Mahmoud ElMansy: knowledge meant to be free

Clean Up Your Database From Malware

If your site was hacked and all you database data has been changed to hold MalWare script.

I have made a simple script to clean you data from this text.

DECLARE @col sysname
DECLARE @tbl sysname
DECLARE @SQL nvarchar(256)

DECLARE crsFix cursor FOR
SELECT TABLE_NAME, Column_name FROM information_schema.COLUMNS INNER JOIN sys.TABLES ON sys.TABLES.name=information_schema.COLUMNS.TABLE_NAME
WHERE (data_type = 'nvarchar' OR data_type='varchar')
OPEN crsFix
fetch NEXT FROM crsFix INTO @tbl, @col
while(@@Fetch_Status = 0)
BEGIN
    SET @SQL = 'Update [' + @tbl + '] set [' + @col + '] = replace('+@col+',''">Hack text<!--'','''''+')'  
    EXEC sp_executesql @SQL
   
    SET @SQL = 'Update [' + @tbl + '] set [' + @col + '] = replace('+@col+',''">Hack text'','''''+')'  
     EXEC sp_executesql @SQL
      SET @SQL = 'Update [' + @tbl + '] set [' + @col + '] = replace('+@col+',''"></title>Hack text'','''''+')'  
     EXEC sp_executesql @SQL
    --
    fetch NEXT FROM crsFix INTO @tbl, @col
END
close crsFix
deallocate crsFix