Forked from black-dragon74/FixLoveGreenPencilsMalware.sh
Created
February 18, 2021 20:44
-
-
Save abelbarraza3/638fc3883c5d3f1d53f2e0d981d00701 to your computer and use it in GitHub Desktop.
Fixes love green pencils wordpress malware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Regex to fix DB is: "s/<script[\s\S]*?>[\s\S]*?<\/script>//g" | |
| totalInfections=0 | |
| filesProcessed=0 | |
| echo "Welcome to lovegreenpencils malware fixer by black-dragon74" | |
| echo "This fix is divided into 3 phases." | |
| echo "Phase 1 fixes the \`beckup\` files." | |
| echo "Phase 2 fixes the header injections." | |
| echo "Phase 3 fixes the deep rooted JS PHP and JSON injections" | |
| echo | |
| # Begin phase 1 | |
| read -p "Press any key to begin the phase 1: " yay | |
| clear | |
| echo "Scanning....." | |
| for f in $(grep -ril "Element.prototype.appendAfter" ./*); do | |
| # Don't fix the fixer itslef :D | |
| if [[ $f == "./fix.sh" ]]; then | |
| continue; | |
| fi | |
| # If a backup exists, we created it, don't process it again | |
| if [[ $(echo $f | grep ".perlbak") ]]; then | |
| continue; | |
| fi | |
| # Otherwise fix all files recursively | |
| echo "Found file $f" | |
| echo "Backing up and fixing the infection" | |
| echo | |
| perl -pi.perlbak -e 's/Element\.prototype\.appendAfter[\s\S]*?\}\)\(\);//gi' "${f}" | |
| ((filesProcessed ++)) | |
| done | |
| echo "Phase 1 complete. Processed $filesProcessed files." | |
| ((totalInfections += filesProcessed)) | |
| filesProcessed=0 | |
| # Begin phase 2 | |
| read -p "Press any key to begin the phase 2: " yay | |
| clear | |
| echo "Scanning....." | |
| for f in $(grep -ril "REQUEST\['lt'\]" ./*); do | |
| # Don't fix the fixer itslef :D | |
| if [[ $f == "./fix.sh" ]]; then | |
| continue; | |
| fi | |
| # If a backup exists, we created it, don't process it again | |
| if [[ $(echo $f | grep ".perlbak") ]]; then | |
| continue; | |
| fi | |
| # Otherwise fix all files recursively | |
| echo "Found file $f" | |
| echo "Backing up and fixing the infection" | |
| echo | |
| perl -pi.perlbak -e 's/<\?php\ \$v[\s\S]*?\?>//gi' "${f}" | |
| ((filesProcessed ++)) | |
| done | |
| echo "Phase 2 complete. Processed $filesProcessed files." | |
| ((totalInfections += filesProcessed)) | |
| filesProcessed=0 | |
| # Begin phase 3 | |
| read -p "Press any key to begin the phase 3: " yay | |
| clear | |
| echo "Scanning....." | |
| for f in $(grep -ril "lovegreenpencils" ./*); do | |
| # Don't fix the fixer itslef :D | |
| if [[ $f == "./fix.sh" ]]; then | |
| continue; | |
| fi | |
| # If a backup exists, we created it, don't process it again | |
| if [[ $(echo $f | grep ".perlbak") ]]; then | |
| continue; | |
| fi | |
| # Otherwise fix all files recursively | |
| echo "Found file $f" | |
| echo "Backing up and fixing the infection" | |
| echo | |
| perl -pi.perlbak -e "s/<script\ type=\'text\/javascript\'\ src=\'https:\/\/dock\.lovegreenpencils[\s\S]*?<\/script>//gi" "${f}" | |
| ((filesProcessed ++)) | |
| done | |
| echo "Phase 3 complete. Processed $filesProcessed files." | |
| ((totalInfections += filesProcessed)) | |
| filesProcessed=0 | |
| # Processing complete. | |
| echo | |
| echo "Found, backed up and fixed $totalInfections infected files." | |
| read -p "Processing complete. Press any key to exit. " yay | |
| exit 0 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment