How to mass Search & Replace in text files.
Lance F. Squire
lance-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org
Fri May 1 17:46:42 UTC 2009
Jamon Camisso wrote:
> Lots of different ways to solve this problem it sounds like. Why don't
> you post a sample segment of infected code e.g. between your
> <body></body> tags on somewhere like pastebin.ca (or in an email if
> people agree).
>
> I propose that with said code, anyone on the list who is interested
> write a program/script/command etc. to solve said problem and submit
> them somewhere -- we could try doing everything through the wiki,
> starting with the sample code.
>
> Then after a few submissions we have a vote in which solution is the
> best for x,y,z reasons etc. Submissions could be anonymous or attributed.
>
> Any takers?
>
> Jamon
Sounds like an Idea.
The offending JS is identified as:
trojan horse "JS:Redirector-H [Trj]"
It has infected 154 files on one site. I'm guessing the guy who edits
the sites computer was/is infected.(I'm sure he is looking at that now.)
The script is actually between the </head> and the <body> tags. Actually
outside of either.
If someone has already experienced this, others I'm sure would like to know.
Google only turned up how to un-infect your Windows client. I could find
nothing of easy removal from multiple web pages... (Maybe I'm not
searching right...)
I'll pastbin the code:
http://pastebin.ca/1409588
Lance
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list