VBS清除全盤網頁檔案被掛馬程式碼【VBS專殺】
阿新 • • 發佈:2019-01-11
由於有些病毒很噁心的感染了全盤檔案, 感染exe還不說,還感染網頁檔案,真的極度變態噁心啊!防毒軟體清除exe檔案還好,但是網頁檔案會被直接刪除掉,好吧,自己動手,豐衣足食。用vbs寫了這個指令碼。
使用說明:將以下程式碼複製儲存到一個vbs檔案中,然後在執行的時候開啟cmd,用cd命令切換到vbs指令碼資料夾下,執行cscript 指令碼名字。然後會彈出一個對話方塊要求輸入掛馬程式碼,輸入即可。然後接下來等著指令碼自動遍歷所有碟符中的網頁尾本檔案,並且自動去清除掛馬程式碼。
該指令碼主要為遍歷所有的檔案於資料夾,如果發現是網頁尾本字尾名的,先對其網頁檔案檢查是否有掛馬程式碼,如果發現有,先備份網頁檔案,然後把掛馬程式碼替換為空。替換後再進行檢查確認是否成功清除,並且給出提示。清除成功後寫入日子檔案記錄。日誌檔案儲存在d:/log.txt檔案中。
效果如下:
'On Error Resume Next
'ma="<script type=" & chr(34) & "text/javascript"& chr(34) & " src="& chr(34) &"http://web.nba1001.net:8888/tj/tongji.js"& chr(34) & "></script>"ma=inputbox("please input string")
MyString=".asp|.html|.htm|.aspx|.php|.jsp|.php"
MyArray = Split(MyString, "|", -1, 1)
Wscript.echo (br) & "惡意程式碼:" & ma & vbCrLf & vbCrLf
Set fso = createObject("Scripting.FileSystemObject")
Set ds=fso.Drives
For Each d in ds
Wscript.echo (br) & " 掃描碟符:" & d.DriveLetter & (br)
scan(d.DriveLetter & ":\")
Next
'scan("G:\")
'set filesder0=fso.getfolder("G:\")
'set subfolders3=filesder0.subfolders
'for each subfolder0 in subfolders3
' scan(subfolder0)
'next
'掃描檔案
sub scan(filesder)
set filesder1=fso.getfolder(filesder)
set files1=filesder1.files
for each fext in files1
Wscript.echo (br) & " 掃描檔案:" & fext & (br)
Set file1 = fso.GetFile(fext)
filesext=file1.Name
ext=lcase(filesext)
For Each inx in MyArray
if Right(ext,4)=lcase(inx) Or Right(ext,5)=lcase(inx) then
'Wscript.echo Right(ext,4)
wr_content = GetFileContent(fext)
echo = (br) & " 正在檢查 " & fext & " 檔案中的內容" & (br)
'echo= "正在檢查" & fext & " 檔案中的內容"
Wscript.echo (echo)
if CheckCode(fext,wr_content,ma) = 1 then
call ClearCode(fext,wr_content,ma)
else
echo=" "
'echo=" 恭喜" & fext & "檔案中沒有惡意程式碼"
Wscript.echo (br) & " 恭喜 " & fext & " 檔案中沒有惡意程式碼" & (br)
Wscript.echo (echo)
end if
Wscript.echo (echo)
end if
next
next
'掃描子目錄
set subfolders2=filesder1.subfolders
for each subfolder2 in subfolders2
scan(subfolder2)
next
end sub
'讀取檔案內容
Function GetFileContent(filename)
'msgbox filename
'Wscript.Echo filename
Set file2=fso.OpenTextFile(filename)
set file3 = fso.GetFile(filename)
if file3.size > 0 Then
'if fso.FileExists(filename) Then
file_content = file2.ReadAll
else
file_content = ""
end if
set file3 = Nothing
'if not files.Eof Then
'file_content = file2.ReadAll
'else
'file_content = ""
'end if
file2.close
set file2 = nothing
GetFileContent = file_content
End Function
'檢查是否存在惡意掛馬程式碼
Function CheckCode(fext,file_content,ma)
'wscript.echo file_content
if instr(file_content,ma) <> 0 Then
Wscript.echo (br) & " 在 " & fext & " 發現惡意程式碼" & (br)
wr_content = replace(file_content,ma,"")
res = 1
else
res = 0
end if
CheckCode = res
End Function
'清除檔案中的惡意程式碼
Sub ClearCode(fext,wr_content,ma)
Call fso.CopyFile(fext,fext & ".bak")
call WriteLogs(fext)
Set ts = fso.OpenTextFile(fext,2)
if wr_content <> "" Then
'if not ts.eof Then
'wr_content = ts.ReadAll
wr_content =replace(wr_content,ma,"",1)
if trim(wr_content) <> "" Then
ts.WriteLine(wr_content & " ")
'if err then
'wscript.echo wr_content
'end if
end if
'else
'wr_content = ""
'end if
echo=" "
'wscript.echo (br) & " Clear " & fext & " malware code " & (br)
Wscript.echo (br) & " 正在清除 " & fext & " 檔案中惡意程式碼" & (br)
if CheckCode(wr_content,ma) = 0 then
echo=" "
'echo=" 恭喜!" & fext & "惡意程式碼已經清除"
echo = (br) & " 恭喜 " & fext & " 惡意程式碼已經清除" & (br)
Wscript.echo (echo)
else
echo = (br) & " 恭喜 " & fext & " 惡意程式碼清除失敗" & (br)
Wscript.echo (echo)
'call ClearCode(fext,wr_content,ma)
end if
echo=" "
'echo=" 清除" & fext & "檔案中的惡意程式碼完成"
echo = (br) & " 清除 " & fext & "檔案中的惡意程式碼完成 " & (br)
Wscript.echo (echo)
end if
ts.close
Set ts = nothing
end sub
'寫入日誌檔案
Sub WriteLogs(fext)
Set ts = fso.OpenTextFile("d:\logs.txt",8)
if fext <> "" Then
ts.WriteLine(fext & " 檔案中發現惡意程式碼")
echo = (br) & " 清除 " & fext & "檔案中的惡意程式碼完成 " & (br)
Wscript.echo (echo)
echo=" "
echo = (br) & fext & " 寫入日誌成功" & (br)
Wscript.echo (echo)
end if
ts.close
set ts = nothing
end sub