The eval(base64_decode()) virus has infected a server. Would removing executable permissions help solve the issue?

07
2014-07
  • Bravo.I

    The eval(base64_decode()) has infected a server. This is a PHP virus that uses the eval function in PHP and replicates itself to all the PHP files on the system as far as I'm certain. Would removing executable permissions help solve the problem?!

    http://i.stack.imgur.com/dwWNB.png

    Please answer really fast, and also, if you've got any better ideas on how to stop this virus.. I'm all ears. The virus has replicated itself to several folders in the directory and most of the other folders are actually several other websites...

    • Answers
  • Icydog

    No, for a typical installation removing the execute bit will not solve the issue and it will not prevent further spread of the virus. PHP is typically interpreted by the webserver, and not directly executed by the OS, so the execute bit has no effect.

    You should take the server offline immediately, clean up the infection, and patch the hole being exploited before taking it back online.


    • Related Question

    infect serverx.exe virus help me
  • user48418

    my computer infected with serverx.exe virus and it couldn't remove form my local area network


    • Related Answers
  • William Hilsum

    After performing a little bit of reasearch for you, it looks like Serverx.exe is not a very advanced virus.

    Simply restart your computer in safe mode and locate the serverx.exe file and delete it.

    You may also want to run Microsoft / Sysinternal Autoruns and delete all traces of it.

    Lastly, take a look here for some general advice on recovering your computer from malware attacks.