Cleaning iFrame viruses

Anyone that has had to clean a website hacked by an iFrame virus will know how frustrating and time consuming it can be. We've had to do this to help out some clients in the past and so we've come up with this handy script:

find ./ -name "*" -type f -exec sed -i 's/<div style=\"display:none\"><iframe src=\"http:\/\/www.offending.site:8080/index.php\" width=556 height=731 ><\/iframe><\/div>//g' '{}' \;

To clean an infected site, all you need to do is modify the red part of this script with the iframe code found on your site and run this in the web root of your server. You will need SSH or some kind of terminal access. Remember to add escaping slashes before all your double quotes.

After cleaning please make sure to change the site's FTP password and uninstall any FTP programs that save site details without encrpyting them.

Hope this helps to put an end to a really annoying problem!