There is a site, in it all js files are infected. All js files have malicious code, lines starting with "try{q=document.createElement"

Are there any programs that will scan all files and delete these lines, the beginning of which is? Antivirus files are simply deleted, but they are needed for work.

  • if there is a console, then sed / awk. If not, then who prevents to write a script (even if in php), which will clean everything up. If there is a possibility / desire to download everything locally for yourself, then any adequate editor that can do a search + replacement by files. For example, Notepad++ and others like it. - KoVadim
  • 2
    In fact, you need to keep the correct copy of the site locally, and with all sorts of problems just copy a clean copy to the server. - VladD

2 answers 2

Run the following command in the script root directory:

 find . -name \*.js | xargs sed -i "/^try{q=document\.createElement/d"
  • Super, it helped. However, I can’t remove the answer from the previous one and make it right. ( - - butteff
  • @butteff, you first click on the green check mark next to the accepted answer, and then put it on mine. It seems to work like this. - dzhioev
  • For some reason, not cleaned. - butteff

I wrote such a script for my site, it seemed to help. Just make a backup to start your site. And one more limitation: if there are a lot of files, then the script is better to use several times for individual folders. To specify a folder you need to change the variable $ dir

 <?php header("Content-Type: text/html; charset=utf-8"); $dir = $_SERVER["DOCUMENT_ROOT"] ; cleanDir($dir); function cleanDir($location){ if ($handle = opendir($location)) { echo "Директория: $handle<br />"; echo "Содержимое:<br />"; while (false !== ($entry = readdir($handle))) { if ($entry != "." && $entry != "..") { if(is_dir ($location.DIRECTORY_SEPARATOR .$entry)){ print '<span style="background-color:#ddd;">'.$location.DIRECTORY_SEPARATOR .$entry."</span><br />"; cleanDir($location.DIRECTORY_SEPARATOR .$entry); }else{ if(pathinfo($entry, PATHINFO_EXTENSION)=='js'){ $c = false; $c = clearFile($location.DIRECTORY_SEPARATOR.$entry); if($c){ print '<span style="background-color:red;">VIRUS</span><span style="background-color:#fff;margin-left:20px;">'.$location.DIRECTORY_SEPARATOR .$entry."</span><br />"; }else{ print '<span style="background-color:green;">CLEAR</span><span style="background-color:#fff;margin-left:20px;">'.$location.DIRECTORY_SEPARATOR .$entry."</span><br />"; } } } } } closedir($handle); }else{ print "Error !"; die(); } } function clearFile($path){ $cont = file_get_contents($path); $pos = strrpos($cont,'try{q=document.createElement("d"+"i"+"v");q.appendChild(q+"");}'); if($pos){ $cont = substr($cont,0,$pos); file_put_contents($path,$cont); return true; } return false; }