Удалить вирус с сайта на Drupal 6

Даниэл12 лет в сервисе

Данные заказчика будут вам доступны после подачи заявки

06.07.2015

На сайте вирус троян. Хостинг из-за вируса отключил доступ к сайту.

Здравствуйте.

Сайт rbvip.ru заблокирован за запуск процессов, которые маскируются под системные.

На серверах виртуального хостинга это запрещено.

Вот ворнинг от Хостера.

Не сложная задача! Кто возьмётся за работу?

Укажите стоимость и сроки исполнения.

Завершением работы считается сайт, который будет работать корректно!

Вывод утилиты ps:

2342 559821 0.0 0.0 846160 4872 ? Sl 20:55 0:00 ././crond

Подробности по запущенному процессу:

lrwxrwxrwx 1 a34823_rbvip psacln 0 Jul 6 21:05 cwd -> /home/httpd/vhosts/rbvip.ru/httpdocs/modules/path

lrwxrwxrwx 1 a34823_rbvip psacln 0 Jul 6 20:57 exe -> (deleted)/home/httpd/vhosts/rbvip.ru/httpdocs/modules/path/crond

Антивирус обнаружил следующие файлы:

/home/httpd/vhosts/rbvip.ru/httpdocs/modules/path/general.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/modules/path/diff.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/modules/path/template.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/modules/overlay/overlay.api.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/modules/field/test.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/default/files/styles/teaser660x300/public/db.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/default/files/temp/session.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/libraries/ckeditor/plugins/about/diff.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/libraries/ckeditor/plugins/scayt/object.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/ctools/views_content/plugins/functions.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/libraries/libraries.api.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/getlocations/modules/getlocations_blocks/javascript.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/getlocations/js/images/general.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/transliteration/data/xb3.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/transliteration/data/x74.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/module_filter/js/config.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/webform/components/code.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/date/date_repeat/include.php: Php.Malware.Mailbot-1 FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/views/theme/views-ui-display-tab-setting.tpl.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/views/theme/views-view-fields.tpl.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/themes/bartik/color/javascript.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/includes/database/pgsql/article.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/dump/lang/update.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Koldunschik/include.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Config/Json.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Cache/Frontend/Page.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Cache/Backend/Memcached.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Validate/Barcode/Sscc.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Validate/Db/RecordExists.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/View/Helper/FormSubmit.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Controller/Dispatcher/proxy.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Controller/Router/Abstract.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Locale/Exception.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/CodeGenerator/Php/Class.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Navigation/functions.php: PHP.Trojan.Uploader FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Application/Resource/Navigation.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Crypt/Math/plugin.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Feed/Abstract.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Loader/PluginLoader/view.php: Php.Trojan.StopPost FOUND

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Filter/StringToLower.php: Php.Trojan.StopPost FOUND

Дополнительная проверка скриптов сайта показала, что следующие файлы содержат вредоносный код в первой строке:

/home/httpd/vhosts/rbvip.ru/httpdocs/modules/path/general.php

/home/httpd/vhosts/rbvip.ru/httpdocs/modules/path/diff.php

/home/httpd/vhosts/rbvip.ru/httpdocs/modules/path/template.php

/home/httpd/vhosts/rbvip.ru/httpdocs/modules/trigger/trigger.php

/home/httpd/vhosts/rbvip.ru/httpdocs/modules/overlay/overlay.api.php

/home/httpd/vhosts/rbvip.ru/httpdocs/modules/field/test.php

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/default/files/styles/teaser660x300/public/db.php

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/default/files/temp/session.php

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/libraries/ckeditor/plugins/about/diff.php

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/libraries/ckeditor/plugins/scayt/object.php

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/ctools/views_content/plugins/functions.php

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/libraries/libraries.api.php

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/getlocations/modules/getlocations_blocks/javascript.php

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/getlocations/js/images/general.php

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/transliteration/data/xb3.php

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/transliteration/data/x74.php

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/module_filter/js/config.php

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/webform/components/code.php

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/views/theme/views-ui-display-tab-setting.tpl.php

/home/httpd/vhosts/rbvip.ru/httpdocs/sites/all/modules/views/theme/views-view-fields.tpl.php

/home/httpd/vhosts/rbvip.ru/httpdocs/themes/bartik/color/javascript.php

/home/httpd/vhosts/rbvip.ru/httpdocs/includes/database/cckmodule.php

/home/httpd/vhosts/rbvip.ru/httpdocs/includes/database/pgsql/article.php

/home/httpd/vhosts/rbvip.ru/httpdocs/includes/mysqlcore.php

/home/httpd/vhosts/rbvip.ru/httpdocs/dump/lang/update.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Koldunschik/include.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Config/Json.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Cache/Frontend/Page.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Cache/Backend/Memcached.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Validate/Barcode/Sscc.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Validate/Db/RecordExists.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/View/Helper/TinySrc.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/View/Helper/FormSubmit.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Controller/Dispatcher/proxy.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Controller/Router/Abstract.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Locale/Exception.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/CodeGenerator/Php/Class.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Navigation/functions.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Application/Resource/Navigation.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Crypt/Math/plugin.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Feed/Abstract.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Loader/PluginLoader/view.php

/home/httpd/vhosts/rbvip.ru/httpdocs/koldunschik411/library/Zend/Filter/StringToLower.php

Для разблокировки сайта, перечисленные файлы нужно удалить, если они не являются частью CMS, или заменить исходными из дистрибутива используемой CMS.

Drupal JavaScript PHP