删除数据库恶意脚本

USE DataBaseName
GO
DECLARE @MAXID INT
DECLARE @ID INT
DECLARE @SQL NVARCHAR(MAX)
DECLARE @TableName NVARCHAR(100)

SET @ID = 0

SELECT TOP 1 @MAXID = id FROM sysobjects WHERE [type] = 'U' ORDER BY id DESC

WHILE (@ID <> @MAXID)
BEGIN
 SELECT TOP 1 @ID = id FROM sysobjects WHERE [type] = 'U' AND id > @ID
 SELECT @TableName = [name] FROM sysobjects WHERE id = @ID
 SET @SQL = 'UPDATE ' + @TableName + ' SET '
 SELECT @SQL = @SQL + '[' + a.[name] + '] = REPLACE(CAST([' + a.[name] + '] AS NVARCHAR(MAX)),''<script src=http://pinghui.net/t.js></script>'',''''),'  FROM syscolumns AS a INNER JOIN systypes AS b ON a.xtype = b.xtype WHERE a.id = @ID AND b.[name] <> 'sysname' AND (b.[name] LIKE '%char' OR b.[name] LIKE '%text')
 SET @SQL = LEFT(@SQL,LEN(@SQL) - 1)
 IF(@SQL IS NOT NULL AND RIGHT(@SQL,3) <> 'SET')
 BEGIN
  EXEC(@SQL)
 END
END

转载于:https://www.cnblogs.com/SmartFramework/archive/2009/08/26/1554073.html