GreenTrees

Thank you Jovan, Are you able to remove my attachment please.

Hi, the login area to my site is reporting v2.6.20 | Heuristics: phishing

Thanks for the offer but thats not really what I'm looking for, apologies for not making myself clearer. What I am looking to discover is what the script actually does ie decoding / analysing it and generally making it available for discussion with a view to learning more about what these people are up to. Is this the right place for that sort of thing ? -Thanks -GT

Hi All, My friends website got hacked this week, all the .html files had a reference to a russian site inserted before the <body> tag. Like a twit when the site said it needed to access a microsoft .dll I let it (doh) and am now wondering what it may have done to my machine. I have extracted two scripts from my temporary files the first was I think run on the first visit and the 2nd when I went back to the site to have another look, doh ! The 1st script looks like this... //<script> try{if(n3Vk='*')throw new TypeError('%');}catch(thz){n3Vk=thz.message;} var oF2='.....data.....'; eval(unescape(oF2.replace(/[siPY]/g,n3Vk))); //</script> and the 2nd... <script> try{if(GT55='*')throw new TypeError('%');}catch(nOi){GT55=nOi.message;} ptfx='.....data.....'; eval(unescape(ptfx.replace(/[~LVn]/g,GT55))); </script> Would this forum be a good place to post the complete script and hopefully have someone decode it and find out what it may have done ?? Many thanks -Gt