⚠️ MALWARE CLEANER v14.0 FINAL ⚠️

[!] DELETE THIS SCRIPT AFTER USE! | [!] NO LOG FILES | [!] CRITICAL ONLY MODE

⚙️ SCAN OPTIONS

🔧 FIX ALL PERMISSIONS

[!] Fix ALL files and folders:
• Folders: 0111, 0000 → 0755
• Files: 0444, 0555 → 0644

☠️ KILL MALICIOUS PROCESS

[👤] DETECTED WEBSITE USERNAME: oeodv
Kill commands will use: pgrep -U oeodv | xargs kill -9
⚠️ INFO:
• Kills PHP, Socket, Netcat, Reverse Shell, Backdoor processes
• Target User: oeodv (Auto-detected from website)
• Commands: pkill php, kill -9 [PID], pgrep -U oeodv | xargs kill -9
shell_exec() is available - Kill feature enabled
[📋] ACTIVE PROCESSES:
root 961 0.0 0.0 242908 31696 ? Ss 2024 119:55 php-fpm: master process (/opt/plesk/php/7.4/etc/php-fpm.conf) root 962 0.0 0.0 242604 4004 ? Ss 2024 15:24 php-fpm: master process (/var/www/vhosts/system/ehrenpreis.jugendmeisterschaft.at/etc/php-fpm.conf) root 963 0.0 0.0 242320 29568 ? Ss 2024 93:50 php-fpm: master process (/opt/plesk/php/8.0/etc/php-fpm.conf) root 964 0.0 0.0 241904 13032 ? Ss 2024 15:24 php-fpm: master process (/var/www/vhosts/system/old.murtal-storage.at/etc/php-fpm.conf) www-data 437707 0.8 0.0 2201912 62068 ? Sl 06:31 0:42 /usr/sbin/apache2 -k start dev.hat+ 520941 48.6 0.4 444916 263600 ? S 07:27 12:07 php-fpm: pool zuhoerakademie.at dev.hat+ 520942 48.1 0.4 485764 302700 ? S 07:27 11:59 php-fpm: pool zuhoerakademie.at dev.hat+ 520952 48.6 0.4 465416 283776 ? S 07:27 12:07 php-fpm: pool zuhoerakademie.at pfister+ 539583 39.4 0.2 467672 173892 ? S 07:46 2:09 php-fpm: pool foto-pfisterer.at pfister+ 539593 39.0 0.2 468884 174516 ? S 07:46 2:08 php-fpm: pool foto-pfisterer.at raumaus+ 540909 45.6 0.2 441052 147628 ? R 07:48 1:50 php-fpm: pool raumausstatter-hartl.at raumaus+ 540920 42.0 0.2 440704 147032 ? S 07:48 1:40 php-fpm: pool raumausstatter-hartl.at gabriel+ 542460 37.1 0.3 498776 204992 ? S 07:50 0:49 php-fpm: pool gabriels-apartments.com gabriel+ 542477 36.6 0.3 515208 221516 ? S 07:50 0:48 php-fpm: pool gabriels-apartments.com raumaus+ 542674 30.4 0.2 440464 146712 ? S 07:50 0:35 php-fpm: pool raumausstatter-hartl.at raumaus+ 542680 30.3 0.2 440496 146868 ? S 07:50 0:34 php-fpm: pool raumausstatter-hartl.at www-data 542803 0.5 0.0 2198608 54296 ? Sl 07:50 0:00 /usr/sbin/apache2 -k start www-data 542836 0.6 0.0 2198000 54268 ? Sl 07:50 0:00 /usr/sbin/apache2 -k start psaadm 543387 0.0 0.0 247360 34344 ? S 07:51 0:00 sw-engine-fpm: pool plesk gymnasi+ 544049 0.3 0.0 0 0 ? Z 07:51 0:00 [php-cgi] <defunct> oebr.at+ 544076 13.6 0.2 366332 142892 ? S 07:51 0:04 php-fpm: pool buddhismus-austria.at oebr.at+ 544083 19.7 0.2 380692 155692 ? S 07:51 0:06 php-fpm: pool buddhismus-austria.at artdeko 544102 3.1 0.1 267520 117384 ? S 07:51 0:00 /opt/plesk/php/8.1/bin/php-cgi -c /var/www/vhosts/system/artdeko.at/etc/php.ini scatt 544359 14.8 0.2 446536 150404 ? S 07:52 0:02 php-fpm: pool scatt.at sportpe+ 544547 0.9 0.1 250360 73204 ? S 07:52 0:00 php-fpm: pool performance-coaching.at lightco+ 544549 9.0 0.1 339080 99128 ? S 07:52 0:01 php-fpm: pool lightconsulting.de lightco+ 544551 8.7 0.1 269344 104816 ? S 07:52 0:01 php-fpm: pool lightconsulting.de starcla+ 544554 2.5 0.0 274912 50320 ? S 07:52 0:00 php-fpm: pool starclass.at spinnan+ 544555 4.8 0.1 387608 116156 ? S 07:52 0:00 php-fpm: pool spinnanker.com spinnan+ 544572 3.5 0.1 286552 99400 ? S 07:52 0:00 php-fpm: pool spinnanker.com spinnan+ 544574 5.5 0.1 313296 111276 ? S 07:52 0:00 php-fpm: pool spinnanker.com fal-con+ 544577 3.1 0.0 287860 61032 ? S 07:52 0:00 php-fpm: pool fal-con.eu fal-con+ 544578 2.0 0.0 277620 50972 ? S 07:52 0:00 php-fpm: pool fal-con.eu vinobil+ 544580 58.5 0.5 654864 362740 ? R 07:52 0:04 php-fpm: pool vinobile.at regatta+ 544581 0.7 0.0 241772 43440 ? S 07:52 0:00 /opt/plesk/php/7.4/bin/php-cgi -c /var/www/vhosts/system/regatta365.com/etc/php.ini vinobil+ 544583 34.6 0.3 421424 197496 ? S 07:52 0:02 php-fpm: pool vinobile.at citymed 544587 0.0 0.0 242364 12132 ? S 07:52 0:00 php-fpm: pool citymed-oberwart.at hoamat-+ 544602 21.0 0.1 390176 95196 ? S 07:52 0:00 php-fpm: pool hoamat-holiday.com scatt 544605 35.3 0.1 406904 110676 ? S 07:52 0:01 php-fpm: pool scatt.at hoamat-+ 544607 22.3 0.1 309780 85856 ? S 07:52 0:00 php-fpm: pool hoamat-holiday.com oeodv 544612 0.0 0.0 261912 29112 ? S 07:52 0:00 php-fpm: pool optimistsegeln.at izaquie+ 560197 0.0 0.0 2892 0 ? Ss 2025 0:00 /bin/sh -c /opt/plesk/php/8.2/bin/php -f 'cockpit.izaquiel.at/index.php' -- 'cron/index' izaquie+ 560207 0.0 0.0 137056 9196 ? S 2025 0:00 /opt/plesk/php/8.2/bin/php -f cockpit.izaquiel.at/index.php -- cron/index root 1288188 0.0 0.0 245544 29912 ? Ss Mar31 0:09 sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf) psaadm 1447802 0.0 0.0 130400 40592 ? Ss Mar23 0:27 /usr/bin/sw-engine -c /opt/psa/admin/conf/php.ini /opt/psa/admin/plib/WebSocket/bin/ws-server.php root 1459079 0.0 0.2 195956 159500 ? Ss Mar23 0:25 nginx: master process /usr/sbin/nginx root 1460557 0.0 0.0 261516 35020 ? Ss Mar23 1:03 php-fpm: master process (/opt/plesk/php/8.5/etc/php-fpm.conf) root 1460757 0.0 0.0 258204 29116 ? Ss Mar23 0:22 php-fpm: master process (/opt/plesk/php/8.4/etc/php-fpm.conf) root 1474892 0.0 0.0 271204 48548 ? Ssl Mar23 1:07 /usr/sbin/apache2 -k start root 1594385 0.0 0.0 253136 27564 ? Ss Feb26 0:59 php-fpm: master process (/var/www/vhosts/system/jugendmeisterschaft.at/etc/php-fpm.conf) root 1594386 0.0 0.0 253120 27336 ? Ss Feb26 2:12 php-fpm: master process (/var/www/vhosts/system/zuhoerakademie.at/etc/php-fpm.conf) root 1598808 0.0 0.0 254472 33128 ? Ss Feb26 3:42 php-fpm: master process (/opt/plesk/php/8.3/etc/php-fpm.conf) root 1598839 0.0 0.0 254260 36852 ? Ss Feb26 28:32 php-fpm: master process (/opt/plesk/php/8.2/etc/php-fpm.conf) root 1722017 0.0 0.0 193756 25380 ? Ss Feb26 1:32 php-fpm: master process (/etc/php/5.6/fpm/php-fpm.conf) www-data 1722018 0.0 0.0 193852 5328 ? S Feb26 0:00 php-fpm: pool www www-data 1722019 0.0 0.0 193852 5328 ? S Feb26 0:00 php-fpm: pool www root 1722353 0.0 0.0 193684 20864 ? Ss Feb26 1:08 php-fpm: master process (/etc/php/7.0/fpm/php-fpm.conf) www-data 1722355 0.0 0.0 194104 5484 ? S Feb26 0:00 php-fpm: pool www www-data 1722356 0.0 0.0 194104 5484 ? S Feb26 0:00 php-fpm: pool www root 1722684 0.0 0.0 262716 32536 ? Ss Feb26 1:12 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf) horethwp 2231139 0.0 0.0 245340 50012 ? S Mar24 0:17 php /tmp/phpbbi9oO4R phpbb www-data 3054826 0.0 0.0 262960 10408 ? S Mar30 0:00 php-fpm: pool www www-data 3054827 0.0 0.0 262960 10476 ? S Mar30 0:00 php-fpm: pool www root 3329065 0.0 0.0 252716 34772 ? Ss Feb02 19:36 php-fpm: master process (/opt/plesk/php/8.1/etc/php-fpm.conf) nginx 3341512 1.8 0.2 199648 164596 ? S Apr04 11:28 nginx: worker process nginx 3341513 0.0 0.2 196272 155612 ? S Apr04 0:00 nginx: cache manager process www-data 3687445 0.0 0.0 269828 39288 ? S 00:00 0:00 /usr/sbin/apache2 -k start www-data 3687446 0.0 0.0 271004 39016 ? S 00:00 0:01 /usr/sbin/apache2 -k start reichho+ 3688749 10.0 0.1 269272 101000 ? S 00:00 47:24 php-fpm: pool reichholf.info reichho+ 3688753 10.0 0.1 343936 107096 ? R 00:00 47:24 php-fpm: pool reichholf.info reichho+ 3688757 10.0 0.1 344516 106352 ? S 00:00 47:26 php-fpm: pool reichholf.info reichho+ 3688763 10.0 0.1 343808 106288 ? S 00:00 47:24 php-fpm: pool reichholf.info reichho+ 3688764 10.0 0.1 343816 105508 ? S 00:00 47:27 php-fpm: pool reichholf.info reichho+ 3688766 10.0 0.1 344596 106392 ? S 00:00 47:24 php-fpm: pool reichholf.info reichho+ 3688767 10.0 0.1 344812 107184 ? S 00:00 47:25 php-fpm: pool reichholf.info horethwp 3688769 0.6 0.3 536512 245636 ? S 00:00 2:56 php-fpm: pool manuelhoreth.at horethwp 3688771 0.6 0.3 530212 239180 ? S 00:00 2:53 php-fpm: pool manuelhoreth.at horethwp 3688772 0.6 0.3 533652 243140 ? S 00:00 2:55 php-fpm: pool manuelhoreth.at horethwp 3688773 0.6 0.3 533920 243476 ? S 00:00 2:56 php-fpm: pool manuelhoreth.at horethwp 3688774 0.6 0.3 530648 239664 ? S 00:00 2:53 php-fpm: pool manuelhoreth.at horethwp 3688775 0.6 0.3 530448 239452 ? S 00:00 2:53 php-fpm: pool manuelhoreth.at horethwp 3688776 0.6 0.3 532572 242144 ? S 00:00 2:52 php-fpm: pool manuelhoreth.at horethwp 3688777 0.6 0.3 530288 238420 ? S 00:00 2:56 php-fpm: pool manuelhoreth.at horethwp 3688779 0.6 0.3 557044 251588 ? S 00:00 2:54 php-fpm: pool manuelhoreth.at horethwp 3688780 0.6 0.3 533936 242240 ? S 00:00 2:55 php-fpm: pool manuelhoreth.at horethwp 3688782 0.6 0.3 535492 243004 ? S 00:00 2:56 php-fpm: pool manuelhoreth.at horethwp 3688783 0.6 0.3 537420 245320 ? S 00:00 2:52 php-fpm: pool manuelhoreth.at horethwp 3688784 0.6 0.3 534240 242428 ? S 00:00 2:51 php-fpm: pool manuelhoreth.at horethwp 3688785 0.6 0.3 530476 239596 ? S 00:00 2:52 php-fpm: pool manuelhoreth.at horethwp 3688786 0.6 0.3 534508 240944 ? S 00:00 2:52 php-fpm: pool manuelhoreth.at reichho+ 3688800 10.0 0.1 269256 99768 ? S 00:00 47:28 php-fpm: pool reichholf.info reichho+ 3688802 10.0 0.1 269328 101888 ? S 00:00 47:23 php-fpm: pool reichholf.info