This question already has an answer here: How do I deal with a compromised server? 12 answers I have malicious code in every php file. This malicius code is auto paste at the beginning of file. I want to remove this with UNIX command from console. This is malicious code: <?php $guobywgpku = '..... u=$bhpegpvvmc-1; ?> I write this RegExp, "/<\?php \$guobywgpku.*\?>/m" and this RegExp work. I tested it here. The problem is, write command which remove this malicious code from every php file on the sever. Please Help me. Now i have something like this. sed "/<\?php \$guobywgpku.*\?>/m" index.php