Messages - rsatrioadi [ switch to compact view ]

Pages: [1] 2 3 4 5 6 ... 12next
1
General Software Discussion / Re: Need help cleaning virus inside HTML files
« on: March 17, 2015, 12:40 PM »
Hello!

tl;dr: I used 4wd's script and it did it! My HTML files are clean now! Thank you so much 4wd, you saved my life files! (But also probably life!) And also thank you for getting me to learn AutoIt scripting a bit because of your laziness. :P

More:

I hope it is okay that I made a few modifications to the script like so: at first I used the script on a two small directories (say C:\a\a1 and C:\a\a2) and it worked, so I used it again on their parent directory (C:\a) that contains more directories other than a1 and a2. When I ran it there, it made backups of already cleaned files in a1 and a2, and made backups of the previous backups! Since I was going to use the script again on a larger scale (C:\), I didn't want it to make more and more duplicate backups, so I studied the script, downloaded AutoIt, tinkered around, and finally made it so that uninfected files wouldn't be backed up.

In the end I ran the script on C:\ and it repaired all but those in C:\Program Files. But there are not so many HTML files there, only some help files that can be fixed by reinstalling the software so it's all great. :Thmbsup:

The modified script:

Code: AutoIt [Select]
  1. #Region ;**** Directives created by AutoIt3Wrapper_GUI ****
  2. #AutoIt3Wrapper_Change2CUI=y
  3. #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
  4.  
  5. $sTempFile = @TempDir & "\RemVBSfHTM.txt"
  6. $sTest = "<SCRIPT Language=VBScript>"
  7.  
  8. If $CmdLine[0] = 0 Then
  9.         Exit (1)
  11.         $sFile = $CmdLine[1]
  13.  
  14. $hFile = FileOpen($sFile, 0)
  15. If $hFile = -1 Then
  16.         ConsoleWrite("Unable to open '" & $sFile & "' for reading." & @CRLF)
  17.         _Exit()
  19. $hTempFile = FileOpen($sTempFile, 2)
  20. If $hTempFile = -1 Then
  21.         ConsoleWrite("Unable to open '" & $sTempFile & "' for writing." & @CRLF)
  22.         _Exit()
  24.  
  25. $found = False
  27.         $sLine = FileReadLine($hFile)
  28.         If @error = -1 Then ExitLoop
  29.         If StringInStr($sLine, $sTest) > 0 Then
  30.                 $found = True
  31.                 $sLine = StringLeft($sLine, StringInStr($sLine, $sTest) - 1)
  32.                 FileWriteLine($hTempFile, $sLine)
  33.                 ExitLoop
  34.         Else
  35.                 FileWriteLine($hTempFile, $sLine)
  36.         EndIf
  38.  
  39. FileClose($hTempFile)
  40. FileClose($hFile)
  41.  
  42. If $found Then
  43.         If FileMove($sFile, $sFile & "-old+vbs") = 0 Then
  44.                 ConsoleWrite("Unable to rename '" & $sFile & "' prior to replacement." & @CRLF)
  45.                 _Exit()
  46.         Else
  47.                 FileMove($sTempFile, $sFile)
  48.         EndIf
  50.  
  51. Func _Exit()
  52.         Exit
  53. EndFunc   ;==>_Exit

So again, thank you very much 4wd and donationcoder, and I apologize for modifying the script without asking for your permission first.

2
General Software Discussion / Re: Need help cleaning virus inside HTML files
« on: March 17, 2015, 08:38 AM »
Thanks so much 4wd, I will try running the program in a small directory first to see the result. I'll let you know if it works well with my set of files.

Thanks MilesAhead, I'll look into it and try around, but I think and hope 4wd's script is enough for this task.

I really appreciate your helps and suggestions.

3
General Software Discussion / Re: Need help cleaning virus inside HTML files
« on: March 16, 2015, 07:34 PM »
Hi all, thanks for the replies.

@Curt
Thank you for the recommendations, but the links you provided helps with shortcuts and .vbs files, which were already handled by Avast. My biggest problem now are embedded vbscripts inside HTML files.

@mouser and @MilesAhead
Unfortunately part of my work deals with a collection of HTML files, most of which were synced over Dropbox (for team projects) and Copy (for my personal projects). I realized the existence of the virus when Dropbox on my other computer reported changes in HTML files when no one's working on them, so I installed antivirus, and the rest is history. So while I probably will do fresh install anyway, there are still infected files that I have to deal with. I know that both Dropbox and Copy keep backups of older versions, but since there are so many files across different directories I think it's more feasible to have a script that cleans the files rather than restoring backups one by one. But if you have any other suggestions I'm all ears.

@4wd
I need to clarify something: after looking at some of the infected files it seems that the <SCRIPT..>'s were appended at the end of each files, so for example if there's a HTML file with only

[Select]
<p>blahblah</p>

in it it would be modified to

[Select]
<p>blahblah</p><SCRIPT Language=..>

. So I think the correct approach should be looking for a SCRIPT element with Language=VBScript. If you can write the batch file I'd be very thankful.

4
General Software Discussion / Need help cleaning virus inside HTML files
« on: March 16, 2015, 09:54 AM »
Hello folks, long time no see.

tl;dr: some virus infected many (I hope not all...yet) HTML files inside my hard drive. It embedded nasty vbscript at the end of each file (after </html> tag). My antivirus detected but cannot repair them. What next?

Longer story:

After years of not using Windows, I got my hand on a Windows machine. Silly me didn't install antivirus at the first chance, so circa day 2 I got it infected with viruses from an infected flash drive. I installed Avast and ran a scan. Most .exe and .dll files were repaired but many HTML files are left unfixed (see tl;dr above). Here's a screenshot of the vbscript inside a file:

html.png

The <SCRIPT..> parts are the same in each infected HTML files, but the "gibberish" HTML comment after the closing </SCRIPT> differs from file to file. I don't know if this comment part does any harm, though.

So, any suggestions on how to clean them? If there's no ready-made solution maybe somebody can write me a script that reads all HTML files inside a directory and remove any vbscripts inside it? Pretty please? ;)

Thanks beforehand for any help.

5
Living Room / Re: Current web-based RSS readers - What is your pick?
« on: August 11, 2014, 12:24 AM »
I'm one of the Google Reader refugee who have found shelter in The Old Reader. Made by fellow 'victims' of Google Reader shutdown, it looks and behaves almost exactly like Google Reader.

I also tried Digg Reader but I find The Old Reader suits me better.

Pages: [1] 2 3 4 5 6 ... 12next
Go to full version