@aseques wrote:
Other than that, could someone explain how to identify the traces of the exploits intalled?
Check manually. Connect to SFTP and watch the files in subfolders in /DB
Run through the SSH command ps -ax and see if there is anything running from /DB whether subfolders.
PS Access SFTP can include changing the shell. Connect to SSH and run chsh, enter /bin/bash
PS2 Return shell back chsh and enter /root/kerbynet.cgi/scripts/localman or simply reboot zeroshell router.