Website hacked, how to remove malicious code with SED / GREP

Question

a website of mine is hacked. In every php file a line of code is added. I wont post the complete code here, but it starts with:

Answer 1

You can try this : https://github.com/daniyalahmadk/RMCI

Just need to put that code in box and hit submit, it will search code from files and remove them all once.

Answer 2

You need to add s/ at the start.

sed 's/<?php if(\!isset.*gzagexgpdc-1; ?>//g' *.php

OR

sed -r 's/<\?php if\(!isset.*gzagexgpdc-1; \?>//g' *.php

Add -i parameter to save the changes made.

Answer 3

This should work.

find . -name "*.php" -print0 | xargs -0 sed -ri '1s/^<\?php if\(!isset\(\$GLOBALS\[.*-1; \?>//' *.php