We do face iframe injections and its not possible to search iframe injection one by one at that time, we can refer to the following script to search the iframe injected files.
Create the new file iframe.sh and add the following lines and replace the iframe code URL in the following code from
http://tester.com to the URL which is inserted in the files.
#!/bin/sh
find -type f > files
for FIL in `cat files`
do
grep -l “iframe src=http://tester.com/” $FIL >> infected-list-iframe
done
Now run the file iframe.sh it will restore the iframe injected files in the infected-list-iframe
