Eval base64_decode php virus

Share on Facebook0Share on Google+0Tweet about this on Twitter0Share on LinkedIn0

Hello Guys

If your site is infected with some virus like :


then it means your site is infected with eval base64_decode php virus and this code will be in our all of
the server files just after the php tag.

so the remove this code just download the file below and upload it to your server root folder like on many server :

htdocs or may be www and then run this file from our browser like http://xyz.com/eval-remover.php it will remove all the eval base64_decode code from your all the files and your site will be up again.

Please comment as well. 🙂

[wpdm_file id=2]

44 thoughts on “Eval base64_decode php virus

  1. I have uploaded your file in root directory of WordPress installation, but when i am loading your URL it’s just keep loading. Nothing showing after it. Please help. I am using Chrome

  2. Hi,

    I am infected as well. I tried to run your script it gave me a internal server error. My hosting platform is windows. Can you help me?

    My skype is rcjmdebeer

    I would be very grateful!


  3. Hey Sukh,

    My friend site also infected with base 64 virus. I am not aware of this stuff. I tried to add you on skype but, there are alot of user with id Sukh_Chan. Could you please let me which one is you, so i can contact you. Btw my skype id is mukeshsalaria01


  4. Hey Sukhchain, I ran this in a WP directory that had files containing malicious, injected code (that I found manually and kept the code in the files to see if your script would find it) and this script didn’t pick any of them up. Any idea why this would be the case?


    1. Hi

      First of all thanks.

      No, this script will only remove eval virus not the script code.

      But i am in the middle of one script which will do that as well.


  5. Hey does this still work? I tried to run it, but it just keep spinning in the browser and doesn’t look to be doing anything?? Need your help ASAP bud 🙂

  6. Hi,
    I tried this but it looks like it’s working and at some point it stops and says “Connection interrupted”
    The website is still not displaying correctly…
    Is there anything you would recommend me to do?

  7. Does it work on my localhost? I have create a check.php file on my localhost that php code is:

    also on there I have put your eval-remover.php file and run it but not remove eval code from check.php file. These 2 file are in a folder. How it not works on localhost?

  8. Hi, Sukhchain. I have tried to use it and uploaded it in the server. But when I open and try to run it in the browser, it just keeps on spinning and won’t open or run.
    Thanks for all your help!

  9. You are my hero! Thanks for publishing this!

    Still, I got a few errors when running this:

    Warning: fopen(./folder/mod_fullmenu.php) [function.fopen]: failed to open stream: Permission denied in /www/htdocs/eval.php on line 203

    Warning: fwrite() expects parameter 1 to be resource, boolean given in /www/htdocs/eval.php on line 206

    Warning: fclose() expects parameter 1 to be resource, boolean given in /www/htdocs/eval.php on line 208

    why is that? Is there any way to fix it?

    ‘Permission denied in /www/htdocs/eval.php on line 203’

    i think there is some directory write permissions issue.

    Please your directory permissions and then try.


  10. Dear Sir. Thank you for this tool.
    I am also a recently graduated Software Engineer and there is no way I would have been able to create something like that code (yet 🙂 )

    I should had discovered your tool a few days ago, since I had to manually find out what was the infection and how to remove it, manually.

    Anyway, thanks again. Great job!

  11. Hi,

    you are genius. I tried it on my local ma/c and it’s working fine.
    I want to know that how this eval virus can be injected in our website ?
    Because I want to prevent my website from this virus.
    Please tell me more about how can I prevent my website from this virus ?


  12. Hi, I’m a beginner and I have a few sites that are infected. If it’s not too trouble would you mind giving me instructions that a beginner can follow.
    I would really appreciate it.
    I’m a full time firefighter and trying to start a wordpress business but because of some malicious files, I have come to a standstill.

Leave a Reply

Your email address will not be published. Required fields are marked *