Some more tips for finding infected Files via shell access
If you have shell/SSH access to your server, following tips will help you get started quickly.
CAUTION: This article assumes that none of the files in your server uses iframe tags and that all iframe tags are inserted by badware. However, it explains how to take a backup of all files containing iframe tags - so you can restore them manually in case of any issues.
To find infected files from the shell prompt, type this command:
find / -type f | xargs grep -l '<iframe' 2>/dev/null
Creating a list of Infected Files
If this list is very large, you can save the list of infected files by typing this command:
find / -type f | xargs grep -l '<iframe' 2>/dev/null >badfileslist.txt
Creating a backup of all infected files
You create a backup of all files containing iframe tags by this command:
sed 's/<iframe>.*<\/iframe>//g' < "$1" > "$1.pbak"
Deleting all iframe tags
You can remove iframe tags in all files less than 10 days old in your server using this command
find / -type f -mtime -10 | xargs grep -l '<iframe'| xargs perl -pi -e 's/^.*\<iframe.*$/ /g'