaa592.php: {HEX}Malware.Expert.generic.malware.44.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/cu_intranet/assets/plugins/bootstrap-datetimepicker/screenshot/daaa592.php: moved to '/tmp/virus/daaa592.php'
/home/teradev/domains/teraconsultant.com/public_html/cu_intranet/assets/plugins/fancybox/lib/.094573: {HEX}Malware.Expert.generic.malware.124.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/cu_intranet/assets/plugins/fancybox/lib/.094573: moved to '/tmp/virus/.094573'
/home/teradev/domains/teraconsultant.com/public_html/cu_intranet/assets/.15521c.jpg: {HEX}Malware.Expert.generic.malware.124.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/cu_intranet/assets/.15521c.jpg: moved to '/tmp/virus/.15521c.jpg'
/home/teradev/domains/teraconsultant.com/public_html/cu_intranet/assets/scripts/.880c43: {HEX}Malware.Expert.generic.malware.124.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/cu_intranet/assets/scripts/.880c43: moved to '/tmp/virus/.880c43'
/home/teradev/domains/teraconsultant.com/public_html/cu_intranet/assets/img/.3ac07f: {HEX}Malware.Expert.generic.malware.124.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/cu_intranet/assets/img/.3ac07f: moved to '/tmp/virus/.3ac07f'
/home/teradev/domains/teraconsultant.com/public_html/cu_intranet/.c4daa.php: {HEX}Malware.Expert.generic.base64.decode.assert.0.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/cu_intranet/.c4daa.php: moved to '/tmp/virus/.c4daa.php'
/home/teradev/domains/teraconsultant.com/public_html/wp-admin/options-style.php: {HEX}Malware.Expert.generic.base64.decode.1.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/wp-admin/options-style.php: moved to '/tmp/virus/options-style.php'
/home/teradev/domains/teraconsultant.com/public_html/wp-admin/.7529d.php: {HEX}Malware.Expert.generic.uploader.40.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/wp-admin/.7529d.php: moved to '/tmp/virus/.7529d.php'
/home/teradev/domains/teraconsultant.com/public_html/kml/.5063d.php: {HEX}Malware.Expert.generic.base64.decode.assert.0.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/kml/.5063d.php: moved to '/tmp/virus/.5063d.php'
/home/teradev/domains/teraconsultant.com/public_html/kml/70de03pl.php: {HEX}Malware.Expert.malware.chr.hex.1.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/kml/70de03pl.php: moved to '/tmp/virus/70de03pl.php'
/home/teradev/domains/teraconsultant.com/public_html/wp-load.php: {HEX}Malware.Expert.generic.malware.179.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/wp-load.php: moved to '/tmp/virus/wp-load.php'
/home/teradev/domains/teraconsultant.com/public_html/assets/frontend/.a6f4c.php: {HEX}Malware.Expert.generic.uploader.40.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/assets/frontend/.a6f4c.php: moved to '/tmp/virus/.a6f4c.php'
/home/teradev/domains/teraconsultant.com/public_html/assets/frontend/.077c3.php: {HEX}Malware.Expert.generic.base64.decode.assert.0.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/assets/frontend/.077c3.php: moved to '/tmp/virus/.077c3.php'
/home/teradev/domains/teraconsultant.com/public_html/assets/.45223.php: {HEX}Malware.Expert.generic.uploader.40.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/assets/.45223.php: moved to '/tmp/virus/.45223.php'
/home/teradev/domains/teraconsultant.com/public_html/assets/.9ff48.php: {HEX}Malware.Expert.generic.base64.decode.assert.0.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/assets/.9ff48.php: moved to '/tmp/virus/.9ff48.php'
/home/teradev/domains/teraconsultant.com/public_html/assets/admin/layout/.2cf4d2: {HEX}Malware.Expert.generic.malware.124.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/assets/admin/layout/.2cf4d2: moved to '/tmp/virus/.2cf4d2'
/home/teradev/domains/teraconsultant.com/public_html/assets/admin/.b7ad0.php: {HEX}Malware.Expert.generic.base64.decode.assert.0.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/assets/admin/.b7ad0.php: moved to '/tmp/virus/.b7ad0.php'
/home/teradev/domains/teraconsultant.com/public_html/assets/global/plugins/bootstrap-editable/bootstrap-editable/ee0282e.php: {HEX}Malware.Expert.generic.uploader.40.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/assets/global/plugins/bootstrap-editable/bootstrap-editable/ee0282e.php: moved to '/tmp/virus/ee0282e.php'
/home/teradev/domains/teraconsultant.com/public_html/gmail/.f3fbf.php: {HEX}Malware.Expert.generic.uploader.40.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/gmail/.f3fbf.php: moved to '/tmp/virus/.f3fbf.php'
/home/teradev/domains/teraconsultant.com/public_html/gmail/.1b8e9.php: {HEX}Malware.Expert.generic.base64.decode.assert.0.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/gmail/.1b8e9.php: moved to '/tmp/virus/.1b8e9.php'
/home/teradev/domains/teraconsultant.com/public_html/mapcom/.1dfdf.php: {HEX}Malware.Expert.generic.uploader.40.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/mapcom/.1dfdf.php: moved to '/tmp/virus/.1dfdf.php'
/home/teradev/domains/teraconsultant.com/public_html/mapcom/.3b436.php: {HEX}Malware.Expert.generic.base64.decode.assert.0.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/mapcom/.3b436.php: moved to '/tmp/virus/.3b436.php'
/home/teradev/domains/teraconsultant.com/public_html/mail/.e2861.php: {HEX}Malware.Expert.generic.base64.decode.assert.0.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/mail/.e2861.php: moved to '/tmp/virus/.e2861.php'
/home/teradev/domains/teraconsultant.com/public_html/PHPWord/dir1/.4bbf8.php: {HEX}Malware.Expert.generic.uploader.40.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/PHPWord/dir1/.4bbf8.php: moved to '/tmp/virus/.4bbf8.php'
/home/teradev/domains/teraconsultant.com/public_html/PHPWord/PHPWord/.7bd97.php: {HEX}Malware.Expert.generic.uploader.40.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/PHPWord/PHPWord/.7bd97.php: moved to '/tmp/virus/.7bd97.php'
/home/teradev/domains/teraconsultant.com/public_html/yod/.269c9.php: {HEX}Malware.Expert.generic.uploader.40.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/yod/.269c9.php: moved to '/tmp/virus/.269c9.php'
/home/teradev/domains/teraconsultant.com/public_html/yod/.b4938.php: {HEX}Malware.Expert.generic.base64.decode.assert.0.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/yod/.b4938.php: moved to '/tmp/virus/.b4938.php'
/home/thaidreamh/imap/vouchercarrent.com/sales/Maildir/new/1550719848.H788688P20418.vps933.vpshispeed.net: Win.Trojan.Autoit-7585910-0 FOUND
/home/thaidreamh/imap/vouchercarrent.com/sales/Maildir/new/1550719848.H788688P20418.vps933.vpshispeed.net: moved to '/tmp/virus/1550719848.H788688P20418.vps933.vpshispeed.net'
/home/thaidreamh/domains/vouchercarrent.com/public_html/redomain/model/admin.productsetting.php: {HEX}Malware.Expert.generic.eval.21.UNOFFICIAL FOUND
/home/thaidreamh/domains/vouchercarrent.com/public_html/redomain/model/admin.productsetting.php: moved to '/tmp/virus/admin.productsetting.php.001'
/home/thaidreamh/domains/vouchercarrent.com/public_html/redomain/template3_old_files.tgz: {HEX}Malware.Expert.generic.eval.21.UNOFFICIAL FOUND
/home/thaidreamh/domains/vouchercarrent.com/public_html/redomain/template3_old_files.tgz: moved to '/tmp/virus/template3_old_files.tgz.001'
/home/dkbook/domains/thaidk.com/logs/Feb-2020.tar.gz: {HEX}Malware.Expert.generic.eval.post.0.UNOFFICIAL FOUND
/home/dkbook/domains/thaidk.com/logs/Feb-2020.tar.gz: moved to '/tmp/virus/Feb-2020.tar.gz'
/home/dkbook/domains/thaidk.com/logs/Feb-2020.tar.gz.2: {HEX}Malware.Expert.generic.eval.post.0.UNOFFICIAL FOUND
/home/dkbook/domains/thaidk.com/logs/Feb-2020.tar.gz.2: moved to '/tmp/virus/Feb-2020.tar.gz.2'
/home/thaitourse/imap/thaitoursearch.com/sales/Maildir/new/1550719848.H823898P20419.vps933.vpshispeed.net: Win.Trojan.Autoit-7585910-0 FOUND
/home/thaitourse/imap/thaitoursearch.com/sales/Maildir/new/1550719848.H823898P20419.vps933.vpshispeed.net: moved to '/tmp/virus/1550719848.H823898P20419.vps933.vpshispeed.net'
/home/thaitourse/imap/thaitoursearch.com/sales/Maildir/new/1579252373.H327039P15321.ns1.thaidreamhost.com: Win.Trojan.Razy-7557047-0 FOUND
/home/thaitourse/imap/thaitoursearch.com/sales/Maildir/new/1579252373.H327039P15321.ns1.thaidreamhost.com: moved to '/tmp/virus/1579252373.H327039P15321.ns1.thaidreamhost.com'
/home/thaitourse/imap/thaitoursearch.com/sales/Maildir/new/1553729456.H923210P16722.ns1.thaidreamhost.com: Win.Trojan.Autoit-7585910-0 FOUND
/home/thaitourse/imap/thaitoursearch.com/sales/Maildir/new/1553729456.H923210P16722.ns1.thaidreamhost.com: moved to '/tmp/virus/1553729456.H923210P16722.ns1.thaidreamhost.com'
/home/thaitourse/domains/thaitoursearch.com/logs/Feb-2020.tar.gz: {HEX}Malware.Expert.generic.eval.post.0.UNOFFICIAL FOUND
/home/thaitourse/domains/thaitoursearch.com/logs/Feb-2020.tar.gz: moved to '/tmp/virus/Feb-2020.tar.gz.001'
/home/thaitourse/domains/thaitoursearch.com/logs/Feb-2020.tar.gz.2: {HEX}Malware.Expert.generic.eval.post.0.UNOFFICIAL FOUND
/home/thaitourse/domains/thaitoursearch.com/logs/Feb-2020.tar.gz.2: moved to '/tmp/virus/Feb-2020.tar.gz.2.001'
LibClamAV Warning: SWF: declared output length != inflated stream size, 149759 != 149763
LibClamAV Warning: SWF: declared output length != inflated stream size, 145931 != 145935
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2012-05-19_before_smf_patch_2.tar.gz: {HEX}Malware.Expert.generic.mailer.27.UNOFFICIAL FOUND
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2012-05-19_before_smf_patch_2.tar.gz: moved to '/tmp/virus/2012-05-19_before_smf_patch_2.tar.gz'
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2019-03-14_before_smf_patch_2.tar.gz: {HEX}Malware.Expert.generic.mailer.27.UNOFFICIAL FOUND
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2019-03-14_before_smf_patch_2.tar.gz: moved to '/tmp/virus/2019-03-14_before_smf_patch_2.tar.gz'
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2012-05-19_before_smf_patch_2_2.tar.gz: {HEX}Malware.Expert.generic.mailer.27.UNOFFICIAL FOUND
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2012-05-19_before_smf_patch_2_2.tar.gz: moved to '/tmp/virus/2012-05-19_before_smf_patch_2_2.tar.gz'
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2015-09-28_before_Global-Headers-and-Footers-2.tar.gz: {HEX}Malware.Expert.generic.mailer.27.UNOFFICIAL FOUND
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2015-09-28_before_Global-Headers-and-Footers-2.tar.gz: moved to '/tmp/virus/2015-09-28_before_Global-Headers-and-Footers-2.tar.gz'
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2014-12-26_before_smf_patch_1.tar.gz: {HEX}Malware.Expert.generic.mailer.27.UNOFFICIAL FOUND
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2014-12-26_before_smf_patch_1.tar.gz: moved to '/tmp/virus/2014-12-26_before_smf_patch_1.tar.gz'
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2015-10-11_before_smf_patch_2.tar.gz: {HEX}Malware.Expert.generic.mailer.27.UNOFFICIAL FOUND
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2015-10-11_before_smf_patch_2.tar.gz: moved to '/tmp/virus/2015-10-11_before_smf_patch_2.tar.gz'
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2015-09-27_before_smf_patch_2.tar.gz: {HEX}Malware.Expert.generic.mailer.27.UNOFFICIAL FOUND
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2015-09-27_before_smf_patch_2.tar.gz: moved to '/tmp/virus/2015-09-27_before_smf_patch_2.tar.gz'
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2019-03-14_before_smf_patch_2_2.tar.gz: {HEX}Malware.Expert.generic.mailer.27.UNOFFICIAL FOUND
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2019-03-14_before_smf_patch_2_2.tar.gz: moved to '/tmp/virus/2019-03-14_before_smf_patch_2_2.tar.gz'
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2014-07-02_before_mkress-smf_kitseositemap-2.tar.gz: {HEX}Malware.Expert.generic.mailer.27.UNOFFICIAL FOUND
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2014-07-02_before_mkress-smf_kitseositemap-2.tar.gz: moved to '/tmp/virus/2014-07-02_before_mkress-smf_kitseositemap-2.tar.gz'
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2019-03-14_before_smf_patch_2_4.tar.gz: {HEX}Malware.Expert.generic.mailer.27.UNOFFICIAL FOUND
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2019-03-14_before_smf_patch_2_4.tar.gz: moved to '/tmp/virus/2019-03-14_before_smf_patch_2_4.tar.gz'
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2019-03-14_before_smf_patch_2_3.tar.gz: {HEX}Malware.Expert.generic.mailer.27.UNOFFICIAL FOUND
/home/civichf/domains/civicfanclub.com/public_html/Packages/backups/2019-03-14_before_smf_patch_2_3.tar.gz: moved to '/tmp/virus/2019-03-14_before_smf_patch_2_3.tar.gz'
/home/paymentcc/Maildir/lqb6avyh.php: {HEX}Malware.Expert.generic.malware.178.UNOFFICIAL FOUND
/home/paymentcc/Maildir/lqb6avyh.php: moved to '/tmp/virus/lqb6avyh.php'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581578752.H486904P6386.ns1.thaidreamhost.com:2,S: Win.Dropper.Noon-7586644-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581578752.H486904P6386.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1581578752.H486904P6386.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581291564.H675098P12640.ns1.thaidreamhost.com:2,S: Pdf.Dropper.Agent-7585030-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581291564.H675098P12640.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1581291564.H675098P12640.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1580863821.H699995P14125.ns1.thaidreamhost.com:2,S: Win.Trojan.Wacatac-7581847-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1580863821.H699995P14125.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1580863821.H699995P14125.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581585904.H62272P3129.ns1.thaidreamhost.com:2,S: Win.Dropper.Noon-7586644-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581585904.H62272P3129.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1581585904.H62272P3129.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581687472.H740251P27783.ns1.thaidreamhost.com:2,S: Win.Malware.Generic-7586959-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581687472.H740251P27783.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1581687472.H740251P27783.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581078482.H772991P14474.ns1.thaidreamhost.com:2,S: Win.Trojan.Generic-7580179-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581078482.H772991P14474.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1581078482.H772991P14474.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581679126.H460404P31295.ns1.thaidreamhost.com:2,S: Win.Malware.Generic-7586959-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581679126.H460404P31295.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1581679126.H460404P31295.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1580897887.H212007P12368.ns1.thaidreamhost.com:2,S: Win.Trojan.VBGeneric-7580607-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1580897887.H212007P12368.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1580897887.H212007P12368.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1580860984.H329071P8214.ns1.thaidreamhost.com:2,S: Win.Trojan.Wacatac-7581847-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1580860984.H329071P8214.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1580860984.H329071P8214.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1580897494.H179514P10959.ns1.thaidreamhost.com:2,S: Win.Trojan.Vebzenpak-7581586-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1580897494.H179514P10959.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1580897494.H179514P10959.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581588615.H60303P14803.ns1.thaidreamhost.com:2,S: Win.Dropper.Noon-7586644-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581588615.H60303P14803.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1581588615.H60303P14803.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581235333.H220464P31199.ns1.thaidreamhost.com:2,S: Pdf.Dropper.Agent-7584921-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581235333.H220464P31199.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1581235333.H220464P31199.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581334270.H669388P26245.ns1.thaidreamhost.com:2,S: Win.Dropper.LokiBot-7584438-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581334270.H669388P26245.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1581334270.H669388P26245.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581614973.H802324P23642.ns1.thaidreamhost.com:2,S: Win.Dropper.Noon-7586644-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581614973.H802324P23642.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1581614973.H802324P23642.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581317075.H115636P30119.ns1.thaidreamhost.com:2,S: Win.Malware.Generic-7583833-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581317075.H115636P30119.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1581317075.H115636P30119.ns1.thaidreamhost.com:2,S'
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581467297.H616828P10150.ns1.thaidreamhost.com:2,S: Xls.Dropper.Agent-7586409-0 FOUND
/home/ssctannery/imap/ssctannery.com/kamchai/Maildir/cur/1581467297.H616828P10150.ns1.thaidreamhost.com:2,S: moved to '/tmp/virus/1581467297.H616828P10150.ns1.thaidreamhost.com:2,S'

----------- SCAN SUMMARY -----------
Known viruses: 6757343
Engine version: 0.101.2
Scanned directories: 25864
Scanned files: 412667
Infected files: 133
Data scanned: 27516.73 MB
Data read: 16391.67 MB (ratio 1.68:1)
Time: 9270.678 sec (154 m 30 s)

Re: ติดตั้ง ClamAV ใน Directadmin และเพิ่ม rule พิเศษสำหรับค้าหา PHP Backdoor
« ตอบกลับ #2 เมื่อ: กุมภาพันธ์ 17, 2020, 09:33:48 AM »
[root@ns1 ~]#  clamscan -ri --move=/tmp/virus /home
/home/teradev/domains/teraconsultant.com/public_html/wp-admin/options-style.php: {HEX}Malware.Expert.generic.base64.decode.1.UNOFFICIAL FOUND
/home/teradev/domains/teraconsultant.com/public_html/wp-admin/options-style.php: moved to '/tmp/virus/options-style.php.001'
LibClamAV Warning: SWF: declared output length != inflated stream size, 149759 != 149763
LibClamAV Warning: SWF: declared output length != inflated stream size, 145931 != 145935

Re: ติดตั้ง ClamAV ใน Directadmin และเพิ่ม rule พิเศษสำหรับค้าหา PHP Backdoor
« ตอบกลับ #3 เมื่อ: กุมภาพันธ์ 18, 2020, 10:51:27 AM »
[root@ns1 ~]# clamscan -ri --move=/tmp/virus /home/vouchercar/
/home/vouchercar/domains/vouchercar.com/public_html/xn--12ct0cvb8bzaj8azf2d/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/xn--12ct0cvb8bzaj8azf2d/jvc.php: moved to '/tmp/virus/jvc.php'
/home/vouchercar/domains/vouchercar.com/public_html/sitemap/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/sitemap/jvc.php: moved to '/tmp/virus/jvc.php.001'
/home/vouchercar/domains/vouchercar.com/public_html/js/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/js/jvc.php: moved to '/tmp/virus/jvc.php.002'
/home/vouchercar/domains/vouchercar.com/public_html/https/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/https/jvc.php: moved to '/tmp/virus/jvc.php.003'
/home/vouchercar/domains/vouchercar.com/public_html/admin/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/admin/jvc.php: moved to '/tmp/virus/jvc.php.004'
/home/vouchercar/domains/vouchercar.com/public_html/location/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/location/jvc.php: moved to '/tmp/virus/jvc.php.005'
/home/vouchercar/domains/vouchercar.com/public_html/lib/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/lib/jvc.php: moved to '/tmp/virus/jvc.php.006'
/home/vouchercar/domains/vouchercar.com/public_html/thaiteawthai/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/thaiteawthai/jvc.php: moved to '/tmp/virus/jvc.php.007'
/home/vouchercar/domains/vouchercar.com/public_html/line/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/line/jvc.php: moved to '/tmp/virus/jvc.php.008'
/home/vouchercar/domains/vouchercar.com/public_html/en/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/en/jvc.php: moved to '/tmp/virus/jvc.php.009'
/home/vouchercar/domains/vouchercar.com/public_html/b/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/b/jvc.php: moved to '/tmp/virus/jvc.php.010'
/home/vouchercar/domains/vouchercar.com/public_html/q/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/q/jvc.php: moved to '/tmp/virus/jvc.php.011'
/home/vouchercar/domains/vouchercar.com/public_html/xn--12ct1bl5be1e7al8bzg3b3c/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/xn--12ct1bl5be1e7al8bzg3b3c/jvc.php: moved to '/tmp/virus/jvc.php.012'
/home/vouchercar/domains/vouchercar.com/public_html/images/deal/deal727.php: {HEX}php.malware.fopo.547.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/images/deal/deal727.php: moved to '/tmp/virus/deal727.php'
/home/vouchercar/domains/vouchercar.com/public_html/images/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/images/jvc.php: moved to '/tmp/virus/jvc.php.013'
/home/vouchercar/domains/vouchercar.com/public_html/webboard/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/webboard/jvc.php: moved to '/tmp/virus/jvc.php.014'
/home/vouchercar/domains/vouchercar.com/public_html/mobile/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/mobile/jvc.php: moved to '/tmp/virus/jvc.php.015'
/home/vouchercar/domains/vouchercar.com/public_html/en3/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/en3/jvc.php: moved to '/tmp/virus/jvc.php.016'
/home/vouchercar/domains/vouchercar.com/public_html/d/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/d/jvc.php: moved to '/tmp/virus/jvc.php.017'
/home/vouchercar/domains/vouchercar.com/public_html/usb/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/usb/jvc.php: moved to '/tmp/virus/jvc.php.018'
/home/vouchercar/domains/vouchercar.com/public_html/html/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/html/jvc.php: moved to '/tmp/virus/jvc.php.019'
/home/vouchercar/domains/vouchercar.com/public_html/member/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/member/jvc.php: moved to '/tmp/virus/jvc.php.020'
/home/vouchercar/domains/vouchercar.com/public_html/bank/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/bank/jvc.php: moved to '/tmp/virus/jvc.php.021'
/home/vouchercar/domains/vouchercar.com/public_html/mobiledetect/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/mobiledetect/jvc.php: moved to '/tmp/virus/jvc.php.022'
/home/vouchercar/domains/vouchercar.com/public_html/redomain/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/redomain/jvc.php: moved to '/tmp/virus/jvc.php.023'
/home/vouchercar/domains/vouchercar.com/public_html/cat/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/cat/jvc.php: moved to '/tmp/virus/jvc.php.024'
/home/vouchercar/domains/vouchercar.com/public_html/email/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/email/jvc.php: moved to '/tmp/virus/jvc.php.025'
/home/vouchercar/domains/vouchercar.com/public_html/sym.php: {HEX}php.malware.fopo.547.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/sym.php: moved to '/tmp/virus/sym.php'
/home/vouchercar/domains/vouchercar.com/public_html/admin2/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/admin2/jvc.php: moved to '/tmp/virus/jvc.php.026'
/home/vouchercar/domains/vouchercar.com/public_html/facebook/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/facebook/jvc.php: moved to '/tmp/virus/jvc.php.027'
/home/vouchercar/domains/vouchercar.com/public_html/store/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/store/jvc.php: moved to '/tmp/virus/jvc.php.028'
/home/vouchercar/domains/vouchercar.com/public_html/ckeditor/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/ckeditor/jvc.php: moved to '/tmp/virus/jvc.php.029'
/home/vouchercar/domains/vouchercar.com/public_html/linepay/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/linepay/jvc.php: moved to '/tmp/virus/jvc.php.030'
/home/vouchercar/domains/vouchercar.com/public_html/store2014/jvc.php: {HEX}php.uploader.max.706.UNOFFICIAL FOUND
/home/vouchercar/domains/vouchercar.com/public_html/store2014/jvc.php: moved to '/tmp/virus/jvc.php.031'

----------- SCAN SUMMARY -----------
Known viruses: 6760167
Engine version: 0.101.2
Scanned directories: 5738
Scanned files: 75817
Infected files: 34
Data scanned: 631.10 MB
Data read: 1260.82 MB (ratio 0.50:1)
Time: 485.736 sec (8 m 5 s)