perl.generic.fakeproc

Affects perl
Family generic
Variant fakeproc
Severity
HIGH
Signature Type {MD5} {HEX}
Detected by Linux Malware Detect (Maldet)

What is perl.generic.fakeproc?

This malware is known to slow down the perl server by increasing the CPU utilization to 100% at all times. It creates multiple processes which appear to run as /usr/bin/fakeproc. This trojan is a wrapper for executing other Linux binaries under a potentially misleading & arbitrary process name.

How to fix perl.generic.fakeproc problem

Method 1

  • Disable port 80 on the server & check CPU utilization
  • fakeproc processes should disappear
  • Search for all instances of the timthumb.php library on the server
  • revealed that there was an old backup of the theme sitting in the themes directory, containing an un-patched version of the file. Therefore, removing the old theme fixed the issue.

Method 2

  • List all processes running on the server by entering the ps command in the terminal
  • Run the following command to see which process has launched the fakeproc script:
    ps xjf -C fakeproc
  • You should then be able to kill the relevant processes using the following command where PID is the process ID with ~100% process utilization.
    kill PID

Prevent perl.generic.fakeproc

Keep your CMS (WordPress/Joomla/Magento) core up to date along with all themes and plugins. Also, remove old backups and parts of code that are not used anymore.

This is a malware written in the PERL script language. It is likely to be planted by a malicious user or worm after successful penetration. For successful execution of the malware, Perl scripting libraries are required.

Clean My Hacked Website Now

Website Malware Cleanup Website Malware Cleanup

Have you been hacked? Do you need help with fixing your website? We provide professional malware cleanup services to get your business back online quickly.

Removal of Security Warnings Removal of Security Warnings

If your website is hacked, your visitors may be shown a warning message. Astra will take the necessary steps to remove your website from the blacklists ASAP.

Astra Website Firewall (WAF) Website Firewall (WAF)

Stop future website hacks with Astra WAF & protect your website. No hassle out-of-the-box security tailored to your technology stack & CMSs like WordPress, Magento, Opencart etc.

Real Human Support Real Human Support

Astra's team of security engineers guide you through your security journey. We believe in customers first, so no waiting in long queues to get your queries answered.

This information is provided as part of the Astra community project. All information should be considered as-is, without guarantees. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to [email protected]