LucaM66 Posted February 15, 2021 Share Posted February 15, 2021 Hi, My site has reported a suspected activity and I found 3 new folders with similar name, very suspect Wolfxsamxadoox then xwolfxsamxadoox and xxwolfxsamdoox. I read about the xsamx infection, but this seems different: anyone can help me on how to remove it? Thank you Link to comment Share on other sites More sharing options...
joseantgv Posted February 15, 2021 Share Posted February 15, 2021 Have you checked if your store is vulnerable? https://www.liewebs.com/en/news/urgent-xsamxadoo-bot-malware-in-prestashop/ Link to comment Share on other sites More sharing options...
LucaM66 Posted February 15, 2021 Author Share Posted February 15, 2021 Hi, I did it last year, deleting all the PHPUNIT files, then I was installing a security app but I think it was almost useless.... I was checking again and I found again PHPUNIT files!! I was reading the report that you mentioned: I suspect that the infection was caused by the one-click-upgrade module because I have installed only this during last year and it was mentioned in the vulnerability report: I have uninstalled it. Now I have deleted all the folders with the XsamX and also the PHP, I hope that this will be enough: what do you think? 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now