Virus in Bitrix assets: assets/images folder is under threat!

Order a service
3 min.

Recently, Bitrix website owners have encountered a new type of virus attack that affects even updated versions of the system. The malicious code creates an assets/images folder in the root of the website, which contains files that use various mechanisms to perform malicious actions.

What files does the virus create?

After infection, files with suspicious names appear on the server, for example:

  • 392585ebed.php

  • 6c2f9e57a2.php

  • accesson.php

  • php.ini

  • 392585ebed.txt

These files are either executable scripts or auxiliary files used by the virus to disguise itself and spread.

Malicious actions of the virus

  1. Remote code execution – the virus can execute commands downloaded from outside, allowing attackers to control your site.

  2. Creating a backdoor – files like accesson.php give hackers access to the server even if the main virus is removed.

  3. Masking malicious activity - Some files, such as php.ini , can disable server restrictions and prevent antivirus software from detecting the threat.

  4. Downloading additional malicious files – the virus can download and run new infected scripts, further compounding the problem.

  5. Use of server resources - an infected site can be used to send spam, conduct DDoS attacks or host phishing pages.

Why is the virus dangerous?

Hosting providers often react to the detection of such code by limiting the site's functionality or blocking it entirely. This can lead to:

  • Loss of traffic and customers.

  • A drop in positions in search engines.

  • Reputational risks.

  • Violation of the Bitrix system check - the site begins to produce many errors and failures.

What to do first?

If you have an assets/images folder on your site, you should immediately delete it along with all its contents. Then run a deep security scan to make sure there are no other malicious files left.

How to remove a virus?

Having detected a virus, it is important not only to delete the infected files, but also to conduct a detailed check of the entire site. As Bitrix security specialists, we can help you eliminate the malicious code and restore the normal operation of the site. Contact us for professional help!

Conclusion: The virus that creates assets/images folder in Bitrix is a serious threat. It opens backdoors, executes malicious code and can lead to blocking the site. If you find this folder, delete it immediately and conduct a security audit. If you have any difficulties, contact us - we will help eliminate the threat!

14 February 2025 (Boudybuilder) Виталий Фантич

Back to the list

This site is multilingual
thanks to the Multilingual module
file_download Download Module Market
file_download Download Module Market