Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Grep all instance of the mailicious code
- // by doing a grep
- $path = "/home/USER/www/"; // ppath to store grep if too large
- $pathwebroot = "/home/USER/www/";
- shell_exec('grep -R -o "eva1fYlbakBcVSir" '.$pathtowebroot.'* > grep.out');
- $handle = fopen($path."/grep.out", "r");
- $cnt = fread($handle, filesize($path."/grep.out"));
- fclose($handle);
- //$output = shell_ex
- $arrReplace = explode("
- ", $cnt);
- // grep sep with :
- // then parse with the linebreak
- echo 'found '.sizeof( $arrReplace);
- sleep(5);
- $x = 0;
- for($i = 0; $i < sizeof( $arrReplace); $i++) {
- $row = explode(':', $arrReplace[$i]);
- if (sizeof($row) > 1) {
- echo $row[0]." sanitized.\n";
- // open the infected file for reading
- $handle = fopen($row[0], "r");
- $infected = fread($handle, filesize($row[0]));
- fclose($handle);
- // cleaning up
- //$cleared = str_replace('<?php ..', '//:start:', $infected);
- $cleared = explode('<?php @error_reporting(0); if (!isset($eva1fYlbakBcVSir))', $infected);
- $cleared = $cleared[0];
- // saving cleared data
- $fp = fopen($row[0], "w");
- fwrite($fp,$cleared);
- fclose( $fp );
- $x++;
- }
- }
- die(sizeof( $x ).' were fixed.');
- ?>
- // Important To do, before running clean.php
- // Create file grep.out and chmod 777 this file.
- // Don`t forget to replace USER with your actual account user (the one you wish to clean)
- // This script was found over internet, it`s not my work, no copyright infregement here. I`ve just added "-o" grep option so the output would not add the infection to grep.out file, making it oversize and imposible to clean.
- // There will be some errors as the grep command will find this file too (didn`t know how to make an exception to it, but it`s not important, you could live with some minor errors).
- // WordPress, Joomla and other php-ers I hope this helps you as it did for me too.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement