What is perl.generic.fakeproc?
This malware is known to slow down the perl server by increasing the CPU utilization to 100% at all times. It creates multiple processes which appear to run as
/usr/bin/fakeproc. This trojan is a wrapper for executing other Linux binaries under a potentially misleading & arbitrary process name.
How to fix perl.generic.fakeproc problem
- Disable port 80 on the server & check CPU utilization
fakeprocprocesses should disappear
- Search for all instances of the timthumb.php library on the server
- revealed that there was an old backup of the theme sitting in the themes directory, containing an un-patched version of the file. Therefore, removing the old theme fixed the issue.
- List all processes running on the server by entering the
pscommand in the terminal
- Run the following command to see which process has launched the
ps xjf -C fakeproc
- You should then be able to kill the relevant processes using the following command where PID is the process ID with ~100% process utilization.
Keep your CMS (WordPress/Joomla/Magento) core up to date along with all themes and plugins. Also, remove old backups and parts of code that are not used anymore.
This is a malware written in the PERL script language. It is likely to be planted by a malicious user or worm after successful penetration. For successful execution of the malware, Perl scripting libraries are required.
Website Malware Cleanup
Have you been hacked? Do you need help with fixing your website? We provide professional malware cleanup services to get your business back online quickly.
Removal of Security Warnings
If your website is hacked, your visitors may be shown a warning message. Astra will take the necessary steps to remove your website from the blacklists ASAP.
Website Firewall (WAF)
Stop future website hacks with Astra WAF & protect your website. No hassle out-of-the-box security tailored to your technology stack & CMSs like WordPress, Magento, Opencart etc.
Real Human Support
Astra's team of security engineers guide you through your security journey. We believe in customers first, so no waiting in long queues to get your queries answered.
This information is provided as part of the Astra community project. All information should be considered as-is, without guarantees. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to [email protected]