小红伞报毒

显示全部楼层 · 发表于 2009-5-31 20:34:07

http://club.it.sohu.com/r-design-383889-0-0-4.html

显示全部楼层 · 发表于 2009-5-31 20:44:04

hxxp://image.club.sohu.com/js/club_newspp_1.0.0.js
报这个，看了代码，该是误报。

Virus or unwanted program 'HEUR/HTML.Malware [heuristic]'
detected in file 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SXSXURCP\club_newspp_1.0.0[1].js.
Action performed: Deny access

[ 本帖最后由 shadowmin 于 2009-5-31 21:00 编辑 ]

显示全部楼层 · 发表于 2009-5-31 20:47:48

document.write(" <a href=http://club.sohu.com/reg_sohu.php?back=http%3A%2F%2Fclub.it.sohu.com%2Fr-design-383889-0-3-4.html target=_parent>
那道报这个？
没发现挂马误报吧伞对网页很敏感啊

显示全部楼层 · 发表于 2009-5-31 20:49:35

club_cookie.prototype.nppcmfl=3;club_cookie.prototype.nppcmul=1;club_cookie.prototype.nppcn='ppnewsinfo';club_cookie.prototype.gnppc=function(){var nppcv=this.getCookie(this.nppcn,0);if(nppcv!=""){var nppcva=nppcv.split("|");if(nppcva.length==3&&nppcva[0]=="1001"){var ck=nppcva[2];var fa=this.fnppc(ck);if(typeof(fa)==='object'){return fa}}}return""};club_cookie.prototype.gunppc=function(fa,u){var ufa="";fa.each(function(uf,i){var ufindex=uf.length-1;if(uf[ufindex]==u){ufa=uf}});return ufa};club_cookie.prototype.fnppc=function(ck){var str=unescape(ck);try{eval('var fa = '+str+';');if(typeof(fa)==='object'){return fa}return""}catch(e){return""}};club_cookie.prototype.rfnppc=function(fa){var fastr="[";fa.each(function(s,i){if(typeof(s)!='object'){return""}fastr+="[";s.each(function(s1,i1){if(typeof(s1)==='object'){fastr+="[";s1.each(function(s2,i2){fastr+="'"+s2+"'";if(i2+1<s1.length){fastr+=","}});fastr+="],"}else{fastr+="'"+s1+"'"}});fastr+="]";if(i+1<fa.length){fastr+=","}});fastr+="]";return escape(fastr)};club_cookie.prototype.snppc=function(b,c,n,u){var fa=this.gnppc();var uds=[b,c,n].toString();if(typeof(fa)==='object'){var ufa=this.gunppc(fa,u);if(typeof(ufa)==='object'){fa=fa.without(ufa);ufa.each(function(ud,i){if(i!=this.nppcmfl){if(ud.toString()==uds){ufa=ufa.without(ud)}}});ufa.unshift([b,c,n]);if(ufa.length-1>this.nppcmfl){var ufaindex=this.nppcmfl;ufa.splice(ufaindex,1)}}else{ufa=[[b,c,n],u]}fa.push(ufa);if(fa.length>this.nppcmul){fa.shift()}}else{fa=[[[b,c,n],u]]}var fastr=this.rfnppc(fa);var fastr="1001|"+ben(u)+"|"+fastr;this.setCookie(this.nppcn,fastr,"365",0)};var base64EncodeChars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var base64encode=function(str){var out,i,len;var c1,c2,c3;len=str.length;i=0;out="";while(i<len){c1=str.charCodeAt(i++)&0xff;if(i==len){out+=base64EncodeChars.charAt(c1>>2);out+=base64EncodeChars.charAt((c1&0x3)<<4);out+="==";break}c2=str.charCodeAt(i++);if(i==len){out+=base64EncodeChars.charAt(c1>>2);out+=base64EncodeChars.charAt(((c1&0x3)<<4)|((c2&0xF0)>>4));out+=base64EncodeChars.charAt((c2&0xF)<<2);out+="=";break}c3=str.charCodeAt(i++);out+=base64EncodeChars.charAt(c1>>2);out+=base64EncodeChars.charAt(((c1&0x3)<<4)|((c2&0xF0)>>4));out+=base64EncodeChars.charAt(((c2&0xF)<<2)|((c3&0xC0)>>6));out+=base64EncodeChars.charAt(c3&0x3F)}return out};var utf16to8=function(str){var out,i,len,c;out="";len=str.length;for(i=0;i<len;i++){c=str.charCodeAt(i);if((c>=0x0001)&&(c<=0x007F)){out+=str.charAt(i)}else if(c>0x07FF){out+=String.fromCharCode(0xE0|((c>>12)&0x0F));out+=String.fromCharCode(0x80|((c>>6)&0x3F));out+=String.fromCharCode(0x80|((c>>0)&0x3F))}else{out+=String.fromCharCode(0xC0|((c>>6)&0x1F));out+=String.fromCharCode(0x80|((c>>0)&0x3F))}}return out};var ben=function(str){return base64encode(utf16to8(str))};

没发现问题~

显示全部楼层 · 发表于 2009-6-1 08:33:49

貌似是几个函数导致红伞误报了
这个一般加密网页会用到，不过我没发现哪里调用了这些函数进行解密..

[其它] 小红伞报毒