Jump to content

XsamXadoo bot malware is back


bnadauld

Recommended Posts

I got hit last year by this bot so i reverted to a back up and removed the phpunit directories. Now the damn thing it back again but this time causing us to have all my sites shut down on my hosting. Can anyone point me to a good guide so i can check where to look for all the parts of the malware?

Thanks

 

Link to comment
Share on other sites

No doubt there are better solutions. But one option you could try is the function Prestools to export file lists of a Prestashop installation. That way you can compare them with a similar list from your localhost that is guaranteed safe and see where there are extra files and were there are differences in file size. (shop-rescue -> File list export)

  • Like 1
Link to comment
Share on other sites

Thanks for the help. Last time i used beyond compare to check every file with old backups that i had saved. Im was thinking i'll reinstall the latest version of 1.6 (locally) and connect to a copy of my current database, reload all my products via csv and my modules - then do a compare.  

Does the 'Prestools to export' method do this/similar - is it a module? ive never seen shop-rescue in the backoffice...

Link to comment
Share on other sites

bnadauld  you may remember me as I commented a few times on your previous experience, 

I used a relativly cheap external company to clean the two main domains on my server  the company was called Astra  they charge per domain  its a yearly subscription and they cleaned the 2 shopping carts of everything thats naughty and monitor and block anything moving forward,  a module is set up in the back office and they go to work cleaning up the server.

I had to go down this route as all my backups were also trashed in the process  I had somewhere around  700 infected files, as quick as I could delete and clean I was infected again its been a long road  but my server is now 100% clean

I think its cost around  300usd  a year  for 2 shops, you can talk to a human and they are quick responding  it was the helping hand i needed at the time and have peace of mind now 

you can find them here  https://www.getastra.com/prestashop-firewall

 

  • Thanks 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...