Solved

Remove Malware code from PHP file

Posted on 2013-06-06
6
74 Views
Last Modified: 2015-08-19
Hi,

It seems like my server is infected with malware, all php files have a code on top. How can i remove this code from all files?

I was thinking of using linu'x sed, but i am not sure how to use that for removing this code.

Thanks
p.php
0
Comment
Question by:nandananushil1
6 Comments
 
LVL 27

Assisted Solution

by:yodercm
yodercm earned 250 total points
ID: 39227919
This is what I use for an update to multiple files.

http://12g.com/ghosts/replace.htm
0
 
LVL 1

Expert Comment

by:Uvg
ID: 39227955
If you are not familiar with shell and sed you can simply use "replace" command - it is part of mysql package.

replace "code to replace" "empty string in your case" <filename| maybe *>
0
 
LVL 77

Expert Comment

by:arnold
ID: 39228294
Perl -ip.bak -e 's/pattern//;'
The difficulty it seems the data is a multiline.
Is the removal that you want is from the first <?php ?>to the next

Perl scripted to review each page and then extract/stripout the malware.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 108

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 39228663
Have you asked your hosting company if they have backups?  What did they say they were going to do to prevent the malware attacks in the future?
0
 
LVL 19

Expert Comment

by:jools
ID: 39230859
I'm not sure if you can do this but I would like to see the full code, can you post it in full? I'm sort of interested in seeing what it does and decoding it.

It may not be good to post here but something like pastebin??

If you cant then no worries... just asking and all that.

Jools
0
 
LVL 77

Expert Comment

by:arnold
ID: 39231007
My impression is that the malware is the first portion of the PHP code.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many situations when we need to display the data in sorted order. For example: Student details by name or by rank or by total marks etc. If you are working on data driven based projects then you will use sorting techniques very frequently.…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now