[Greasemonkey] Removing a trojan script loaded in the document head
Chris Cage
cwcage at onr.com
Sat Jun 10 21:54:55 EDT 2006
Hello Greasemonkey list,
I am totally out of my league in JavaScript land, so I'm hoping I can
find some help here.
I have what I believe is a trojan that I cannot get rid of by any means
yet. At some point I'll have to wipe my computer and start fresh, but
for now I'm thinking a Greasemonkey script could help me out.
Every web page I pull up in a browsers gets a variation of this line of
code placed into the <head>.
<script language='javascript'
src='http://127.0.0.1:1029/js.cgi?pcaw&r=5075'></script>
Basically it's always the same except of the last 4 digits.
I'm thinking if I knew Javascript I could write a simple Greasemonkey
script that would look for any script tag with a
"src='http://127.0.0.1:1029/js.cgi*" and remove it.
Would anybody be so nice as to help me out? I've spent a bit of time
today trying to learn some basics of JS but I have a feeling that for
someone who's experienced this is a no-brainer. I'm guessing I have to
start with something like this:
var trojanaway = document.getElementsByName('script');
But I don't know after that...
Thanks,
CW Cage
More information about the Greasemonkey
mailing list