Linux Find naming Quick search for poisoned files

Source: Internet
Author: User
Tags assert eval mysql code

Now the virus species on the computer more and more, the likelihood of encountering the virus is also more and more big, sometimes poisoning things are also impossible, this is not, today's small Linux system computer is infected with the virus, affecting the normal use of the computer, in order to solve the virus must first find the virus file, it will be cleared before it can be resolved. So how do you find the virus file? In fact, there is a Find command in the Linux system where you can locate the virus file. The following small series on the example to teach you find how to locate the virus.

Example

Find wwwroot/*-type f-name "*.php |xargs grep" eval ("") wwwroot/eval.txt

Find wwwroot/*-type f-name "*.php" |xargs grep "UDP:" Wwwroot/udp.txt

Find wwwroot/*-type f-name "*.php" |xargs grep "tcp:" "Wwwroot/tcp.txt

Let's add

The popular signature on the Internet is: (PS: But there must be a legacy)

Back door Features-"cha88.cn"

Back door Features-"C99shell"

Back door Features-"Phpspy"

Back door Features-"scanners"

Back door Features-"cmd.php"

Back door Features-"str_rot13"

Back door Features-"Webshell"

Back door Features-"Egy_spider"

Back door Features-"tools88.com"

Back door Features-"Secforce"

Backdoor Features-"eval" ("?")

Suspicious code characteristics-"System" (

Suspicious code Features-"PassThru" (

Suspicious code Features-"Shell_exec" (

Suspicious code characteristics-"EXEC" (

Suspicious code Features-"Popen" (

Suspicious code Features-"Proc_open"

Suspicious code characteristics-"eval" ($

Suspicious code characteristics-"Assert" ($

Dangerous MySQL Code-"returns string Soname

Dangerous MySQL code-"into outfile

Dangerous MySQL code-"Load_file"

Cryptographic Backdoor Features-"eval" (Gzinflate (

Cryptographic Backdoor Features-"eval" (Base64_decode (

Cryptographic Backdoor Features-"eval" (Gzuncompress (

Cryptographic Backdoor Features-"gzuncompress" (Base64_decode (

Cryptographic Backdoor Features-"Base64_decode" (Gzuncompress (

A word back door feature-"eval" ($_

A word back door feature-"Assert" ($_

A word back door feature-"Require" ($_

A word back door feature-"require_once" ($_

A word back door feature-"include" ($_

A word back door feature-"include_once" ($_

A word back door feature-"Call_user_func" ("Assert")

A word back door feature-"Call_user_func" ($_

A word back door feature-"$_post/get/request/cookie["? ($_post/get/request/cookie[?]

A word back door feature-"echo" (File_get_contents $_post/get/request/cookie

Uploading back door Features-file_put_contents ($_post/get/request/cookie,$_post/get/request/cookie)

Uploading backdoor Features-"fputs" (fopen ("?", "W"), $_post/get/request/cookie[

Htaccess Features-"SetHandler application/x-httpd-php"

Htaccess Features-"Php_value auto_prepend_file"

Htaccess Features-"Php_value auto_append_file"

The use of Linux system comrades can save this method, in case the computer is invaded by the virus can be used to help prevent the computer in the important files are missing, not afraid of 10,000 afraid of what if, or early preparation of good!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.