$path = "/home/USER/www/"; // ppath to store grep if too large

$pathwebroot = "/home/USER/www/";

 

 

$handle = fopen($path."/grep.out", "r");

$cnt = fread($handle, filesize($path."/grep.out"));

 

$arrReplace = explode("

", $cnt);

echo 'found '.sizeof( $arrReplace);

$x = 0;

for($i = 0; $i < sizeof( $arrReplace); $i++) {

        $row = explode(':', $arrReplace[$i]);

        if (sizeof($row) > 1) {

        echo $row[0]." sanitized.\n";

        // open the infected file for reading

        $handle = fopen($row[0], "r");

        $infected = fread($handle, filesize($row[0]));

        fclose($handle);

        // cleaning up

        //$cleared = str_replace('<?php ..', '//:start:', $infected);

        $cleared = explode('<?php @error_reporting(0); if (!isset($eva1fYlbakBcVSir))', $infected);

        $cleared = $cleared[0];

        // saving cleared data

        $fp = fopen($row[0], "w");

        fwrite($fp,$cleared);

        fclose( $fp );

        $x++;

        }

 

die(sizeof( $x ).' were fixed.');

 

// Important To do, before running clean.php

// Create file grep.out and chmod 777 this file.

// Don`t forget to replace USER with your actual account user (the one you wish to clean)

// This script was found over internet, it`s not my work, no copyright infregement here. I`ve just added "-o" grep option so the output would not add the infection to grep.out file, making it oversize and imposible to clean.

// There will be some errors as the grep command will find this file too (didn`t know how to make an exception to it, but it`s not important, you could live with some minor errors).

// WordPress, Joomla and other php-ers I hope this helps you as it did for me too.