Shulou(Shulou.com)06/03 Report--

This article introduces the knowledge of "how to use ntiiframe.vbs to batch clear the malicious generation added to the file". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

AntiIframe.vbs

# this script is the reverse of a batch horse program, which is used to batch clean up malicious code added to the file. Notepad to open a file can modify the Pattern parameter to specify the file name to be processed, separated by | (vbs regular expression is also supported). As you want to modify the file, please use it carefully (it is best to back up the file first)

# usage: CScript AntiIframe.vbs [path to process] [file containing purged content]

# example: CScript AntiIframe.vbs d:\ Web d:\ lake2.txt

The copy code is as follows:

'

'Anti-Iframe in vbs

'Author: lake2 (http://lake2.0x54.org)

Date: 2007-2-27

'Version: 1.1

'

'- Config Start-

'configure the file name to be processed, either using vbs regular expressions or using the "(index.asp | index.htm | index.html)" enumeration format

Pattern = "^. +\. (htm | html | asp | aspx | php) $"

'- Config End-

Call ShowInfo ()

If WScript.Arguments.Count = 2 Then

If Right (WScript.Arguments.Item (0), 1) = "\" Then

If len (WScript.Arguments.Item (0)) > 3 then

ThePath = Mid (WScript.Arguments.Item (0), 1 Len (WScript.Arguments.Item (0))-1)

Else

ThePath = WScript.Arguments.Item (0)

End if

Else

ThePath = WScript.Arguments.Item (0)

End If

Call CheckArg (thePath)

WScript.Echo "start cleaning, please wait a moment."

Call ShowAllFile (thePath)

WScript.Echo vbcrlf & "cleanup complete!" & vbcrlf

Else

Call ShowHelp ()

End If

Sub ShowInfo ()

HelpStr = HelpStr & "=" & vbcrlf

HelpStr = HelpStr & "= Welcome to Thunder Map ASP webmaster Security Assistant vbs version =" & vbcrlf

HelpStr = HelpStr & "= the Anti- hangs the horse in batch =" & vbcrlf

HelpStr = HelpStr & "= Author: lake2 =" & vbcrlf

HelpStr = HelpStr & "= Email:lake2@mail.csdn.net =" & vbcrlf

HelpStr = HelpStr & "= Welcome to visit www.0x54.org for more information =" & vbcrlf

HelpStr = HelpStr & "=" & vbcrlf

HelpStr = HelpStr & vbcrlf

WScript.Echo HelpStr

End Sub

Sub ShowHelp ()

HelpStr = HelpStr & "# usage: CScript AntiIframe.vbs [path to process] [file containing purged content]" & vbcrlf

HelpStr = HelpStr & "# example: CScript AntiIframe.vbs d:\ Web d:\ lake2.txt" & vbcrlf

HelpStr = HelpStr & vbcrlf

WScript.Echo HelpStr

End Sub

Sub CheckArg (arg)

TmpPath = arg

Set objFSO = WScript.CreateObject ("Scripting.FileSystemObject")

If Not objFSO.FileExists (WScript.Arguments.Item (1)) Then

WScript.Echo "Error: configuration file not found" & WScript.Arguments.Item (1) & "!"

WScript.Quit

ElseIf Not objFSO.FolderExists (tmpPath) Then

WScript.Echo "Error: wrong path" & tmpPath & "!"

WScript.Quit

End If

Set objFSO = Nothing

End Sub

'traverse all files that process path and its subdirectories

Sub ShowAllFile (Path)

Set FSO = CreateObject ("Scripting.FileSystemObject")

Set g = FSO.GetFile (WScript.Arguments.Item (1))

If g.Size > 0 Then

Set ts2 = g.OpenAsTextStream (1-2)

Filecon = ts2.ReadAll

Ts2.Close

Set ts2 = Nothing

Else

WScript.Echo "Error: configuration File" & WScript.Arguments.Item (1) & "size 0!"

WScript.Quit

End If

Set g = Nothing

Set f = FSO.GetFolder (Path)

Set fc2 = f.files

On Error Resume Next

For Each myfile in fc2

If Err Then WScript.Echo "insufficient permissions to check the directory" & thePath:exit sub

Set regEx = New RegExp

RegEx.IgnoreCase = True

RegEx.Global = True

RegEx.Pattern = Pattern

If regEx.Test (myfile.name) Then

CheckFile path& "\" & myfile.name, filecon

End If

Set regEx = Nothing

Next

Set fc = f.SubFolders

For Each f1 in fc

ShowAllFile path& "\" & f1.name

Next

Set FSO = Nothing

End Sub

Sub CheckFile (filepath, filecon2)

XSet = GetCharSet (filepath)

Set tStream = CreateObject ("ADODB.Stream")

TStream.type = 1

TStream.mode = 3

TStream.open

TStream.Position=0

TStream.LoadFromFile FilePath

If err Then Exit Sub end if

TStream.type = 2

TStream.charset = xSet

Do Until tStream.EOS

Filecon = filecon & LCase (tStream.ReadText (102400))

Loop

TStream.close ()

Set tStream = Nothing

If InStr (filecon, filecon2) > 0 Then

Filecon = Replace (filecon, filecon2, "")

Set tStream = CreateObject ("ADODB.Stream")

TStream.type = 2

TStream.mode = 3

TStream.charset = xSet

TStream.open

TStream.Position=0

TStream.WriteText filecon

TStream.SaveToFile filepath, 2

TStream.close ()

Set tStream = Nothing

WScript.Echo "has fixed the file:" & filepath& "..."

End If

End Sub

Function GetCharSet (xPath)

Set tStream = CreateObject ("ADODB.Stream")

TStream.type = 1

TStream.mode = 3

TStream.open

TStream.Position = 0

TStream.LoadFromFile xPath

Byte1 = ascB (tStream.Read (1))

Byte2 = ascB (tStream.Read (1))

Byte3 = ascB (tStream.Read (1))

TStream.close ()

Set tStream = Nothing

If byte1=239 and byte2=187 and byte3=191 Then

GetCharSet = "UTF-8"

Else

GetCharSet = "GB2312"

End If

End Function

This is the end of the content of "how to use ntiiframe.vbs to batch clear the malicious generation that has been added to the file". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.