$fileinfo) {
if (!$fileinfo->isFile()) continue;
$filetype = pathinfo($pathname, PATHINFO_EXTENSION);
$res = '';
if($filetype == 'php'){
self::$checkFiles[] = 'checking file:'.$pathname.'';
$res = self::check($pathname);
if(!empty($res)){
self::$checkFiles[] = 'found "CryptoPHP" malware in :'.$pathname.' partial infected';
$path = explode(DS,$pathname);
unset($path[count($path) -1]);
$path = implode(DS,$path);
$res = str_replace(array('/','\\'),DS,trim($res[0]," '\""));
$delete_location = $path.DS.$res;
self::$checkFiles[] = 'found "CryptoPHP" malware in :'.$delete_location.' full infected';
self::$infectedFiles[] = $pathname;
if(!in_array($delete_location, self::$malwareFiles)){
self::$malwareFiles[] = $delete_location;
}
}
}
}
$time_end = microtime(true);
self::$scriptDuration = $time_end - $time_start;
$_SESSION['sh_cr_cleaner']['infected'] = self::$infectedFiles;
$_SESSION['sh_cr_cleaner']['malware'] = self::$malwareFiles;
unset($fileinfos);
return ;
}
static function fix(){
if(empty($_POST)) exit;
if($_POST['_to'] != $_SESSION['_token']) exit;
$infected = $_SESSION['sh_cr_cleaner']['infected'];
$malware = $_SESSION['sh_cr_cleaner']['malware'];
if(count($infected) > 0){
foreach($infected as $file){
//echo 'bla'.$file;
$file_content = file_get_contents($file);
$pattern = '/(include|include_once|require|require_once)[\s]?\(.*social.*\.png.*\)/isU';
$new_content = preg_replace($pattern,'',$file_content);
$res = file_put_contents($file, $new_content);
if(!$res){
$failed_infected[] = $file;
}
}
}
if(count($malware) > 0){
foreach($malware as $file){
//echo 'bla2'.$file;
$res2 = unlink($file);
if(!$res2){
$failed_malware[] = $file;
}
}
}
if(count($failed_infected) == 0 && count($failed_malware) == 0){
echo 1;
}else{
if(count($failed_infected) > 0){
echo 'failed to fix this file(s) please do it manually
';
foreach($failed_infected as $file){
echo $file.'
';
}
}
if(count($failed_malware) > 0){
echo 'failed to delete this file(s) please do it manually
';
foreach($failed_malware as $file){
echo $file.'
';
}
}
echo '
if you need help read this
';
}
}
static function check($file){
$content = file_get_contents($file);
$pattern = '/(include|include_once|require|require_once)[\s]?\((.*)\)/isU';
preg_match_all($pattern,$content,$matches);
$res = array();
if(count($matches[2]) > 0){
foreach($matches[2] as $match){
preg_match('/social(.*)\.png/isU',$match,$match2);
if(!empty($match2[0])){
$res[] = $match;
}
}
}
return $res;
}
}
if(isset($_POST['fix']) && $_POST['fix'] = 'ok'){
ShieldfyCryptoPHPRemoval::fix();
exit;
}
$_token = $_SESSION['_token'] = sha1(md5(time() * mt_rand() * uniqid(mt_rand()))) ;
ShieldfyCryptoPHPRemoval::scan();
?>
Congratulations your website is Clean
of files scanned in : seconds
Your website infected with CryptoPHP malware
of files scanned in : seconds
Fix my website