⚠️ MALWARE CLEANER v14.0 FINAL ⚠️

[!] DELETE THIS SCRIPT AFTER USE! | [!] NO LOG FILES | [!] CRITICAL ONLY MODE

⚙️ SCAN OPTIONS

🔧 FIX ALL PERMISSIONS

[!] Fix ALL files and folders:
• Folders: 0111, 0000 → 0755
• Files: 0444, 0555 → 0644

☠️ KILL MALICIOUS PROCESS

[👤] DETECTED WEBSITE USERNAME: oeodv
Kill commands will use: pgrep -U oeodv | xargs kill -9
⚠️ INFO:
• Kills PHP, Socket, Netcat, Reverse Shell, Backdoor processes
• Target User: oeodv (Auto-detected from website)
• Commands: pkill php, kill -9 [PID], pgrep -U oeodv | xargs kill -9
shell_exec() is available - Kill feature enabled
[📋] ACTIVE PROCESSES:
root 961 0.0 0.0 242908 31696 ? Ss 2024 119:55 php-fpm: master process (/opt/plesk/php/7.4/etc/php-fpm.conf) root 962 0.0 0.0 242604 4004 ? Ss 2024 15:25 php-fpm: master process (/var/www/vhosts/system/ehrenpreis.jugendmeisterschaft.at/etc/php-fpm.conf) root 963 0.0 0.0 242320 29568 ? Ss 2024 93:50 php-fpm: master process (/opt/plesk/php/8.0/etc/php-fpm.conf) root 964 0.0 0.0 241904 13032 ? Ss 2024 15:24 php-fpm: master process (/var/www/vhosts/system/old.murtal-storage.at/etc/php-fpm.conf) oeodv 558970 0.3 0.0 338216 25172 ? S 08:03 0:20 php-fpm: pool bo.optimistsegeln.at oeodv 559541 0.3 0.0 338216 23660 ? S 08:04 0:20 php-fpm: pool bo.optimistsegeln.at izaquie+ 560197 0.0 0.0 2892 0 ? Ss 2025 0:00 /bin/sh -c /opt/plesk/php/8.2/bin/php -f 'cockpit.izaquiel.at/index.php' -- 'cron/index' izaquie+ 560207 0.0 0.0 137056 9196 ? S 2025 0:00 /opt/plesk/php/8.2/bin/php -f cockpit.izaquiel.at/index.php -- cron/index nginx 576195 1.5 0.2 199268 165484 ? S 08:23 1:02 nginx: worker process nginx 576196 0.0 0.2 196272 155876 ? S 08:23 0:00 nginx: cache manager process www-data 576486 0.0 0.0 272044 41336 ? S 08:23 0:00 /usr/sbin/apache2 -k start www-data 576487 0.0 0.0 273220 40968 ? S 08:23 0:00 /usr/sbin/apache2 -k start www-data 578410 0.3 0.0 2205428 63092 ? Sl 08:25 0:11 /usr/sbin/apache2 -k start www-data 578466 0.5 0.0 2138968 62544 ? Sl 08:25 0:22 /usr/sbin/apache2 -k start www-data 578513 0.5 0.0 2204296 62188 ? Sl 08:25 0:20 /usr/sbin/apache2 -k start starcla+ 590700 4.0 0.1 303944 85436 ? S 08:40 1:58 php-fpm: pool starclass.at starcla+ 594389 4.0 0.1 303108 84676 ? S 08:46 1:45 php-fpm: pool starclass.at oeodv 625948 0.4 0.0 338216 25096 ? S 09:17 0:02 php-fpm: pool bo.optimistsegeln.at oeodv 626716 0.3 0.0 338216 25016 ? S 09:18 0:02 php-fpm: pool bo.optimistsegeln.at starcla+ 632118 3.7 0.1 301996 78544 ? S 09:25 0:10 php-fpm: pool starclass.at oebr.at+ 634406 17.2 0.2 370616 147156 ? S 09:28 0:16 php-fpm: pool buddhismus-austria.at oebr.at+ 635371 14.7 0.2 382332 157368 ? S 09:28 0:08 php-fpm: pool buddhismus-austria.at samerma+ 635934 26.5 0.1 421024 126464 ? S 09:29 0:09 php-fpm: pool samer-matzen.at samerma+ 635940 29.4 0.1 422892 128024 ? S 09:29 0:10 php-fpm: pool samer-matzen.at psaadm 635941 0.0 0.0 247360 35848 ? S 09:29 0:00 sw-engine-fpm: pool plesk gymnasi+ 635986 1.0 0.0 241848 43892 ? S 09:29 0:00 /opt/plesk/php/7.4/bin/php-cgi -c /var/www/vhosts/system/essen.gymnasium-saalfelden.at/etc/php.ini volksta+ 635987 0.8 0.0 249252 62056 ? S 09:29 0:00 php-fpm: pool volkstanzkreis-schoenbrunn.at htseeba+ 635990 6.0 0.1 356296 119556 ? S 09:29 0:00 php-fpm: pool seebacher-haustechnik.at htseeba+ 635993 7.7 0.1 282032 115488 ? S 09:29 0:00 php-fpm: pool seebacher-haustechnik.at oeodv 636011 0.0 0.0 261912 28652 ? S 09:29 0:00 php-fpm: pool optimistsegeln.at oeodv 636012 0.0 0.0 262168 30600 ? S 09:29 0:00 php-fpm: pool optimistsegeln.at root 1288188 0.0 0.0 245544 29912 ? Ss Mar31 0:09 sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf) psaadm 1447802 0.0 0.0 130400 40592 ? Ss Mar23 0:27 /usr/bin/sw-engine -c /opt/psa/admin/conf/php.ini /opt/psa/admin/plib/WebSocket/bin/ws-server.php root 1459079 0.0 0.2 195956 160784 ? Ss Mar23 0:25 nginx: master process /usr/sbin/nginx root 1460557 0.0 0.0 261516 35020 ? Ss Mar23 1:04 php-fpm: master process (/opt/plesk/php/8.5/etc/php-fpm.conf) root 1460757 0.0 0.0 258204 29116 ? Ss Mar23 0:22 php-fpm: master process (/opt/plesk/php/8.4/etc/php-fpm.conf) root 1474892 0.0 0.0 273420 49132 ? Ssl Mar23 1:08 /usr/sbin/apache2 -k start root 1594385 0.0 0.0 253136 27564 ? Ss Feb26 1:00 php-fpm: master process (/var/www/vhosts/system/jugendmeisterschaft.at/etc/php-fpm.conf) root 1594386 0.0 0.0 253120 27336 ? Ss Feb26 2:12 php-fpm: master process (/var/www/vhosts/system/zuhoerakademie.at/etc/php-fpm.conf) root 1598808 0.0 0.0 254472 33128 ? Ss Feb26 3:43 php-fpm: master process (/opt/plesk/php/8.3/etc/php-fpm.conf) root 1598839 0.0 0.0 254260 36852 ? Ss Feb26 28:35 php-fpm: master process (/opt/plesk/php/8.2/etc/php-fpm.conf) root 1722017 0.0 0.0 193756 25380 ? Ss Feb26 1:32 php-fpm: master process (/etc/php/5.6/fpm/php-fpm.conf) www-data 1722018 0.0 0.0 193852 5328 ? S Feb26 0:00 php-fpm: pool www www-data 1722019 0.0 0.0 193852 5328 ? S Feb26 0:00 php-fpm: pool www root 1722353 0.0 0.0 193684 20864 ? Ss Feb26 1:08 php-fpm: master process (/etc/php/7.0/fpm/php-fpm.conf) www-data 1722355 0.0 0.0 194104 5484 ? S Feb26 0:00 php-fpm: pool www www-data 1722356 0.0 0.0 194104 5484 ? S Feb26 0:00 php-fpm: pool www root 1722684 0.0 0.0 262716 32536 ? Ss Feb26 1:12 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf) horethwp 2231139 0.0 0.0 245340 50016 ? S Mar24 0:17 php /tmp/phpbbi9oO4R phpbb www-data 3054826 0.0 0.0 262960 10408 ? S Mar30 0:00 php-fpm: pool www www-data 3054827 0.0 0.0 262960 10476 ? S Mar30 0:00 php-fpm: pool www root 3329065 0.0 0.0 252716 34772 ? Ss Feb02 19:37 php-fpm: master process (/opt/plesk/php/8.1/etc/php-fpm.conf) reichho+ 3688753 10.1 0.1 343936 107096 ? R 00:00 57:59 php-fpm: pool reichholf.info reichho+ 3688757 10.1 0.1 344516 107892 ? S 00:00 58:00 php-fpm: pool reichholf.info reichho+ 3688763 10.1 0.1 343808 107084 ? S 00:00 57:58 php-fpm: pool reichholf.info reichho+ 3688764 10.1 0.1 343816 105508 ? S 00:00 58:02 php-fpm: pool reichholf.info reichho+ 3688766 10.1 0.1 344596 106428 ? S 00:00 57:59 php-fpm: pool reichholf.info reichho+ 3688767 10.1 0.1 344812 107680 ? S 00:00 58:00 php-fpm: pool reichholf.info horethwp 3688769 0.7 0.3 530432 238668 ? S 00:00 4:08 php-fpm: pool manuelhoreth.at horethwp 3688771 0.7 0.3 532656 240532 ? S 00:00 4:06 php-fpm: pool manuelhoreth.at horethwp 3688772 0.7 0.3 533716 243096 ? S 00:00 4:07 php-fpm: pool manuelhoreth.at horethwp 3688773 0.7 0.3 533920 243464 ? S 00:00 4:09 php-fpm: pool manuelhoreth.at horethwp 3688774 0.7 0.3 538840 247836 ? S 00:00 4:04 php-fpm: pool manuelhoreth.at horethwp 3688775 0.7 0.3 530576 239672 ? S 00:00 4:04 php-fpm: pool manuelhoreth.at horethwp 3688776 0.7 0.3 536668 244560 ? S 00:00 4:04 php-fpm: pool manuelhoreth.at horethwp 3688777 0.7 0.3 534384 242468 ? S 00:00 4:05 php-fpm: pool manuelhoreth.at horethwp 3688779 0.7 0.3 561204 255052 ? S 00:00 4:05 php-fpm: pool manuelhoreth.at horethwp 3688780 0.7 0.3 534332 242136 ? S 00:00 4:05 php-fpm: pool manuelhoreth.at horethwp 3688782 0.7 0.3 533508 240668 ? S 00:00 4:07 php-fpm: pool manuelhoreth.at horethwp 3688783 0.7 0.3 533584 242572 ? S 00:00 4:05 php-fpm: pool manuelhoreth.at horethwp 3688784 0.7 0.3 538532 244816 ? S 00:00 4:02 php-fpm: pool manuelhoreth.at horethwp 3688785 0.7 0.3 530476 238608 ? S 00:00 4:04 php-fpm: pool manuelhoreth.at horethwp 3688786 0.7 0.3 532460 240596 ? S 00:00 4:05 php-fpm: pool manuelhoreth.at reichho+ 3688800 10.1 0.1 269256 100284 ? S 00:00 58:03 php-fpm: pool reichholf.info reichho+ 3688802 10.1 0.1 269328 101888 ? S 00:00 57:59 php-fpm: pool reichholf.info