c99 Shell Scripts are one of the main headache for almost all cPanel server administrators even though they use mod_security and all. This small snippt would help you to find those possible shell script.
You can open a new ‘screen’ session and execute the code and close the window. You can then have a nice cup of coffee and come back after some hours. The script would scan the entire user folders and saves you the full report of possible infected files.
The code can be found at GitHub Gist
Once the scan is completed, you would be able to see the result in the file “/root/c99result.txt”