http://www.xuhu.org/index.php[falsepositive][by qianwenxiang]

佰恋雨

RT 畅游巡警报

qianwenxiang

报的应该这个js packer

1. eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('9 j(){4(d.b){$("e").b(\'y\',h,f);$("e").b(\'z\',g,f);$("k").b(\'y\',h,f);$("k").b(\'z\',g,f)}A 4(d.t){$("e").B=h;$("e").C=g;$("k").B=h;$("k").C=g}u=f;g()}5 c=v;5 u=H;9 I(a){5 2=$("J").l;m(5 i=0;i<2.n;i++){4(2[i].6=="3"){$("D"+i).7.8=\'o\';2[i].6="";p}}2[a].6="3";$("D"+a).7.8=\'q\'}9 K(a){5 2=$("L").l;m(5 i=0;i<2.n;i++){4(2[i].6=="3"){$("E"+i).7.8=\'o\';2[i].6="";p}}2[a].6="3";$("E"+a).7.8=\'q\'}9 M(a){5 2=$("e").l;m(5 i=0;i<2.n;i++){4(2[i].6=="3"){$("r"+i).7.8=\'o\';2[i].6="";p}}2[a].6="3";$("r"+a).7.8=\'q\';4(!u&&s>0)j()}9 w(){5 3=1;5 2=$("e").l;5 x=2.n;m(5 i=0;i<x;i++){4(2[i].6=="3"){$("r"+i).7.8=\'o\';2[i].6="";3=i;p}}3++;4(3>=x){3=0}2[3].6="3";$("r"+3).7.8=\'q\';c=F(w,s)}9 g(){4(c!=v){G(c)}c=F(w,s)}9 h(){4(c!=v){G(c)}}4(s>0){4(d.b){d.b(\'N\',j,f)}A 4(d.t){d.t("O",j)}}',51,51,'||childs|current|if|var|className|style|display|function||addEventListener|__chatimer|window|special_head_4|true|viewplay|viewstop||initview|special_body_4|childNodes|for|length|none|break|block|top|__chandone|attachEvent|__chastart|null|viewauto|lis|mouseover|mouseout|else|onmouseover|onmouseout|pic|pos|setTimeout|clearTimeout|false|chapics|special_head_pic|charank|special_head_2|chathread|load|onload'.split('|'),0,{}))

复制代码

无毒，解出来的是：

1. 
   
2. function initview(){if(window.addEventListener){$("special_head_4").addEventListener('mouseover',viewstop,true);$("special_head_4").addEventListener('mouseout',viewplay,true);$("special_body_4").addEventListener('mouseover',viewstop,true);$("special_body_4").addEventListener('mouseout',viewplay,true)}else if(window.attachEvent){$("special_head_4").onmouseover=viewstop;$("special_head_4").onmouseout=viewplay;$("special_body_4").onmouseover=viewstop;$("special_body_4").onmouseout=viewplay}__chastart=true;viewplay()}var __chatimer=null;var __chastart=false;function chapics(a){var childs=$("special_head_pic").childNodes;for(var i=0;i<childs.length;i++){if(childs[i].className=="current"){$("pic"+i).style.display='none';childs[i].className="";break}}childs[a].className="current";$("pic"+a).style.display='block'}function charank(a){var childs=$("special_head_2").childNodes;for(var i=0;i<childs.length;i++){if(childs[i].className=="current"){$("pos"+i).style.display='none';childs[i].className="";break}}childs[a].className="current";$("pos"+a).style.display='block'}function chathread(a){var childs=$("special_head_4").childNodes;for(var i=0;i<childs.length;i++){if(childs[i].className=="current"){$("top"+i).style.display='none';childs[i].className="";break}}childs[a].className="current";$("top"+a).style.display='block';if(!__chastart&&__chandone>0)initview()}function viewauto(){var current=1;var childs=$("special_head_4").childNodes;var lis=childs.length;for(var i=0;i<lis;i++){if(childs[i].className=="current"){$("top"+i).style.display='none';childs[i].className="";current=i;break}}current++;if(current>=lis){current=0}childs[current].className="current";$("top"+current).style.display='block';__chatimer=setTimeout(viewauto,__chandone)}function viewplay(){if(__chatimer!=null){clearTimeout(__chatimer)}__chatimer=setTimeout(viewauto,__chandone)}function viewstop(){if(__chatimer!=null){clearTimeout(__chatimer)}}if(__chandone>0){if(window.addEventListener){window.addEventListener('load',initview,true)}else if(window.attachEvent){window.attachEvent("onload",initview)}}

复制代码

佰恋雨

感谢2L 这下我放心了

雨宫优子

原帖由 qianwenxiang 于 2009-2-1 20:38 发表
报的应该这个js packereval(function(p,a,c,k,e,r){e=function(c){return(c35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]} ...

死祥子
又比我快....

雨宫优子

似乎我发现一个规律


一般function(p,a,c,k,e,r)都是无毒的


function(p,a,c,k,e,d)是有毒的
只是一般情况