Top

Website Malware Scanner

Shared web hosting companies usually installed server clamav virus scanner. This is very helpful to scan PHP files with malware. You need ssh access to the server and our script use extra signatures to get better detect ratio PHP malware.

We generated bash script for Website Malware Scanning, so no need manually download everything and install. Also if you dont have Root privileges to server, this still work to own home files and folders.

Download Script

This script working cPanel/DirectAdmin and others where clamav scanner is installed.

# wget http://cdn.malware.expert/malware.expert.scanner.sh

Download Direct: http://cdn.malware.expert/malware.expert.scanner.sh

Usage:

Execute or chmod 750 script and then execute:

# bash malware.expert.scanner.sh

Output

  +----------------------------------------------------------------+
 | Malware Expert - Malware Scanner (v1.0.3)                      |
 |                                                                |
 | https://malware.expert                                         |
 | support@malware.expert                                         |
 |                                                                |
 +----------------------------------------------------------------+
 | USAGE:                                                         |
 | ./malware.expert.scanner.sh scan <path>                        |
 | ./malware.expert.scanner.sh clean <path>                       |
 | ./malware.expert.scanner.sh restore <path>                     |
 | ./malware.expert.scanner.sh restore <path> force               |
 | ./malware.expert.scanner.sh delete <path>                      |
 | ./malware.expert.scanner.sh update                             |
 | ./malware.expert.scanner.sh update force                       |
 |                                                                |
 | EXAMPLE:                                                       |
 | ./malware.expert.scanner.sh scan ./public_html                 |
 | ./malware.expert.scanner.sh clean /home/user/                  |
 +----------------------------------------------------------------+

Scan public_html folder

DirectAdmin or cPanel Server scan current folder:

# bash malware.expert.scanner.sh scan ./

Result Scan

 +----------------------------------------------------------------+
 | Malware Expert - Malware Scanner (v1.0.3)                      |
 |                                                                |
 | https://malware.expert                                         |
 | support@malware.expert                                         |
 |                                                                |
 +----------------------------------------------------------------+

Start scanning in ./

./bbbbbbb.php: {HEX}PHP.Remoteadmin-3.UNOFFICIAL FOUND
./blog.php: {multi}Malware.Expert.base64.isset.strtoupper.eval.0.signature.UNOFFICIAL FOUND
./c99.php: {HEX}php.cmdshell.c99.230.UNOFFICIAL FOUND
./cache54.php: {HEX}php.generic.malware.444.UNOFFICIAL FOUND
./cache-db.php: {multi}Malware.Expert.hidden.joomla.assert.0.signature.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Infected files: 5
Cleaned files: 0
Deleted files: 0
Skipped files: 0
Manual files: 0

USAGE for automatic cleaning:
# bash ../malware.expert.scanner.sh clean ./

Buy cPGuard for realtime protection with full features

Remove Website Malware

# bash malware.expert.scanner.sh clean ./
 +----------------------------------------------------------------+
 | Malware Expert - Malware Scanner (v1.0.3)                      |
 |                                                                |
 | https://malware.expert                                         |
 | support@malware.expert                                         |
 |                                                                |
 +----------------------------------------------------------------+

Start scanning in ./

./bbbbbbb.php: {HEX}PHP.Remoteadmin-3.UNOFFICIAL FOUND
./blog.php: {multi}Malware.Expert.base64.isset.strtoupper.eval.0.signature.UNOFFICIAL FOUND
./c99.php: {HEX}php.cmdshell.c99.230.UNOFFICIAL FOUND
./cache54.php: {HEX}php.generic.malware.444.UNOFFICIAL FOUND
./cache-db.php: {multi}Malware.Expert.hidden.joomla.assert.0.signature.UNOFFICIAL FOUND

Start cleaning ... (this may take for while)

[MANUAL_] ./bbbbbbb.php
[CLEANED] ./blog.php (blog.php.suspected)
[DELETED] ./c99.php (c99.php.suspected)
[DELETED] ./cache54.php (cache54.php.suspected)
[MANUAL_] ./cache-db.php

----------- SCAN SUMMARY -----------
Infected files: 5
Cleaned files: 1
Deleted files: 2
Skipped files: 0
Manual files: 1


Buy cPGuard for realtime protection with full features

Then you need to manually check every [MANUAL_] reported file and if there is malware to remove that out of code or bad worst case delete whole file.

If you delete files, make sure it’s total malware or it can cause malfunction of the website.

You can use our tutorial Detect Malware and Remove it from source code.

Also we offer Website Malware Removal Service, if you dont know how to clean up website.