From 3de29120db456e9d6915fa121bf2e2be369a17a2 Mon Sep 17 00:00:00 2001
From: Palma Solutions LTD <malin@cenusa.me>
Date: Sun, 14 May 2017 11:36:03 +0200
Subject: [PATCH] added one dot

---
 malware3.pl |  8 +++++++
 sc.php      | 68 +++++++++++++++++++++++++++--------------------------
 2 files changed, 43 insertions(+), 33 deletions(-)

diff --git a/malware3.pl b/malware3.pl
index a2fae4e..411a13d 100644
--- a/malware3.pl
+++ b/malware3.pl
@@ -585,7 +585,15 @@ foreach my $file (sort @files) {
         next if $file eq 'custom-facebook-feed-admin.php';
         next if $file eq 'membershipadmin.php';
         next if $file eq 'wppa-settings-autosave.php';
+        next if $file eq '*.txt';
+        next if $file eq '*.rar';
+        next if $file eq '*.zip';
+        next if $file eq '*.tar';
+        next if $file eq '*.gz';
+        next if $file eq '*.sql';
+
         
+
         print "Scanning $start_dir/$file... ";
 
         unless (-r "$start_dir/$file") {
diff --git a/sc.php b/sc.php
index 965b70c..7e59cc7 100644
--- a/sc.php
+++ b/sc.php
@@ -191,7 +191,7 @@ Order Deny,Allow
 Deny from all
 </FilesMatch>
 ';
-                foreach(glob("./{**/*,*}/wp-content/uploads/") as $dirname)
+                foreach(glob("../{**/*,*}/wp-content/uploads/") as $dirname)
                 {              
                     $hta = fopen($dirname."/.htaccess", "w");
                     fwrite($hta, $htdata);
@@ -220,7 +220,9 @@ function cryptophp(){
 
 /* Execute The Malware Scanner */
 function scanme(){
+
 require_once("./scan.php");
+
 }
 
 /* Execute The PHP Cleaner */
@@ -1090,6 +1092,7 @@ echo '<br><pre>';
 
 
 function version() {
+// externalized the function to version.php in order to keep this cleaner tha before
 
 require_once("version.php");
  
@@ -1284,49 +1287,48 @@ function parse_dir( $dir ) {
 }
 
 if (isset($_GET['run'])) $linkchoice=$_GET['run'];
-else $linkchoice='';
+    else $linkchoice='';
 
-switch($linkchoice){
+        switch($linkchoice){
 
-case 'removezero' :
-    removezero();
-    break;
+            case 'removezero' :
+                removezero();
+            break;
 
-case 'findchmod' :
-    findchmod();
-    break;
+            case 'findchmod' :
+                findchmod();
+            break;
 
-case 'optim' :
-    optim();
-    break;
+            case 'optim' :
+                optim();
+            break;
 
-case 'addsec' :
-    addsec();
-    break;
+            case 'addsec' :
+                addsec();
+            break;
 
-case 'getcleaner' :
-    getcleaner();
-    break;
+            case 'getcleaner' :
+                getcleaner();
+            break;
 
-case 'tmpcheck' :
-    tmpcheck();
-    break;
+            case 'tmpcheck' :
+                tmpcheck();
+            break;
 
+            case 'prefix' :
+                prefix();
+            break;
 
-case 'prefix' :
-    prefix();
-    break;
+            case 'symcheck' :
+                symcheck();
+            break;
 
-case 'symcheck' :
-    symcheck();
-    break;
+            case 'infection' :
+                infection();
+            break;
 
-case 'infection' :
-    infection();
-    break;
-
-case 'less' :
-    less();
+            case 'less' :
+                less();
     break;
 
 case 'pwds' :