If you have shell/SSH access to your server, following tips will help you get started quickly.

CAUTION: This article assumes that none of the files in your server uses iframe tags and that all iframe tags are inserted by  badware. However, it explains how to take a backup of all files containing iframe tags - so you can restore them manually in case of any issues.

To find infected files from the shell prompt, type this command:

find / -type f | xargs grep -l '<iframe'  2>/dev/null

Creating a list of Infected Files

If this list is very large, you can save the list of infected files by typing this command:

find / -type f | xargs grep -l '<iframe'  2>/dev/null >badfileslist.txt

 Creating a backup of all infected files

You create a backup of all files containing iframe tags by this command:

sed 's/<iframe>.*<\/iframe>//g' < "$1" > "$1.pbak"

Deleting all iframe tags

You can remove iframe tags in all files less than 10 days old in your server using this command

find / -type f -mtime -10 | xargs grep -l '<iframe'| xargs perl -pi -e 's/^.*\<iframe.*$/ /g'