[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Remove Malware code from PHP file

Posted on 2013-06-06
6
Medium Priority
?
170 Views
Last Modified: 2015-08-19
Hi,

It seems like my server is infected with malware, all php files have a code on top. How can i remove this code from all files?

I was thinking of using linu'x sed, but i am not sure how to use that for removing this code.

Thanks
p.php
0
Comment
Question by:nandananushil1
6 Comments
 
LVL 27

Assisted Solution

by:Cornelia Yoder
Cornelia Yoder earned 1000 total points
ID: 39227919
This is what I use for an update to multiple files.

http://12g.com/ghosts/replace.htm
0
 
LVL 1

Expert Comment

by:Uvg
ID: 39227955
If you are not familiar with shell and sed you can simply use "replace" command - it is part of mysql package.

replace "code to replace" "empty string in your case" <filename| maybe *>
0
 
LVL 81

Expert Comment

by:arnold
ID: 39228294
Perl -ip.bak -e 's/pattern//;'
The difficulty it seems the data is a multiline.
Is the removal that you want is from the first <?php ?>to the next

Perl scripted to review each page and then extract/stripout the malware.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1000 total points
ID: 39228663
Have you asked your hosting company if they have backups?  What did they say they were going to do to prevent the malware attacks in the future?
0
 
LVL 19

Expert Comment

by:jools
ID: 39230859
I'm not sure if you can do this but I would like to see the full code, can you post it in full? I'm sort of interested in seeing what it does and decoding it.

It may not be good to post here but something like pastebin??

If you cant then no worries... just asking and all that.

Jools
0
 
LVL 81

Expert Comment

by:arnold
ID: 39231007
My impression is that the malware is the first portion of the PHP code.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question