1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Need to edit certain lines from a js file.

Discussion in 'Software Development' started by pure_evil020, Jul 12, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. pure_evil020

    pure_evil020 Thread Starter

    Joined:
    Jul 31, 2008
    Messages:
    92
    Hi there,
    I was recently hijacked by a babylon affiliate malware, and was able to remove everything quite easily, except for one problem.
    Every time I opened a new tab, it would open an affiliate babylon search page.

    After some searching, I found the culprit!
    Firefox's prefs.js file was modified, to include a number of preferences that would cause the url to come up when a new tab is opened.

    I could go through and manually fix it myself, but I thought that if others have the same problem, and come across my question, they might want an easier solution.
    My solution would be a batch file (or vbs file) that will search "prefs.js" for lines containing the word "babylon" in it, and remove all of those lines.
    Each preference setting is separated by a new paragraph line.

    As an example for what I'm after, lets say the file contains the following lines in it:

    The batch file (or vbs file), should locate the two lines that contain the word "babylon" in it, and remove those lines.
    Simply telling the batch file to look for those lines specifically (e.g. user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");") and removing it, would not be good enough, because other users may have an entirely different affiliate link attached, or other preferences written.


    Is anyone here capable of writing such a batch (or vbs) file that can do this for me?
    Thanks in advance!
     
  2. Ent

    Ent Josiah Trusted Advisor

    Joined:
    Apr 11, 2009
    Messages:
    5,408
    While this would not be a particularly difficult thing to code, I suspect that it would be unwise.
    There are two considerations here:

    The first is the risk that it hasn't been properly taken out to begin with. The reason that TSG has restrictions on who can help with malware is that malware can be much more difficult to remove than is generally realized. Even if you have done the job correctly, there is no guarantee that the next user would have. The only way to be safe would be to create and maintain a full blown removal program (a bit like a dedicated uninstaller), and that's a task beyond the ability of most here.

    The second is that those lines are not merely inserted by the software in question, they are changed from benign values. If you simply delete them, you could be left without various key functions, or potentially even with a broken browser.
     
  3. pure_evil020

    pure_evil020 Thread Starter

    Joined:
    Jul 31, 2008
    Messages:
    92
    I have checked over the last concern you mentioned, suggesting that you could potentially break your browser by editing lines incorrectly.
    If you are removing only the lines that have the word "babylon" in it, it will simply remove the preference entries that the babylon extension has copied into this file.

    Any lines that are left blank (deleted babylon lines) are automatically refilled as their default values when firefox starts.
    You could completely remove everything from the pref file, and firefox would still create a new pref file with the default preference values (removing all addon settings).

    All the malware did, is add a few lines into the prefs file, to turn on tabsearch function, and set a url for the newtab string.
    Once these lines are deleted, the software reverts those preferences back to their default values.

    I would conclude that if you want to remove all effects that babylon has had on your browser, this would actually be a good way of removing all babylon effects from your browser, after you have removed the babylon software/malware from your computer (with the help of an approved tech here on the malware forums).

    I think that it would be much simpler for a tech to instruct the user to download and run a babylon preference removal tool, rather than instructing the user to go to about:config, take a screen shot, upload the screen shot, then wait for an answer as to which strings to change, and what value to change those strings to.
     
  4. pure_evil020

    pure_evil020 Thread Starter

    Joined:
    Jul 31, 2008
    Messages:
    92
    So was anyone able to help me write this code?
     
  5. pure_evil020

    pure_evil020 Thread Starter

    Joined:
    Jul 31, 2008
    Messages:
    92
    Nevermind... I figured it out myself.
     
  6. Squashman

    Squashman Trusted Advisor

    Joined:
    Apr 4, 2003
    Messages:
    19,731
    Then please post your solution and mark your thread solved.
     
  7. pure_evil020

    pure_evil020 Thread Starter

    Joined:
    Jul 31, 2008
    Messages:
    92
    Although I don't think many people on these forums will be looking for a solution using my method, here it is:

    I came up with the following GML code, to do what I wanted to do:

    Code:
    global.changetext=""
    var i, j, fileId
    {
    //Read
    i = 0;
    fileId = file_text_open_read("copy.js");
    while(!file_text_eof(fileId)) {
        str[i] = file_text_read_string(fileId);
        //Replace
        if (string_pos("Babylon",str[i]
    ) !=0 ) {
            str[i] = global.changetext;
            }
        i += 1;
        file_text_readln(fileId);
        }
    i -= 1;
    file_text_close(fileId);
    //Rewrite
    fileId = file_text_open_write("copy.js");
    for (j=0;j<=i;j+=1) {
        file_text_write_string(fileId,str[j]);
        file_text_writeln(fileId);
        }
    file_text_close(fileId);
    }
    show_message("process completed!")
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1060659