Removing CryptoPHP malware!
If CryptoPHP has been found we recommend the following steps:
Remove the “include” of the backdoor. For example, find the script that contains: “”. Note that this path can vary.
Remove the backdoor (social*.png) itself by deleting it.
Check your database to see if any extra administrator accounts were added and remove them
Reset the credentials of your own CMS account and other administrators (they were most likely compromised)
The steps above should be sufficient to remove the impact CryptoPHP has had on your website. We do however recommend performing a complete reinstall of your CMS since the system integrity may have been compromised. An attacker may have gained system wide access for example.
For both security and legal reasons we would advise not to install this kind of pirated (nulled) content.