Answer the question
In order to leave comments, you need to log in
How to remove a miner from a site on 1C-Bitrix?
Good afternoon!
Site 1C-Bitrix: Site management 16.0.13.
Infected by a miner (according to Kasper) HEUR:Trojan.Script.Miner.gen
Found instructions for deleting files:
/bitrix/js/main/core/core_loader.js
/bitrix/js/main/core/core_tasker.js
/ bitrix/tools/check_files.php - shell (I didn't have it in principle)
/bitrix/gadgets/bitrix/weather/lang/ru/exec/include.php - backdoor
Perhaps it is also registered in /bitrix/modules/main /include.php, but naturally it cannot be deleted. It is recommended to download this file from a similar version.
Removed all of the above, except for include.php, changed the password for the admin, but the trojan appears again and again.
Two questions:
1. Maybe someone came across it and need to dig somewhere else?
2. Where can I get clean include.php of my version? The search produces left sites that do not inspire confidence.
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question