ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Need help cleaning virus inside HTML files

<< < (2/3) > >>

rsatrioadi:
Hi all, thanks for the replies.

@Curt
Thank you for the recommendations, but the links you provided helps with shortcuts and .vbs files, which were already handled by Avast. My biggest problem now are embedded vbscripts inside HTML files.

@mouser and @MilesAhead
Unfortunately part of my work deals with a collection of HTML files, most of which were synced over Dropbox (for team projects) and Copy (for my personal projects). I realized the existence of the virus when Dropbox on my other computer reported changes in HTML files when no one's working on them, so I installed antivirus, and the rest is history. So while I probably will do fresh install anyway, there are still infected files that I have to deal with. I know that both Dropbox and Copy keep backups of older versions, but since there are so many files across different directories I think it's more feasible to have a script that cleans the files rather than restoring backups one by one. But if you have any other suggestions I'm all ears.

@4wd
I need to clarify something: after looking at some of the infected files it seems that the <SCRIPT..>'s were appended at the end of each files, so for example if there's a HTML file with only


--- ---<p>blahblah</p>
in it it would be modified to


--- ---<p>blahblah</p><SCRIPT Language=..>
. So I think the correct approach should be looking for a SCRIPT element with Language=VBScript. If you can write the batch file I'd be very thankful.

4wd:
Freakin' escaping DOS characters is nuts  :huh:

Couldn't quite get that to work so here's a quick'n'dirty alternative:

RemVBSfHTM.cmd
RemVBSfHTM.exe

The command file walks the directory tree for .htm and .html files and passes them to the executable which writes out a new temp file up to the point it finds <SCRIPT Language=VBScript> (case insensitive), it then writes out the remainder of the line, closes the file, renames the original file to name-old+vbs, and then moves the temporary file into it's place.

Seems to work here OK but I can't try every possible combination of screwed up file.

Put both files in the same directory somewhere, open a CLI and run using: RemVBSfHTM.cmd <path>

Where <path> is the full path to the top level directory of the tree, quoted if it has spaces in the name, eg. RemVBSfHTM.cmd "K:\html junk"

Source of RemVBSfHTM.exe in AutoIt:

--- Code: AutoIt ---#Region ;**** Directives created by AutoIt3Wrapper_GUI ****#AutoIt3Wrapper_Change2CUI=y#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** $sTempFile = @TempDir & "\RemVBSfHTM.txt"$sTest = "<SCRIPT Language=VBScript>" If $CmdLine[0] = 0 Then        Exit (1)Else        $sFile = $CmdLine[1]EndIf $hFile = FileOpen($sFile, 0)If $hFile = -1 Then        ConsoleWrite("Unable to open '" & $sFile & "' for reading." & @CRLF)        _Exit()EndIf$hTempFile = FileOpen($sTempFile, 2)If $hTempFile = -1 Then        ConsoleWrite("Unable to open '" & $sTempFile & "' for writing." & @CRLF)        _Exit()EndIf While 1        $sLine = FileReadLine($hFile)        If @error = -1 Then ExitLoop        If StringInStr($sLine, $sTest) > 0 Then                $sLine = StringLeft($sLine, StringInStr($sLine, $sTest) - 1)                FileWriteLine($hTempFile, $sLine)                ExitLoop        Else                FileWriteLine($hTempFile, $sLine)        EndIfWEnd FileClose($hTempFile)FileClose($hFile) If FileMove($sFile, $sFile & "-old+vbs") = 0 Then        ConsoleWrite("Unable to rename '" & $sFile & "' prior to replacement." & @CRLF)        _Exit()Else        FileMove($sTempFile, $sFile)EndIf  Func _Exit()        ExitEndFunc   ;==>_Exit
It'll write out to RemVBSfHTM.log if it can't open either the original file for reading, the temporary file for writing, or renaming the original file (in which case it won't rename the temporary file).

So it might pay to make sure all files are not read-only and that you have permission to write to them before running.

Also, even if the HTML doesn't contain the relevant line it'll still get replaced, (I'm lazy).

MilesAhead:
This may be designed for it

http://htmlcleaner.sourceforge.net/parameters.php

You would want to check for terminating the file before the extraneous stuff at the end.  But it seems to have a flag to strip out entire tag sections such as Script etc..

rsatrioadi:
Thanks so much 4wd, I will try running the program in a small directory first to see the result. I'll let you know if it works well with my set of files.

Thanks MilesAhead, I'll look into it and try around, but I think and hope 4wd's script is enough for this task.

I really appreciate your helps and suggestions.

rsatrioadi:
Hello!

tl;dr: I used 4wd's script and it did it! My HTML files are clean now! Thank you so much 4wd, you saved my life files! (But also probably life!) And also thank you for getting me to learn AutoIt scripting a bit because of your laziness. :P

More:

I hope it is okay that I made a few modifications to the script like so: at first I used the script on a two small directories (say C:\a\a1 and C:\a\a2) and it worked, so I used it again on their parent directory (C:\a) that contains more directories other than a1 and a2. When I ran it there, it made backups of already cleaned files in a1 and a2, and made backups of the previous backups! Since I was going to use the script again on a larger scale (C:\), I didn't want it to make more and more duplicate backups, so I studied the script, downloaded AutoIt, tinkered around, and finally made it so that uninfected files wouldn't be backed up.

In the end I ran the script on C:\ and it repaired all but those in C:\Program Files. But there are not so many HTML files there, only some help files that can be fixed by reinstalling the software so it's all great. :Thmbsup:

The modified script:


--- Code: AutoIt ---#Region ;**** Directives created by AutoIt3Wrapper_GUI ****#AutoIt3Wrapper_Change2CUI=y#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** $sTempFile = @TempDir & "\RemVBSfHTM.txt"$sTest = "<SCRIPT Language=VBScript>" If $CmdLine[0] = 0 Then        Exit (1)Else        $sFile = $CmdLine[1]EndIf $hFile = FileOpen($sFile, 0)If $hFile = -1 Then        ConsoleWrite("Unable to open '" & $sFile & "' for reading." & @CRLF)        _Exit()EndIf$hTempFile = FileOpen($sTempFile, 2)If $hTempFile = -1 Then        ConsoleWrite("Unable to open '" & $sTempFile & "' for writing." & @CRLF)        _Exit()EndIf $found = FalseWhile 1        $sLine = FileReadLine($hFile)        If @error = -1 Then ExitLoop        If StringInStr($sLine, $sTest) > 0 Then                $found = True                $sLine = StringLeft($sLine, StringInStr($sLine, $sTest) - 1)                FileWriteLine($hTempFile, $sLine)                ExitLoop        Else                FileWriteLine($hTempFile, $sLine)        EndIfWEnd FileClose($hTempFile)FileClose($hFile) If $found Then        If FileMove($sFile, $sFile & "-old+vbs") = 0 Then                ConsoleWrite("Unable to rename '" & $sFile & "' prior to replacement." & @CRLF)                _Exit()        Else                FileMove($sTempFile, $sFile)        EndIfEndIf Func _Exit()        ExitEndFunc   ;==>_Exit
So again, thank you very much 4wd and donationcoder, and I apologize for modifying the script without asking for your permission first.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version