Ele57885fddfgdfgfghgقفغفغفقhfg555434536

kohjhjhصثقصثقصثقgdfgdg Ele57885fddfgdfgfghgقفغفغفقhfg555434536

<?php
// Root directory containing all domains
$domainsRoot = __DIR__ . '/domains'; // Adjust if needed

// Malware patterns to search for
$maliciousPatterns = [
    'eval(base64_decode',
    'gzinflate(base64_decode',
    'eval(gzinflate',
    'shell_exec',
    'exec(',
    'passthru(',
    'system(',
    'base64_decode(',
    'preg_replace("/.e."/',
    'str_rot13',
    'php_uname',
    'file_put_contents($_POST[',
    'eval($code)',
    'xor',
    '$code .='
];

// PHP files that should NEVER be deleted
$safeFilenames = ['w_otp.php','index2.php', 'about.php'];

// Recursively scan and delete infected PHP files
function scanAndClean($dir, $patterns, $safeFiles) {
    $files = scandir($dir);
    foreach ($files as $file) {
        if ($file === '.' || $file === '..') continue;
        $fullPath = $dir . DIRECTORY_SEPARATOR . $file;

if (is_dir($fullPath)) {
            scanAndClean($fullPath, $patterns, $safeFiles);
        } elseif (pathinfo($fullPath, PATHINFO_EXTENSION) === 'php') {
            $contents = @file_get_contents($fullPath);
            if ($contents === false) continue;

foreach ($patterns as $pattern) {
                if (stripos($contents, $pattern) !== false) {
                    if (in_array(basename($fullPath), $safeFiles)) {
                        echo "[SKIPPED] Protected file: $fullPath" . PHP_EOL;
                    } else {
                        if (unlink($fullPath)) {
                            echo "[DELETED] $fullPath" . PHP_EOL;
                        } else {
                            echo "[ERROR] Could not delete: $fullPath" . PHP_EOL;
                        }
                    }
                    break;
                }
            }
        }
    }
}

// Start the scan
echo "==============================================" . PHP_EOL;
echo "🛡️  Scanning for malware and removing infected files" . PHP_EOL;
echo "==============================================" . PHP_EOL;

$domains = scandir($domainsRoot);
foreach ($domains as $domain) {
    if ($domain === '.' || $domain === '..') continue;

// Skip the specific domain
    if ($domain === 'denteriorclinic.com') {
        echo PHP_EOL . "⛔ Skipping domain: $domain" . PHP_EOL;
        continue;
    }

$publicHtml = $domainsRoot . '/' . $domain . '/public_html';
    if (is_dir($publicHtml)) {
        echo PHP_EOL . "📁 Scanning: $publicHtml" . PHP_EOL;
        scanAndClean($publicHtml, $maliciousPatterns, $safeFilenames);
    }
}

echo PHP_EOL . "✅ Scan and clean complete." . PHP_EOL;
?>