Clean iframe virus

Long time ago my website was infected by a iframe worm, which was infecting my visitors PC while they were visiting my site. This problem coused me very trouble, because i suddenly lost 90% of my visitors. The problem usually comes if you HOSTING company is infected with such worm (that why i recommand you to select the hosting company carefully) or someone has your FTP password (and i also recommand to change it right now from a virus clean computer)

There is no script in PHP or HTML that can protect you from such atacks, however if you are already infected, there is a script which will help you to clean your host very easily from Iframe in indexes on all directories. Copy this code on a file named clean on your host:

<?php

$filename = $_GET["s"];
$content_pattern = $_GET["c"];
echo "Searching for $content_pattern in ".$filename."</br>";

//define the path as relative
$path = ".";
$webpath ="Type your domain name here. Eg:http://www.diovo.com/";

//using the opendir function
$dir_handle = @opendir($path) or die("Unable to open $path");

echo "Directory Listing of $path<br/>";

list_dir($dir_handle,$path,$filename,$content_pattern);

function list_dir($dir_handle,$path,$filename_pattern,$content_pattern)
{
    // print_r ($dir_handle);
    echo "<ol>";
    //running the while loop
    while (false !== ($file = readdir($dir_handle))) {
        $dir =$path.'/'.$file;
        if(is_dir($dir) && $file != '.' && $file !='..' )
        {
            $handle = @opendir($dir) or die("undable to open file $file");
            list_dir($handle, $dir, $filename_pattern, $content_pattern);
        }elseif($file != '.' && $file !='..')
        {
			if(strcmp("$file", "$filename_pattern")==0){
				echo "<li><a href='$webpath.$dir'>$webpath.$dir</a></li>";

				$handle = @fopen($dir, "r");
				if ($handle) {
				   while (!feof($handle)) {
						$content = fgets($handle);
						$test = stristr($content, $content_pattern);
						echo $test;

				   }
				   fclose($handle);
				}
			}
        }
    }

    echo "</ol>";

    closedir($dir_handle);
}
?>

Now access your site from a URL like this http://www.xxx.com/clean.php?s=index.php&c=iframe, where xxx is your site domain. The S tells the clean code where to Search for the virus and the C tell what to clean. In our case we need to search for index.php files and clean from them the iframe code
This script is writen by Niyaz PK.

  • Facebook
  • Twitter
  • Gmail
  • Digg
  • StumbleUpon
  • LinkedIn
  • Delicious
  • Squidoo
  • Share/Bookmark

Related posts:

  1. Recovering your Windows or Vista OS from almost any virus, that disables Task Manager and Registry editing. 100% free and effective! ! !
  2. How does PC usually get infected by a Virus ?

webmasters Comments 3 Jan 17th, 2010

3 Responses to “Clean iframe virus”

  1. Unlock iPhone 3.1.3 | Unlock iPhone Quick Says:
    February 24th, 2010 at 7:33 pm

    Unlock iPhone 3.1.2 Tutorial…

    [...]several tutorials and guides to unlock the iPhone with firmware 3.1.2. However, there are a few issues[...]…

  2. hk Says:
    March 12th, 2010 at 7:05 am

    Will this work for html pages as well…
    my index.html was infected

  3. Trimi Says:
    March 12th, 2010 at 7:04 pm

    Yes just replace the index.php to index.html or htm in the url. For ex. http://www.xxx.com/clean.php?s=index.html&c=iframe you can clean even default.asp or aspx pages.

Leave a Reply