ค้นหา malware code ใน php script ผ่าน find , sed command

[golfreeze]

##Find
find /home \( -name "*.html" -o -name "*.php" \) -exec sed -i.bak 's/<script.*PaBUTyjaZYg.*script>//g' \{\} \;

#command syntax
sed -i 's/oldstring/newstring/g' *.txt
#acutal command
sed -i 's/eval(base64_decode("dnajkdbasjdbasjdasbjnkldnakdnasknklnKNDAKLSNDSALKNDKLASn"));//g' *.php

[golfreeze]

Command to remove malicious code:
#grep -lr --include=*.php "eval(base64_decode" /path/to/webroot | xargs sed -i.bak '/eval(base64_decode*/d'

If above command gives you correct output, execute following command to perform actual cleaning:
#grep -lr --include=*.php "eval(base64_decode" /path/to/webroot | xargs sed -i.bak 's/<?php eval(base64_decode[^;]*;/<?php\n/g'