Solved

Remove Malware code from PHP file

Posted on 2013-06-06
6
83 Views
Last Modified: 2015-08-19
Hi,

It seems like my server is infected with malware, all php files have a code on top. How can i remove this code from all files?

I was thinking of using linu'x sed, but i am not sure how to use that for removing this code.

Thanks
p.php
0
Comment
Question by:nandananushil1
6 Comments
 
LVL 27

Assisted Solution

by:yodercm
yodercm earned 250 total points
ID: 39227919
This is what I use for an update to multiple files.

http://12g.com/ghosts/replace.htm
0
 
LVL 1

Expert Comment

by:Uvg
ID: 39227955
If you are not familiar with shell and sed you can simply use "replace" command - it is part of mysql package.

replace "code to replace" "empty string in your case" <filename| maybe *>
0
 
LVL 77

Expert Comment

by:arnold
ID: 39228294
Perl -ip.bak -e 's/pattern//;'
The difficulty it seems the data is a multiline.
Is the removal that you want is from the first <?php ?>to the next

Perl scripted to review each page and then extract/stripout the malware.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 109

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 39228663
Have you asked your hosting company if they have backups?  What did they say they were going to do to prevent the malware attacks in the future?
0
 
LVL 19

Expert Comment

by:jools
ID: 39230859
I'm not sure if you can do this but I would like to see the full code, can you post it in full? I'm sort of interested in seeing what it does and decoding it.

It may not be good to post here but something like pastebin??

If you cant then no worries... just asking and all that.

Jools
0
 
LVL 77

Expert Comment

by:arnold
ID: 39231007
My impression is that the malware is the first portion of the PHP code.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
open source backup solution 1 29
javascript: add id amounts 5 47
linux SFTP 8 44
linux 13 50
In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question