Solved

Remove Malware code from PHP file

Posted on 2013-06-06
6
53 Views
Last Modified: 2015-08-19
Hi,

It seems like my server is infected with malware, all php files have a code on top. How can i remove this code from all files?

I was thinking of using linu'x sed, but i am not sure how to use that for removing this code.

Thanks
p.php
0
Comment
Question by:nandananushil1
6 Comments
 
LVL 27

Assisted Solution

by:yodercm
yodercm earned 250 total points
Comment Utility
This is what I use for an update to multiple files.

http://12g.com/ghosts/replace.htm
0
 
LVL 1

Expert Comment

by:Uvg
Comment Utility
If you are not familiar with shell and sed you can simply use "replace" command - it is part of mysql package.

replace "code to replace" "empty string in your case" <filename| maybe *>
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Perl -ip.bak -e 's/pattern//;'
The difficulty it seems the data is a multiline.
Is the removal that you want is from the first <?php ?>to the next

Perl scripted to review each page and then extract/stripout the malware.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 108

Accepted Solution

by:
Ray Paseur earned 250 total points
Comment Utility
Have you asked your hosting company if they have backups?  What did they say they were going to do to prevent the malware attacks in the future?
0
 
LVL 19

Expert Comment

by:jools
Comment Utility
I'm not sure if you can do this but I would like to see the full code, can you post it in full? I'm sort of interested in seeing what it does and decoding it.

It may not be good to post here but something like pastebin??

If you cant then no worries... just asking and all that.

Jools
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
My impression is that the malware is the first portion of the PHP code.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now