0

Possible Duplicate:
My server's been hacked EMERGENCY

my php based website got infected with malware, which added something like this in the code:

<?php eval(base64_decode("DQplcnJvcl9yZXBvcnRpbmcoMCk7DQokcWF6cGxtPWh));

Now i want to replace all the "eval(" till its ending braces "));" with space or delete all those occurences, either with sed or other tools.

i have tried this

sed 's/eval\*/ /g' code.php

But its not working.

What can be its solution?

Thanks in advance.

Community
  • 1
Farhan
  • 4,377
  • 12
  • 56
  • 87

1 Answers1

4

As SvenW says the only real solution to this is to reinstall from a known good backup. You could try 

sed 's/eval(.*);//' code.php

which given your input produces

<?php

But you don't know what damage has been done to the system so nuke it from orbit and restore from a known good backup - it's the only way to be sure.

user9517
  • 117,122