.RU Script Remover

'; $action=$_GET['action']; if($action){ $extentions=explode(",",trim($_GET['ext'])); if($_GET['recurse']=='yes'){ $recurse=true; } else { $recurse=false; } $files = directoryToArray("./", $recurse); if($action=='fix'){ echo '

Fixing Files:

'; } else { echo '

Searching Files:

'; } echo ''; foreach($files as $filename){ $ext = substr($filename, strrpos($filename, '.') + 1); if(in_array($ext,$extentions)){ $matches=searchFile($filename); if($matches){ $infectedcode=htmlentities($matches[0][0].$matches[1][0].$matches[2][0]); echo ""; if($action=='fix'){ cleanFile($filename); } } else { $cleanlog.=""; } } } $mtime = microtime(); $mtime = explode(" ",$mtime); $mtime = $mtime[1] + $mtime[0]; $endtime = $mtime; $totaltime = ($endtime - $starttime); echo "Done searching ".count($files)." files in ".round($totaltime, 2)." seconds.

"; echo '

Filename	Infected Code
$filename	$infectedcode
$filename

Clean Files:

'.$cleanlog.'

'; } else { echo '- Make sure you backup your website before you run this script
- When selection "Search AND Fix", it will create a backup of any file it changes named "filename.ext.old"
- If you want to search more than just the default files you can add the extentions you want. Seperate the list with commas and no spaces
- With recurse folders checked, the script will search through all files and folders. Unchecked will only search files inside the current folder

'; } function cleanFile($filename){ $count1=0;$count2=0;$count3=0; $filecontents=file_get_contents($filename); $cleaned= preg_replace('//i','', preg_replace('/document\.write$\'\'$;/i','', preg_replace('//i','', $filecontents,-1,$count1),-1,$count2),-1,$count3); file_put_contents($filename.".old",$filecontents); $fp=@fopen($filename,'w'); if($fp){ fwrite($fp,$cleaned); fclose($fp); } $count=$count1+$count2+$count3; if($count > 0){return true;} else {return false;} } function searchFile($filename){ $count1=0;$count2=0;$count3=0; $filecontents=file_get_contents($filename); $count1=preg_match_all('//i',$filecontents,$matches1); $count2=preg_match_all('/document\.write$\'\'$;/i',$filecontents,$matches2); $count3=preg_match_all('//i',$filecontents,$matches3); $allmatches=array_merge_recursive($matches1,$matches2,$matches3); $count=$count1+$count2+$count3; if($count > 0){return $allmatches;} else {return false;} } function directoryToArray($directory, $recursive) { $array_items = array(); if ($handle = opendir($directory)) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != "..") { if (is_dir($directory. "/" . $file)) { if($recursive) { $array_items = array_merge($array_items, directoryToArray($directory. "/" . $file, $recursive)); } } else { $file = $directory . "/" . $file; $array_items[] = trim(preg_replace("/\/\//si", "/", $file),'./'); } } } closedir($handle); } return $array_items; } echo '
Created by Nate Stiller | nate@natestiller.com'; ?>

Action:
File Extentions:
Recurse Folders:
	Press GO only once and be patient! Depending on the number of files, the script may take a couple minutes.