I've created a comprehensive Bash script to help clean up a CyberPanel server infected with Kinsing malware. Let me break down the key features of this script:

Script Features

1. Root Privilege Check: Ensures the script is run with root permissions
2. Logging: Logs all actions to /var/log/kinsing_cleanup.log
3. Backup: Creates a backup of critical system files before cleanup
4. Systematic Cleanup: Follows the steps you outlined in your guide
5. Process Termination: Kills suspicious processes
6. Service Removal: Stops and disables suspicious services
7. Security Scanning: Installs and runs chkrootkit and rkhunter
8. File Tracking: Creates a list of recently modified files

Usage Instructions

1. Save the script to a file (e.g., kinsing_cleanup.sh)
2. Make it executable: chmod +x kinsing_cleanup.sh
3. Run with sudo: sudo ./kinsing_cleanup.sh

Precautions

• Always review the script before running
• Understand each step
• Have a backup of your critical data
• Test in a staging environment first if possible

Additional Recommendations

1. After running the script, thoroughly review:
   • /var/log/kinsing_cleanup.log
   • /root/kinsing_recent_files.txt
   • Results of the rkhunter scan
2. Consider changing all passwords
3. Review network logs and access patterns
4. If possible, restore from a known clean backup

Disclaimer

This script is provided as-is. While it aims to help clean up the Kinsing malware, every infection is unique. Professional security consultation is recommended for complex scenarios.