how does this load

  • Thread starter Thread starter Important
  • Start date Start date
I

Important

<script>parasite_status= 'NoIE';
/*@cc_on
@if (@_jscript_version>4)
parasite= {

defs: [
['FFEEDDCC-BBAA-9988-7766-554433221100','(control)','',''],
['F414C260-6AC0-11CF-B6D1-00AA00BBBB58','(control)','',''],

['1EEC3C99-7AA3-4F6E-B381-AF6942B51618','PUP','AS',''],
['00EF2092-6AC5-47c0-BD25-CF2D5D657FEB','Google','AS','']
],

warn: 'Warning!',
infest1: 'Your browser appears to have the "',
infest2: '" parasite installed',
prob1: '. This software ',
can: 'can ',
may: 'may ',
and: ' and ',
infest3: '. It might have been installed without your
knowledge. ',

delay: 500,

write: function(doc) {

var i, p, h= '';
var cb= (doc.implementation)?'view-
source:about:blank':'javascript:';
h= '<div id="parasite" style="display: none;">';
for (i= this.defs.length; i-->0;) {
p= this.defs;
if (p[0].length==36) {

h+= '<object id="parasite_o'+i+'" classid="clsid:'+p
[0]+'" ';
h+= 'codebase="'+cb+'">&nbsp;<\/object>';
}
}
h+= '<\/div>';
doc.write(h);
parasite_status= 'wait';
},

check: function(doc) {
var i, p, pmv, h, el, infs= [];
if (doc.all['parasite_o0']) return;
for (i= this.defs.length; i-->2;) {
p= this.defs
if (p[0].length==36) {
el= doc.all['parasite_o'+i];
if (el && el.readyState!=0)
infs[infs.length]= p;
} else { try {
el= new ActiveXObject(p[0]);
infs[infs.length]= p;
} catch(e) {}}
}
el= doc.all['parasite'];
if (infs.length==0) {
// THIS IS WHAT WE DO IF IT'S NOT INSTALLED
startRun();
parasite_status= (doc.all
['parasite_o1']) ? 'clean' : 'NoAX';
return;
}
parasite_status= 'dirty';
// THIS IS WHAT WE DO IF IT'S INSTALLED
},

listprobs: function(s) {
var i, r= '';
for (i= 0; i<s.length; i++) {
r= r+this[s.charAt(i)];
if (i==s.length-2) r= r+this.and;
if (i<s.length-2) r= r+', ';
}
return r;
}
}

if (typeof(document)=='undefined') {
var ie= WScript.createObject
('InternetExplorer.Application');
ie.navigate('about:blank');
ie.visible= true;
var doc= ie.document;
parasite.write(doc);
do {
WScript.Sleep(parasite.delay);
parasite.check(ie.document);
} while (parasite_status=='wait');
if (parasite_status=='clean') {
doc.body.innerHTML= 'Nothing found';
}
} else {
parasite.write(document);
var parasite_check= function() {
parasite.check(document);
if (parasite_status=='wait') {
setTimeout(parasite_check, parasite.delay);

}
}
setTimeout(parasite_check, parasite.delay);
}
@end @*/
</script>
this automatically loads pup.exe and over.exe
as soon as you visit
the http://www.clickheretofind.com
i want to know how it runs the exe even with highest
security settings and how i could run a remote notepad
instead
like
http://www.angelfire.com/new/hah/notepad.exe
...so i can understand the vulnerability it uses somehow
i believe its a .cab one
 
Don't know how it works but you may wish to get rid of it!

Spyware Programs links:-
www.lavasoftusa.com Ad-Aware
www.security.kolla.de Spybot
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm




Important said:
<script>parasite_status= 'NoIE';
/*@cc_on
@if (@_jscript_version>4)
parasite= {

defs: [
['FFEEDDCC-BBAA-9988-7766-554433221100','(control)','',''],
['F414C260-6AC0-11CF-B6D1-00AA00BBBB58','(control)','',''],

['1EEC3C99-7AA3-4F6E-B381-AF6942B51618','PUP','AS',''],
['00EF2092-6AC5-47c0-BD25-CF2D5D657FEB','Google','AS','']
],

warn: 'Warning!',
infest1: 'Your browser appears to have the "',
infest2: '" parasite installed',
prob1: '. This software ',
can: 'can ',
may: 'may ',
and: ' and ',
infest3: '. It might have been installed without your
knowledge. ',

delay: 500,

write: function(doc) {

var i, p, h= '';
var cb= (doc.implementation)?'view-
source:about:blank':'javascript:';
h= '<div id="parasite" style="display: none;">';
for (i= this.defs.length; i-->0;) {
p= this.defs;
if (p[0].length==36) {

h+= '<object id="parasite_o'+i+'" classid="clsid:'+p
[0]+'" ';
h+= 'codebase="'+cb+'">&nbsp;<\/object>';
}
}
h+= '<\/div>';
doc.write(h);
parasite_status= 'wait';
},

check: function(doc) {
var i, p, pmv, h, el, infs= [];
if (doc.all['parasite_o0']) return;
for (i= this.defs.length; i-->2;) {
p= this.defs
if (p[0].length==36) {
el= doc.all['parasite_o'+i];
if (el && el.readyState!=0)
infs[infs.length]= p;
} else { try {
el= new ActiveXObject(p[0]);
infs[infs.length]= p;
} catch(e) {}}
}
el= doc.all['parasite'];
if (infs.length==0) {
// THIS IS WHAT WE DO IF IT'S NOT INSTALLED
startRun();
parasite_status= (doc.all
['parasite_o1']) ? 'clean' : 'NoAX';
return;
}
parasite_status= 'dirty';
// THIS IS WHAT WE DO IF IT'S INSTALLED
},

listprobs: function(s) {
var i, r= '';
for (i= 0; i<s.length; i++) {
r= r+this[s.charAt(i)];
if (i==s.length-2) r= r+this.and;
if (i<s.length-2) r= r+', ';
}
return r;
}
}

if (typeof(document)=='undefined') {
var ie= WScript.createObject
('InternetExplorer.Application');
ie.navigate('about:blank');
ie.visible= true;
var doc= ie.document;
parasite.write(doc);
do {
WScript.Sleep(parasite.delay);
parasite.check(ie.document);
} while (parasite_status=='wait');
if (parasite_status=='clean') {
doc.body.innerHTML= 'Nothing found';
}
} else {
parasite.write(document);
var parasite_check= function() {
parasite.check(document);
if (parasite_status=='wait') {
setTimeout(parasite_check, parasite.delay);

}
}
setTimeout(parasite_check, parasite.delay);
}
@end @*/
</script>
this automatically loads pup.exe and over.exe
as soon as you visit
the http://www.clickheretofind.com
i want to know how it runs the exe even with highest
security settings and how i could run a remote notepad
instead
like
http://www.angelfire.com/new/hah/notepad.exe
..so i can understand the vulnerability it uses somehow
i believe its a .cab one
Click to expand...
 
Back
Top