Solved

Remove Malware code from PHP file

Posted on 2013-06-06
6
89 Views
Last Modified: 2015-08-19
Hi,

It seems like my server is infected with malware, all php files have a code on top. How can i remove this code from all files?

I was thinking of using linu'x sed, but i am not sure how to use that for removing this code.

Thanks
p.php
0
Comment
Question by:nandananushil1
6 Comments
 
LVL 27

Assisted Solution

by:yodercm
yodercm earned 250 total points
ID: 39227919
This is what I use for an update to multiple files.

http://12g.com/ghosts/replace.htm
0
 
LVL 1

Expert Comment

by:Uvg
ID: 39227955
If you are not familiar with shell and sed you can simply use "replace" command - it is part of mysql package.

replace "code to replace" "empty string in your case" <filename| maybe *>
0
 
LVL 77

Expert Comment

by:arnold
ID: 39228294
Perl -ip.bak -e 's/pattern//;'
The difficulty it seems the data is a multiline.
Is the removal that you want is from the first <?php ?>to the next

Perl scripted to review each page and then extract/stripout the malware.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 109

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 39228663
Have you asked your hosting company if they have backups?  What did they say they were going to do to prevent the malware attacks in the future?
0
 
LVL 19

Expert Comment

by:jools
ID: 39230859
I'm not sure if you can do this but I would like to see the full code, can you post it in full? I'm sort of interested in seeing what it does and decoding it.

It may not be good to post here but something like pastebin??

If you cant then no worries... just asking and all that.

Jools
0
 
LVL 77

Expert Comment

by:arnold
ID: 39231007
My impression is that the malware is the first portion of the PHP code.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
This article discusses how to create an extensible mechanism for linked drop downs.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question