用hta+javascript实现替换网站被下木马网页中的iframe

服务器中了病毒是件超级麻烦的事情，尤其是什么熊猫烧香之类的或者变种病毒，因为它们不单单潜伏于计算机里，还会把所有的一些网页文件加上了一些iframe，让访问者继续中毒，我想这也是它得已迅速蔓延的手段吧！如果要把网页中的iframe去掉，是件吃力的苦力活。所以，写了这样的一个小工具，希望能起到一点点的作用。请把代码复制，保存在本地，以hta为扩展名。然后双击执行复制代码代码如下:<html> <head> <hta:applicationid=ReplaceIframApp applicationname=\”RAP1.0\” border=\”dialog\”[thick/dialogwindow/none/thin] borderStyle=\”raised\”[normal/complex/raised/static/sunken] caption=\”yes\” icon=\”res/warm.ico\” maximizebutton=\”no\” minimizebutton=\”yes\” showintaskbar=\”yes\” singleinstance=\”yes\” sysmenu=\”yes\” version=\”1.0\” windowstate=\”normal\” /> <metaHTTP-EQUIV=\”Content-Type\”CONTENT=\”text/html;charset=gb2312\”> <title>ReplaceIframeApplication</title> <scripttype=\”text/javascript\”> window.resizeTo(800,520); varClass={ create:function(){ returnfunction(){ this.initialize.apply(this,arguments); } } }; var$=function(sname){returndocument.getElementById(sname);} String.prototype.stripTags=function(){ returnthis.replace(/<\\/?[^>]+>/gi,\’\’); }; String.prototype.escapeHTML=function(){ vardiv=document.createElement(\’div\’); vartext=document.createTextNode(this); div.appendChild(text); returndiv.innerHTML; }; String.prototype.unescapeHTML=function(){ vardiv=document.createElement(\’div\’); div.innerHTML=this.stripTags(); returndiv.childNodes[0]?div.childNodes[0].nodeValue:\’\’; }; Array.prototype.S=String.fromCharCode(2); Array.prototype.in_array=function(e){ varre=newRegExp(this.S+e+this.S); returnre.test(this.S+this.join(this.S)+this.S); }; String.prototype.color=function(c){ return\”<spanstyle=\\\”color:\”+c+\”\\\”>\”+this+\”</span>\”; }; ReplaceApp=Class.create(); ReplaceApp.prototype={ initialize:function(args){ this.foobar=$(args[0]); this.container=$(args[1]); this.initSet(); this.fso=newActiveXObject(\”Scripting.FileSystemObject\”); this.showFooBar(\’initializing…\’); this.testFSO(); }, initSet:function(){ this.folders=newArray(); this.files=newArray(); this.iframes=newArray(); this.iframesStr=newArray(); this.selects=newArray(); this.iframeFiles=newArray(); this.iframeNum=0; this.folderNum=0; this.fileNum=0; this.currentFolder=\’\’; }, showFooBar:function(msg){ this.foobar.innerHTML=msg; }, writeContainer:function(c){ this.container.innerHTML=c; }, testFSO:function(){ this.drives=newEnumerator(this.fso.Drives); vars,n,x; s=\’\’; for(;!this.drives.atEnd();this.drives.moveNext()){ x=this.drives.item(); s=s+x.DriveLetter; s+=\”-\”; if(x.DriveType==3) n=x.ShareName; elseif(x.IsReady) n=x.VolumeName; else n=\”[驱动器未就绪]\”; s+=n+\”<br>\”; } this.writeContainer(s); }, showFolderList:function(folder){ if(folder==\”\”||!/^[a-zA-Z]\\:\\\\.*/ig.test(folder)||!this.fso.FolderExists(folder)){ this.showFooBar(\’路径不正确\’.color(\’red\’).bold()); return; } this.initSet(); this.currentFolder=folder; this.recFolder(folder); this.parseFiles(); }, recFolder:function(folder){ varf,s,fc; f=this.fso.getFolder(folder); fc=newEnumerator(f.files); for(;!fc.atEnd();fc.moveNext()){ this.files.push(fc.item()); this.fileNum++; } fc=newEnumerator(f.SubFolders); for(;!fc.atEnd();fc.moveNext()){ this.folders.push(fc.item()); this.folderNum++; this.recFolder(fc.item()); } }, parseFiles:function(){ varf,s,a,i,c,b; for(i=0;i<this.files.length;i++){ f=this.fso.OpenTextFile(this.files[i],1); s=f.ReadAll(); a=this.balanceMatch(s); b=false; for(c=0;c<a.length;c++){ if(/^<iframe/ig.test(a[c])){ if(!b){ this.iframeNum++; this.iframeFiles.push(this.files[i]); b=true; } if(!this.iframes.in_array(a[c])){ this.iframes.push(a[c]); this.iframesStr.push(a[c].escapeHTML()); } } } } this.writeTable(); varresult={ \’当前目录：\’:this.currentFolder, \’目录数：\’:this.folderNum, \’文件数：\’:this.fileNum, \’查找文件数：\’:this.iframeNum }; this.writeInfo(result); }, Replace:function(){ varo,oo,i,f,s,j,stat; stat=0; o=$(\’itable\’); oo=o.getElementsByTagName(\”INPUT\”) this.selects=newArray(); for(i=0;i<oo.length;i++){ if(oo[i].checked){ this.selects.push(this.iframes[oo[i].value]); } } for(i=0;i<this.iframeFiles.length;i++){ f=this.fso.OpenTextFile(this.iframeFiles[i],1); s=f.ReadAll(); for(j=0;j<this.selects.length;j++){ varre=newRegExp(this.selects[j]); s=s.replace(re,\’\’); } f=this.fso.OpenTextFile(this.iframeFiles[i],2); f.Write(s); f.Close(); stat++; //return; } varresult={ \’被替换文件数：\’:stat } this.writeInfo(result); }, writeTable:function(){ vars,i; s=\’\’; s+=\'<tableid=\”itable\”class=\”tbclass\”>\’; s+=\'<tr>\’; s+=\'<tdwidth=\”7%\”>操作</td>\’; s+=\'<tdwidth=\”93%\”>iframe列表</td>\’; s+=\'</tr>\’; for(i=0;i<this.iframesStr.length;i++){ s+=\'<tr>\’; s+=\'<td><inputtype=\”checkbox\”name=\”ichk\”value=\”\’+i+\’\”/></td>\’; s+=\'<td>\’+this.iframesStr[i]+\'</td>\’; s+=\'</tr>\’; } s+=\'</table>\’; this.writeContainer(s); }, writeInfo:function(oo){ vars; s=\’\’; for(oinoo){ s+=o.toString().color(\’blue\’)+(eval(\’oo.\’+o)).toString().color(\’red\’)+\’  \’; } this.showFooBar(s); }, balanceMatch:function(str){ varnode=\”\”; varnode_temp=\”\”; varn=0; vartemp=\”\”; vartextArray=[]; str.replace(/((?:.|\\n)*?)(<iframe.*?>|<\\/iframe.*?>)|((?:.|\\n)*?)$/g,callback); returntextArray; functioncallback(a0,a1,a2,a3) { if(n==0) { if(a1&&a1!=\”\”) { textArray[textArray.length]=a1; } if(a2&&a2!=\”\”) { if(/.*?\\/>/.test(a2)) { textArray[textArray.length]=a2; } else { node=a2.match(/[^<]*?[\\s>]/)[0]; node=node.substring(0,node.length-1); temp+=a2; n=1; } } } else { if(a1&&a1!=\”\”) { temp+=a1; } if(a2&&a2!=\”\”) { if(/.*?\\/>/.test(a2)) { temp+=a2; } elseif(a2.substr(1,1)==\”/\”) { if(a2==\”</\”+node+\”>\”) { temp+=a2; n–; if(n==0) { textArray[textArray.length]=temp; temp=\”\”; } } else { temp+=a2 } } else { node_temp=a2.match(/[^<]*?[\\s>]/)[0]; node_temp=node_temp.substring(0,node_temp.length-1); temp+=a2; if(node==node_temp) { n++; } } } } if(a3&&a3!=\”\”) { textArray[textArray.length]=a3; } } } } window.onload=function(){ window.rap=newReplaceApp([\’status_bar\’,\’Container\’]); } </script> <styletype=\”text/css\”title=\”currentStyle\”media=\”screen\”> .tbclass{ border-top:1pxsolid#ccc; border-left:1pxsolid#ccc; } .tbclasstd{ border-bottom:1pxsolid#aaa; border-right:1pxsolid#ccc; padding:3px; font-size:12px; } </style> </head> <bodystyle=\”border:0;\”bgcolor=buttonfacescroll=no> <tablewidth=100%height=100%style=\”font-size:9pt\”> <tr><tdwidth=100%height=410><divid=\”Container\”style=\”width:100%;height:100%;border:2inset;background-color:white;padding:5px;overflow:auto;\”>loading…</div></td></tr> <tr><tdwidth=100%height=20>路径：<inputtype=textid=webPathstyle=\”width:293\”><inputtype=\”button\”style=\”width:70\”onclick=\”rap.showFolderList($(\’webPath\’).value)\”value=\”查找\”/><inputtype=buttonstyle=\”width:70\”onclick=\”rap.Replace()\”value=\”替换\”></td></tr> <tr><tdwidth=100%height=20><divid=\”status_bar\”style=\”width:100%;height:100%;border:1inset;background-color:white;padding:2px;overflow:hidden;\”></div></td></tr> </table> </body> </html> 楼主真不错，这么快就有了实现解决的办法，赞一个，下了一个好象假死了。没有细看你的代码，看起来好复杂，我想实现起来应该不是很复杂把。 /<iframe[^\\>]*>\\s*<\\/iframe>/gi fso枚举文件夹及其文件htm,html,php,asp等进行替换不过要是自己的页面确实需要iframe不就全部换完了？我建议对iframe地址进行匹配，对包含指定字符的地址不替换这个正则让我回去想想。