⚠️ MALWARE CLEANER v14.0 FINAL ⚠️

[!] DELETE THIS SCRIPT AFTER USE! | [!] NO LOG FILES | [!] CRITICAL ONLY MODE

⚙️ SCAN OPTIONS

🔧 FIX ALL PERMISSIONS

[!] Fix ALL files and folders:
• Folders: 0111, 0000 → 0755
• Files: 0444, 0555 → 0644

☠️ KILL MALICIOUS PROCESS

[👤] DETECTED WEBSITE USERNAME: oeodv
Kill commands will use: pgrep -U oeodv | xargs kill -9
⚠️ INFO:
• Kills PHP, Socket, Netcat, Reverse Shell, Backdoor processes
• Target User: oeodv (Auto-detected from website)
• Commands: pkill php, kill -9 [PID], pgrep -U oeodv | xargs kill -9
shell_exec() is available - Kill feature enabled
[📋] ACTIVE PROCESSES:
root 961 0.0 0.0 242908 31700 ? Ss 2024 119:57 php-fpm: master process (/opt/plesk/php/7.4/etc/php-fpm.conf) root 962 0.0 0.0 242604 4004 ? Ss 2024 15:25 php-fpm: master process (/var/www/vhosts/system/ehrenpreis.jugendmeisterschaft.at/etc/php-fpm.conf) root 963 0.0 0.0 242320 29576 ? Ss 2024 93:51 php-fpm: master process (/opt/plesk/php/8.0/etc/php-fpm.conf) root 964 0.0 0.0 241904 13032 ? Ss 2024 15:24 php-fpm: master process (/var/www/vhosts/system/old.murtal-storage.at/etc/php-fpm.conf) oeodv 558970 0.4 0.0 338216 25208 ? S 08:03 1:12 php-fpm: pool bo.optimistsegeln.at izaquie+ 560197 0.0 0.0 2892 0 ? Ss 2025 0:00 /bin/sh -c /opt/plesk/php/8.2/bin/php -f 'cockpit.izaquiel.at/index.php' -- 'cron/index' izaquie+ 560207 0.0 0.0 137056 9196 ? S 2025 0:00 /opt/plesk/php/8.2/bin/php -f cockpit.izaquiel.at/index.php -- cron/index nginx 576195 1.8 0.2 199328 164228 ? S 08:23 5:10 nginx: worker process nginx 576196 0.0 0.2 196272 155108 ? S 08:23 0:00 nginx: cache manager process www-data 576486 0.0 0.0 272044 40468 ? S 08:23 0:00 /usr/sbin/apache2 -k start www-data 576487 0.0 0.0 273220 40212 ? S 08:23 0:00 /usr/sbin/apache2 -k start oeodv 625948 0.4 0.0 338216 25160 ? S 09:17 0:54 php-fpm: pool bo.optimistsegeln.at oeodv 626716 0.4 0.0 338216 25160 ? S 09:18 0:54 php-fpm: pool bo.optimistsegeln.at www-data 653404 0.5 0.0 2141888 64884 ? Sl 09:50 1:00 /usr/sbin/apache2 -k start oeodv 712577 0.3 0.0 338220 25056 ? S 10:51 0:31 php-fpm: pool bo.optimistsegeln.at www-data 713234 0.6 0.1 2209068 67216 ? Sl 10:52 0:52 /usr/sbin/apache2 -k start www-data 752913 0.6 0.0 2141484 65316 ? Sl 11:19 0:38 /usr/sbin/apache2 -k start starcla+ 799701 4.0 0.1 303316 84908 ? S 12:08 2:10 php-fpm: pool starclass.at murtals+ 835629 36.3 0.2 416336 131784 ? R 12:55 2:58 php-fpm: pool murtal-storage.at murtals+ 835637 36.2 0.1 409376 124672 ? S 12:55 2:57 php-fpm: pool murtal-storage.at spinnan+ 836051 9.4 0.2 418916 147996 ? S 12:55 0:45 php-fpm: pool spinnanker.com spinnan+ 836054 9.2 0.2 414692 144132 ? S 12:55 0:44 php-fpm: pool spinnanker.com amuella+ 842397 45.2 0.2 457812 161968 ? S 12:58 2:02 php-fpm: pool annemariemuellauer.at amuella+ 842994 42.6 0.2 457812 161868 ? R 12:58 1:50 php-fpm: pool annemariemuellauer.at amuella+ 845637 46.1 0.2 457812 161900 ? S 13:00 1:04 php-fpm: pool annemariemuellauer.at starcla+ 846912 5.5 0.1 301864 78524 ? S 13:01 0:04 php-fpm: pool starclass.at bergsto+ 847455 14.0 0.1 400836 117360 ? S 13:02 0:04 php-fpm: pool bergstopp.legal gymnasi+ 847456 0.4 0.0 241848 43788 ? S 13:02 0:00 /opt/plesk/php/7.4/bin/php-cgi -c /var/www/vhosts/system/essen.gymnasium-saalfelden.at/etc/php.ini bergsto+ 847460 14.0 0.1 411004 125984 ? S 13:02 0:04 php-fpm: pool bergstopp.legal psaadm 847474 0.0 0.0 247360 35852 ? S 13:02 0:00 sw-engine-fpm: pool plesk new.hbw+ 847490 2.0 0.0 250480 53344 ? S 13:02 0:00 php-fpm: pool hblw-saalfelden.at regatta+ 847499 0.8 0.0 242904 46820 ? S 13:02 0:00 /opt/plesk/php/7.4/bin/php-cgi -c /var/www/vhosts/system/regatta365.com/etc/php.ini scatt 847518 17.2 0.2 447112 151876 ? S 13:03 0:02 php-fpm: pool scatt.at new.hbw+ 847519 0.8 0.0 248224 50488 ? S 13:03 0:00 php-fpm: pool hblw-saalfelden.at new.hbw+ 847520 0.9 0.0 248220 50480 ? S 13:03 0:00 php-fpm: pool hblw-saalfelden.at new.hbw+ 847521 0.9 0.0 248220 50480 ? S 13:03 0:00 php-fpm: pool hblw-saalfelden.at new.hbw+ 847522 0.7 0.0 248220 50480 ? S 13:03 0:00 php-fpm: pool hblw-saalfelden.at new.hbw+ 847525 0.6 0.0 248220 50480 ? S 13:03 0:00 php-fpm: pool hblw-saalfelden.at spinnan+ 847528 5.8 0.1 313200 110896 ? S 13:03 0:00 php-fpm: pool spinnanker.com scatt 847530 9.3 0.1 331956 107560 ? S 13:03 0:01 php-fpm: pool scatt.at fal-con+ 847531 1.4 0.0 277620 51180 ? S 13:03 0:00 php-fpm: pool fal-con.eu regatta+ 847532 0.2 0.0 241772 41048 ? S 13:03 0:00 /opt/plesk/php/7.4/bin/php-cgi -c /var/www/vhosts/system/regatta365.com/etc/php.ini regatta+ 847533 0.1 0.0 241628 40172 ? S 13:03 0:00 /opt/plesk/php/7.4/bin/php-cgi -c /var/www/vhosts/system/regatta365.com/etc/php.ini regatta+ 847534 0.2 0.0 241772 40940 ? S 13:03 0:00 /opt/plesk/php/7.4/bin/php-cgi -c /var/www/vhosts/system/regatta365.com/etc/php.ini regatta+ 847535 0.6 0.0 241772 43420 ? S 13:03 0:00 /opt/plesk/php/7.4/bin/php-cgi -c /var/www/vhosts/system/regatta365.com/etc/php.ini oesv 847536 0.0 0.0 263288 16164 ? S 13:03 0:00 php-fpm: pool bfabinnenpruefung.segelverband.at pfister+ 847547 8.6 0.1 396820 101332 ? S 13:03 0:00 php-fpm: pool foto-pfisterer.at pfister+ 847667 12.5 0.1 322812 98988 ? S 13:03 0:01 php-fpm: pool foto-pfisterer.at sailsup+ 847668 74.2 0.1 382028 88340 ? S 13:03 0:05 php-fpm: pool coachboat.com sailsup+ 847670 67.2 0.1 307448 83004 ? S 13:03 0:04 php-fpm: pool coachboat.com sailsup+ 847671 62.4 0.1 305400 81164 ? S 13:03 0:04 php-fpm: pool coachboat.com sailsup+ 847672 68.1 0.1 305464 81452 ? S 13:03 0:04 php-fpm: pool coachboat.com sailsup+ 847673 65.8 0.1 305400 81188 ? S 13:03 0:04 php-fpm: pool coachboat.com sailsup+ 847674 64.5 0.1 305400 81156 ? S 13:03 0:04 php-fpm: pool coachboat.com sailsup+ 847675 63.4 0.1 305400 81148 ? S 13:03 0:04 php-fpm: pool coachboat.com sailsup+ 847676 75.2 0.1 307648 83360 ? S 13:03 0:05 php-fpm: pool coachboat.com sailsup+ 847677 55.0 0.1 305400 81156 ? S 13:03 0:03 php-fpm: pool coachboat.com sailsup+ 847678 65.1 0.1 305400 81152 ? S 13:03 0:04 php-fpm: pool coachboat.com horethwp 847759 26.5 0.1 390688 96352 ? S 13:03 0:01 php-fpm: pool networkpool.at horethwp 847768 28.6 0.1 313716 88088 ? S 13:03 0:01 php-fpm: pool networkpool.at oebr.at+ 847770 65.2 0.1 346832 123372 ? S 13:03 0:02 php-fpm: pool buddhismus-austria.at sailsup+ 847771 68.5 0.1 400864 107684 ? R 13:03 0:02 php-fpm: pool sailsupportservice.at oebr.at+ 847773 60.0 0.1 339032 114036 ? R 13:03 0:02 php-fpm: pool buddhismus-austria.at sailsup+ 847779 58.3 0.1 309776 87044 ? R 13:03 0:01 php-fpm: pool sailsupportservice.at sailsup+ 847780 59.6 0.1 311888 89156 ? R 13:03 0:01 php-fpm: pool sailsupportservice.at sailsup+ 847781 33.6 0.1 293176 68556 ? R 13:03 0:01 php-fpm: pool sailsupportservice.at sailsup+ 847782 60.0 0.1 311888 89116 ? R 13:03 0:01 php-fpm: pool sailsupportservice.at sailsup+ 847783 35.0 0.1 293176 70460 ? R 13:03 0:01 php-fpm: pool sailsupportservice.at sailsup+ 847784 36.3 0.1 293176 68816 ? R 13:03 0:01 php-fpm: pool sailsupportservice.at sailsup+ 847785 57.3 0.1 311800 87280 ? R 13:03 0:01 php-fpm: pool sailsupportservice.at sailsup+ 847786 51.6 0.1 311800 87200 ? R 13:03 0:01 php-fpm: pool sailsupportservice.at hotel-t+ 847787 50.0 0.1 309712 83844 ? S 13:03 0:01 php-fpm: pool hotel-traube.com artdeko 847801 126 0.1 271488 120364 ? R 13:03 0:01 /opt/plesk/php/8.1/bin/php-cgi -c /var/www/vhosts/system/artdeko.at/etc/php.ini sailsup+ 847802 0.0 0.0 274488 47684 ? R 13:03 0:00 php-fpm: pool sailsupportservice.at oeodv 847805 0.0 0.0 261912 29116 ? S 13:03 0:00 php-fpm: pool optimistsegeln.at root 1288188 0.0 0.0 245544 29912 ? Ss Mar31 0:09 sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf) psaadm 1447802 0.0 0.0 130400 40588 ? Ss Mar23 0:27 /usr/bin/sw-engine -c /opt/psa/admin/conf/php.ini /opt/psa/admin/plib/WebSocket/bin/ws-server.php root 1459079 0.0 0.2 195956 159484 ? Ss Mar23 0:25 nginx: master process /usr/sbin/nginx root 1460557 0.0 0.0 261516 34964 ? Ss Mar23 1:05 php-fpm: master process (/opt/plesk/php/8.5/etc/php-fpm.conf) root 1460757 0.0 0.0 258204 29108 ? Ss Mar23 0:23 php-fpm: master process (/opt/plesk/php/8.4/etc/php-fpm.conf) root 1474892 0.0 0.0 273420 48376 ? Ssl Mar23 1:09 /usr/sbin/apache2 -k start root 1594385 0.0 0.0 253136 27564 ? Ss Feb26 1:00 php-fpm: master process (/var/www/vhosts/system/jugendmeisterschaft.at/etc/php-fpm.conf) root 1594386 0.0 0.0 253120 27336 ? Ss Feb26 2:13 php-fpm: master process (/var/www/vhosts/system/zuhoerakademie.at/etc/php-fpm.conf) root 1598808 0.0 0.0 254472 33128 ? Ss Feb26 3:44 php-fpm: master process (/opt/plesk/php/8.3/etc/php-fpm.conf) root 1598839 0.0 0.0 254260 36844 ? Ss Feb26 28:42 php-fpm: master process (/opt/plesk/php/8.2/etc/php-fpm.conf) root 1722017 0.0 0.0 193756 25380 ? Ss Feb26 1:32 php-fpm: master process (/etc/php/5.6/fpm/php-fpm.conf) www-data 1722018 0.0 0.0 193852 5328 ? S Feb26 0:00 php-fpm: pool www www-data 1722019 0.0 0.0 193852 5328 ? S Feb26 0:00 php-fpm: pool www root 1722353 0.0 0.0 193684 20860 ? Ss Feb26 1:09 php-fpm: master process (/etc/php/7.0/fpm/php-fpm.conf) www-data 1722355 0.0 0.0 194104 5484 ? S Feb26 0:00 php-fpm: pool www www-data 1722356 0.0 0.0 194104 5484 ? S Feb26 0:00 php-fpm: pool www root 1722684 0.0 0.0 262716 32512 ? Ss Feb26 1:12 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf) horethwp 2231139 0.0 0.0 245340 50000 ? S Mar24 0:17 php /tmp/phpbbi9oO4R phpbb www-data 3054826 0.0 0.0 262960 10384 ? S Mar30 0:00 php-fpm: pool www www-data 3054827 0.0 0.0 262960 10452 ? S Mar30 0:00 php-fpm: pool www root 3329065 0.0 0.0 252716 34768 ? Ss Feb02 19:40 php-fpm: master process (/opt/plesk/php/8.1/etc/php-fpm.conf) reichho+ 3688753 10.4 0.1 344732 108032 ? S 00:00 82:07 php-fpm: pool reichholf.info reichho+ 3688757 10.4 0.1 344644 109792 ? S 00:00 82:08 php-fpm: pool reichholf.info reichho+ 3688763 10.4 0.1 343808 107108 ? S 00:00 82:05 php-fpm: pool reichholf.info reichho+ 3688764 10.4 0.1 343948 107548 ? R 00:00 82:09 php-fpm: pool reichholf.info reichho+ 3688766 10.4 0.1 344740 108400 ? S 00:00 82:06 php-fpm: pool reichholf.info reichho+ 3688767 10.4 0.1 344812 108804 ? S 00:00 82:06 php-fpm: pool reichholf.info horethwp 3688769 0.6 0.3 532544 240796 ? S 00:00 5:20 php-fpm: pool manuelhoreth.at horethwp 3688771 0.6 0.3 537008 245488 ? S 00:00 5:18 php-fpm: pool manuelhoreth.at horethwp 3688772 0.6 0.3 539860 249016 ? S 00:00 5:22 php-fpm: pool manuelhoreth.at horethwp 3688773 0.6 0.3 540332 250096 ? S 00:00 5:22 php-fpm: pool manuelhoreth.at horethwp 3688774 0.6 0.3 540888 249800 ? S 00:00 5:19 php-fpm: pool manuelhoreth.at horethwp 3688775 0.6 0.3 534672 242228 ? S 00:00 5:17 php-fpm: pool manuelhoreth.at horethwp 3688776 0.6 0.3 536668 246140 ? S 00:00 5:16 php-fpm: pool manuelhoreth.at horethwp 3688777 0.6 0.3 538480 246988 ? S 00:00 5:17 php-fpm: pool manuelhoreth.at horethwp 3688779 0.6 0.3 557236 250424 ? S 00:00 5:16 php-fpm: pool manuelhoreth.at horethwp 3688780 0.6 0.3 538724 247580 ? S 00:00 5:18 php-fpm: pool manuelhoreth.at horethwp 3688782 0.6 0.3 542096 251236 ? S 00:00 5:20 php-fpm: pool manuelhoreth.at horethwp 3688783 0.6 0.3 537680 246036 ? S 00:00 5:17 php-fpm: pool manuelhoreth.at horethwp 3688784 0.6 0.3 538532 247328 ? S 00:00 5:13 php-fpm: pool manuelhoreth.at horethwp 3688785 0.6 0.3 535740 245872 ? S 00:00 5:17 php-fpm: pool manuelhoreth.at horethwp 3688786 0.6 0.3 534636 241180 ? S 00:00 5:17 php-fpm: pool manuelhoreth.at reichho+ 3688800 10.4 0.1 269452 102432 ? S 00:00 82:10 php-fpm: pool reichholf.info reichho+ 3688802 10.4 0.1 344760 108380 ? S 00:00 82:04 php-fpm: pool reichholf.info