Malicious file reported by my host any solution

[hemant kumar sharma]

Hi,
I have installed openSIS in webserver my webhost reported malicious file
/public_html/SchInfo/modules/students/includes/Files.inc.php both outgoing port80 and 443 disabled due to this the file. Content of the file verbatum reproduced here .
please suggest

. # # ## ************************************************************************************** ### include('../../../RedirectIncludes.php'); ## require("modules/students/UploadClassFnc.php"); $dir='assets/studentfiles'; if($_REQUEST['modfunc']=='delete' && User('PROFILE')=='admin') { if(!$_REQUEST['delete_ok'] && !$_REQUEST['delete_cancel']) echo ''; if(DeletePromptCommon($_REQUEST['title'])) { unlink($_REQUEST['file']); unset($_REQUEST['modfunc']); } } if(!$_REQUEST['modfunc']) { ###########################File Upload #################################################### if(!file_exists($dir)) { mkdir($dir,0777); } if($_FILES['uploadfile']['name']) { $allowFiles=array("jpg","jpeg","png","gif","bmp","doc","docx","xls","xlsx","ppt","pptx","pps","txt","pdf"); $target_path=$dir.'/'.UserStudentID().'-'.$_FILES['uploadfile']['name']; $destination_path=$dir; $upload= new upload(); $upload->target_path=$target_path; $upload->deleteOldImage(); $upload->destination_path=$destination_path; $upload->name=$_FILES["uploadfile"]["name"]; $upload->setFileExtension(); $upload->fileExtension; $upload->allowExtension=$allowFiles; $upload->validateImage(); if($upload->wrongFormat==1){ $_FILES["uploadfile"]["error"]=1; } if ($_FILES["uploadfile"]["error"] > 0) { $msg = 'Cannot upload file. Invalied file type.'; } else { if(!move_uploaded_file($_FILES["uploadfile"]["tmp_name"], $upload->target_path)) $msg= 'Cannot upload file. Invalid Permission'; else $msg='Successfully uploaded'; } unset ($_FILES['uploadfile']); } if($msg) echo $msg; echo ''; if(AllowEdit ()) { echo ''; } else { echo ''; } echo ''; if(AllowEdit ()) { echo ''; } echo ''; $dir=dir($dir); echo ''; $found=false; $gridClass = "odd"; while($filename=$dir->read()) { if($gridClass=="even") { $gridClass="odd"; } else { $gridClass="even"; } if($filename) { if($filename=='.' || $filename=='..') continue; $student_id_up = explode('-',$filename); if($student_id_up[0]==UserStudentID()) { $found=true; echo ' '; if(AllowEdit ()) { echo ''; } echo ' '; } } } $dir->close(); echo ''; echo '

To upload additional files click browse, select file, give it a file name and click save
To View a certain file,click on the name of the file
<input type="file" name="uploadfile" size="50" id="upfile">
'.substr($filename,strpos($filename,'-')+1).'	<input type="hidden" name="del" value="assets/studentfiles/'.$filename.'">

'; if($found!=true) { echo 'No Files were found.'; } } ?>

[hemant kumar sharma]

here is file too