imitronov · October 19, 2017 17:22
diff --git a/scan.php b/scan.php
 <?php

 function scanVirus($dir) {

     $files = scandir($dir);

     foreach($files as $file) {
         if(is_file($dir.$file) and pathinfo($file, PATHINFO_EXTENSION) == 'js') {
             $content = trim(file_get_contents($dir.$file));
             $pattern = '#var ([a-zA-Z0-9]+)="(.[^\"]*)",([a-zA-Z0-9]+)="";for\(var ([a-zA-Z0-9]+)=(.*?).length-1;(.*?)>0;(.*?)--\){if\((.*?)%2==1\)(.*?)+=(.*?).charAt\((.*?)\)}eval\((.*?)\);#mi';

             if(preg_match($pattern, $content)) {
                 $content = preg_replace($pattern, NULL, $content);
                 file_put_contents($dir.$file, $content.PHP_EOL);
                 echo '<a href="'.$dir.$file.'">'.$file.'</a><br>';
             }

         } else if($file != '.' AND $file != '..' AND is_dir($dir.$file)) {
             scanVirus($dir.$file.'/');
         }
     }
 }

 scanVirus('./');

 ?>
	<?php

	function scanVirus($dir) {

	$files = scandir($dir);

	foreach($files as $file) {
	if(is_file($dir.$file) and pathinfo($file, PATHINFO_EXTENSION) == 'js') {
	$content = trim(file_get_contents($dir.$file));
	$pattern = '#var ([a-zA-Z0-9]+)="(.[^\"])",([a-zA-Z0-9]+)="";for\(var ([a-zA-Z0-9]+)=(.?).length-1;(.?)>0;(.?)--\){if\((.?)%2==1\)(.?)+=(.?).charAt\((.?)\)}eval\((.*?)\);#mi';

	if(preg_match($pattern, $content)) {
	$content = preg_replace($pattern, NULL, $content);
	file_put_contents($dir.$file, $content.PHP_EOL);
	echo '<a href="'.$dir.$file.'">'.$file.'</a><br>';
	}

	} else if($file != '.' AND $file != '..' AND is_dir($dir.$file)) {
	scanVirus($dir.$file.'/');
	}
	}
	}

	scanVirus('./');

	?>