Send mail from command line with content from file
August 1, 2013scan for malware, viruses and php eval based infections
August 22, 2013
I needed to help a friend to clean all his files from an eval type attack so I used the code bellow to clean all his files. In $str var I put the virus code that was injected (in my case a hidden redirected code)
$str = 'eval(base64_decode("CmVycm9yX3JlcG9... your part of the infected code ....=="));';
function find_all_files($dir)
{
global $global_counter;
$result = array();
$root = scandir($dir);
if(is_array($root)) {
foreach($root as $value) {
if($value === '.' || $value === '..') {continue;}
$global_counter++;
if(is_file("$dir/$value")) {
if(substr($value, -3) == 'php') {
$result[]="$dir/$value";continue;
}
}
else {
$file_list = find_all_files("$dir/$value");
if(is_array($file_list)) {
foreach($file_list as $value) {
if(substr($value, -3) == 'php') {
$result[]=$value;
}
}
}
}
}
}
return $result;
}
$result = find_all_files('.');
foreach($result as $filename) {
if($filename == './cleaner.php') continue;
$file = file_get_contents($filename);
$file = str_replace($str, '', $file);
file_put_contents($filename, $file);
echo '. '; flush();
}
You can download the code here and then run it through the webserver.
cleaner.php
