Malware on my VPS? How to search for that rogue php malware?

[Invisible121]

My provider sent me an abuse ticket claiming that I have a Malware on my VPS, since it's unmanaged, I have to remove it myself. There's an unknown php named resuzx.php that I have to remove. Whenever I visit it like this on my server (http://12.234.567.890/resuzx.php), it says access denied, it means that it's still on the server. I tried filemanager (kloxo) to search for it but I could find it. No luck with FTP too. I installed Sucuri on wordpress to verify my installation files and it didn't detect any malware on my wordpress files, the malware must be on the server.

Anybody knows how to detect it or search for it so I can delete it permanently? It's really pissing me off. Thanks!

 

[Tonb2000]

kloxo had a problem...

Kloxo installations compromised

https://vpsboard.com/topic/3384-kloxo-installations-compromised/

You got to use
rkhunter in your VPS.

Try webuzo control panel, it come with lots of security apps for your VPS and is free!... easy to use.

 

[ras]

Rm it through ssh with root. This should solve the issue.
Linux and Unix rm command help and examples

 

[Lock Down]

to find it in ssh use

[/COLOR]find / -name [COLOR=#333333]resuzx.php

 

[Mohsin Mehmood]

Good topic. I passed from this issue. But no solution. So I changed VPS by saving php file.

Mashriq Newspaper Online