Been hit with some nasty javascript malware on my site. I know that each offending code block starts with the following:
<script language=javascript><!--
(function()
and ends with
</script>
I'd like to remove the nasty bits via regex on windows, using some sort of freeware regex replacement tool. Any suggestions here? Thank You much.
You might want to try UltraEdit, it has a built-in regular expression search/replace that works well. Also I believe the demo works for 30 days.
If you just want to remove all Javascript blocks from your pages, you would search for:
<script language=javascript><!--[\s\S\p]+</script>
(\s = whitespace, \S = non-whitespace, \p = newline characters)
Make sure you have the regular expressions box checked in the search/replace dialog.
Edit
Add to the regular expression that after <script> should follow <!-- (I altered the above example) and you'll get only those <script> sections that include a comment immediately following the opening tag.
I think you should use configure Privoxy (http://privoxy.org). It uses the PCRE library and is available for Windows. In order to filter you should do the following:
In the Privoxy configuration directory add
FILTER: my-js-purger
s@<script\s+language=javascript><!--\s+(function().*?</script>@@s
to user.filter file,
Add
{ +filter{my-js-purger} }
/
to user.action file (replace / with the names of sites you want to apply filter to, or leave it as is if you want to apply it to all sites).
Ensure that there are uncommented lines
listen-address 127.0.0.1:8118
actionsfile user.action
filterfile user.filter
in config file (I believe it is safe to just add them at the end of config file regardless whether they already exist).
Start privoxy.
Configure your browser to use 127.0.0.1:8118 as a http/https proxy server.