Trying to remove malware code with find and sed

Question

Some stupid monkeys wasted their and my time infecting one of our websites. Now, it seems that the website has been compromised via ftp and a whole bunch of files have been infected. Having changed the ftp credentials, my idea now was to run find and sed to get rid of the code:

find . -type f -exec sed -i 's/term-to-search-for//g' {} \;

Now I need some help with the regex. The script starts with <script> then there is some JS-code, then there's always a variable called egbserb (which is never used elsewhere) and there's the closing tag (</script>). Two questions:

1. This is what I tried: script*egbserb*script (keep it stupid simple), but it didn't work out.
2. If the code is written over more lines, how would I have to write the regex then?

Thanks a lot in advance!

Answer 1

Following should help you. (Assumption: I am working on test_regex file)

sed -r -i "s/.*ebgserb.*//g" test_regex
sed -r -i "s/.*split\(\"\&\&\"\).*//g" test_regex

Answer 2

I faced a similar issue and I used this successfully. You can use this Perl script:

#!/usr/bin/perl

use strict;
use warnings;
my @arr;
my $start;
my $flag=1;
open (MYFILE, 'temp');

while (<MYFILE>) {
if($flag!=0)
{
push(@arr,$_);
}
                if(/<\/script>/)
                {
                $flag=1;
                }
                if(/<script>/)
                {
                $start=scalar(@arr);
                }
          if(/ebgserb/)
          {
          delete @arr[$start-1..(scalar(@arr)-1)];
          $flag=0;
          }
}
print "@arr";
close(MYFILE);