By: William AlexanderIf google redirects all your visitors to this warning below:
Warning: Visiting this site may harm your computer!
The website at www.yoursite.com contains elements from the site domainameat.cc, which appears to host malware â€“ software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
Then, probably your site has been infected with malware. Ok first things first, be cool and dont panic. This could be resolved. If you open your FTP and closely check your PHP files, you will see some lines of code on top of the page that starts with eval(base64_decode(.............................
index.php could be the file affected or it could have affected almost all of your php files.
You will have to remove these lines of code from your files. If you have to do manually, it will be a nightmare.
So just follow these steps to do it automatically.
1. Copy the below code and save it into a file. And name it as 'fix.php'.
<?php set_time_limit(0); $dir = "./"; $rmcode = `find $dir -name "*.php" -type f |xargs sed -i 's#<?php /\*\*/ eval(base64_decode("aWY.*?>##g' 2>&1`; echo "Malware removed.<br />\n"; $emptyline = `find $dir -name "*.php" -type f | xargs sed -i '/./,$!d' 2>&1`; echo "Empty lines removed.<br />\n"; ?> <br /> Completed.
2. Now upload this file to your website. (save it in the folder where your index.php file resides). 3. Open your browser and call this file (eg. http://www.yoursite.com/fix.php)
Be patient, depending on your site, it may take very long. That is why the time out limit is set to unlimited in the above code. Be sure, all the affected files will be restored back to normal.
What the above code does is, to search for all the php files that containst the infected code and deletes those lines. Then the emptyline code removes the empty lines from the file as well.
Cheers. Your site is now restored to normal.
1. Thanks! It worked for me. Only the index.php file was affected so I just did it manually.
View Tutorial By: Me at 2012-07-28 16:03:52
3. Hi, I used your fix and it looks like it worked fine for Chrome and Safari browsers but the automate
View Tutorial By: Eddie at 2011-02-21 18:41:06
4. Hi, thank you so much for this. I am going to give it a try now.
On another note, do
View Tutorial By: Eddie at 2011-02-21 14:10:04
5. hi i have used this code in my site. and it says
Empty lines removed
View Tutorial By: Jawad at 2011-01-16 06:31:00
7. Hi Chriz,
Yes it should work on any site. Because all it does is to look for that string of a
View Tutorial By: William at 2010-07-10 20:54:24
Can we use this fix.php on the Joomla CMS attacked websites?
View Tutorial By: Chriz at 2010-07-05 09:22:57
9. I did this exactly.
In my case, the fix.php file took very long time and finally looked like
View Tutorial By: Manorasa at 2010-06-29 23:32:24
Most Viewed Articles (in PHP )
Latest Articles (in PHP)
Comment on this tutorial
- Data Science
- Cloud Computing
- Java Beans
- Mac OS X
- Office 365
- Tech Reviews