My site was infected with Trojan, and I know there should be some bad scripts embedding in some of my php files. But the problem is as there are sooooo many php files there, how could I know which one of them are injected with the Trojan scripts? Thank you.
Actually, I can’t access my blog right now, since my antivirus stopped me from doing so and give me a warning. Hence, I am afraid I cannot install plugin for that. On the hand, is it possible for Karpesky to figure out 1-2 lines of Trojan scripts inside a php file?
Access from a secondary pc or vmware. Check out the source of your site, that would give you an idea of where the malware code has been injected.
I am afraid that checking the soruce alone is not enough, as the Trojan scripts will be immersed into several of thousand php files
This happened to me not too long ago and I wrote a blog here on DP about it. It's complicated because it will infect your html files and even your mysql database files. The script is usually run encoded which makes it that much harder to find and remove. Chances are you have the malicious code on your Personal Computer and on your Web Server. You'll need to do a bunch of work to remove it but hopefully you have clean versions of your Database and your raw HTML files (which makes restoring quite easy). For me it was iframe interjections but removing them is pretty much the same for any virus. See my original blog entry about wordpress hack solutions here ---> http://blogs.digitalpoint.com/entry.php?b=45 ps: don't forget to change your passwords and get a decent antivirus program for your machine.