This Malware Scanner script scans files and detects for a possible malware codes. This script will return a list of possible infected files. Each file will be labelled with (eval, c99madshell, & long_text) and a portion of the matched codes. The script will match a word “eval(…), <?php $md5=”…”; $wp_salt=”…”; … (also know as ‘c99madshell’), and a long_text such as “FEKS2121asFklMn83kUgdlf/sDkn12L+…”, because I believe these are potential malware code.
When you’re done running the malware scanner script, double check the result. Do not delete or clean them immediately. The script matches also clean files as long as it has the 3 potential hacker codes. So, please be careful.
Below are the sample results:
1. ./website.com/wp-includes/js/tw-sack.dev.js – eval – eval(this.response
- File - ./website.com/wp-includes/js/tw-sack.dev.js
- Label – eval
- Small portion of Matched Code –
- Not a hacker code
2. ./website2.com/system/libs/65d1.php – long_text – UeZTUf77n6yg8roYttj54AztjS3gfP7FhotwRGOTO9CKDOJeAr
- File -
- Label –
- Small portion of Matched Code – UeZTUf77n6yg8roYttj54AztjS3gfP7FhotwRGOTO9CKDOJeAr
- I checked the file and confirmed it was a hacker’s code.
Download Malware Scanner
To use the script you can run it on your favorite browser or using a command line (recommended):
$ time php scanner_2.6.php 2>&1 >> scanner_log | tail -f scanner_log
This command will run the
scanner_2.6.php and log the output on