$fileinfo) { if (!$fileinfo->isFile()) continue; $filetype = pathinfo($pathname, PATHINFO_EXTENSION); $res = ''; if($filetype == 'php'){ self::$checkFiles[] = 'checking file:'.$pathname.''; $res = self::check($pathname); if(!empty($res)){ self::$checkFiles[] = 'found "CryptoPHP" malware in :'.$pathname.' partial infected'; $path = explode(DS,$pathname); unset($path[count($path) -1]); $path = implode(DS,$path); $res = str_replace(array('/','\\'),DS,trim($res[0]," '\"")); $delete_location = $path.DS.$res; self::$checkFiles[] = 'found "CryptoPHP" malware in :'.$delete_location.' full infected'; self::$infectedFiles[] = $pathname; if(!in_array($delete_location, self::$malwareFiles)){ self::$malwareFiles[] = $delete_location; } } } } $time_end = microtime(true); self::$scriptDuration = $time_end - $time_start; $_SESSION['sh_cr_cleaner']['infected'] = self::$infectedFiles; $_SESSION['sh_cr_cleaner']['malware'] = self::$malwareFiles; unset($fileinfos); return ; } static function fix(){ if(empty($_POST)) exit; if($_POST['_to'] != $_SESSION['_token']) exit; $infected = $_SESSION['sh_cr_cleaner']['infected']; $malware = $_SESSION['sh_cr_cleaner']['malware']; if(count($infected) > 0){ foreach($infected as $file){ //echo 'bla'.$file; $file_content = file_get_contents($file); $pattern = '/(include|include_once|require|require_once)[\s]?\(.*social.*\.png.*\)/isU'; $new_content = preg_replace($pattern,'',$file_content); $res = file_put_contents($file, $new_content); if(!$res){ $failed_infected[] = $file; } } } if(count($malware) > 0){ foreach($malware as $file){ //echo 'bla2'.$file; $res2 = unlink($file); if(!$res2){ $failed_malware[] = $file; } } } if(count($failed_infected) == 0 && count($failed_malware) == 0){ echo 1; }else{ if(count($failed_infected) > 0){ echo 'failed to fix this file(s) please do it manually
'; foreach($failed_infected as $file){ echo $file.'
'; } } if(count($failed_malware) > 0){ echo 'failed to delete this file(s) please do it manually
'; foreach($failed_malware as $file){ echo $file.'
'; } } echo '
if you need help read this
'; } } static function check($file){ $content = file_get_contents($file); $pattern = '/(include|include_once|require|require_once)[\s]?\((.*)\)/isU'; preg_match_all($pattern,$content,$matches); $res = array(); if(count($matches[2]) > 0){ foreach($matches[2] as $match){ preg_match('/social(.*)\.png/isU',$match,$match2); if(!empty($match2[0])){ $res[] = $match; } } } return $res; } } if(isset($_POST['fix']) && $_POST['fix'] = 'ok'){ ShieldfyCryptoPHPRemoval::fix(); exit; } $_token = $_SESSION['_token'] = sha1(md5(time() * mt_rand() * uniqid(mt_rand()))) ; ShieldfyCryptoPHPRemoval::scan(); ?> CryptoPHP Malware removal | Shieldfy

Final Result :-

Congratulations your website is Clean

of files scanned in : seconds

Your website infected with CryptoPHP malware

of files scanned in : seconds

Fix my website

Full Log :-

', ShieldfyCryptoPHPRemoval::$checkFiles); ?>