[Greasemonkey] Removing a trojan script loaded in the document
head
Aaron Boodman
zboogs at gmail.com
Sat Jun 10 20:20:44 EDT 2006
You can remove the element, but unfortunately, it will have already
executed by that point. GM runs too late to remove <script> tags from
the head of the document.
You could use the NoScript extension. That would stop all scripts from
running tho.
You might be able to setup a custom rule with AdBlock to block just that domain.
- a
On 6/10/06, Chris Cage <cwcage at onr.com> wrote:
> Hello Greasemonkey list,
>
> I am totally out of my league in JavaScript land, so I'm hoping I can
> find some help here.
>
> I have what I believe is a trojan that I cannot get rid of by any means
> yet. At some point I'll have to wipe my computer and start fresh, but
> for now I'm thinking a Greasemonkey script could help me out.
>
> Every web page I pull up in a browsers gets a variation of this line of
> code placed into the <head>.
>
> <script language='javascript'
> src='http://127.0.0.1:1029/js.cgi?pcaw&r=5075'></script>
>
> Basically it's always the same except of the last 4 digits.
>
> I'm thinking if I knew Javascript I could write a simple Greasemonkey
> script that would look for any script tag with a
> "src='http://127.0.0.1:1029/js.cgi*" and remove it.
>
> Would anybody be so nice as to help me out? I've spent a bit of time
> today trying to learn some basics of JS but I have a feeling that for
> someone who's experienced this is a no-brainer. I'm guessing I have to
> start with something like this:
>
> var trojanaway = document.getElementsByName('script');
>
> But I don't know after that...
>
> Thanks,
> CW Cage
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>
More information about the Greasemonkey
mailing list