[Website blocked v2.6.20 | Heuristics: phishing]

Thank you Jovan,

Are you able to remove my attachment please.

[Website blocked v2.6.20 | Heuristics: phishing]

Hi, the login area to my site is reporting v2.6.20 | Heuristics: phishing

 

 

[Hacked website]

Thanks for the offer but thats not really what I'm looking for, apologies for not making myself clearer.

What I am looking to discover is what the script actually does ie decoding / analysing it and generally making it available for discussion with a view to learning more about what these people are up to.

Is this the right place for that sort of thing ? -Thanks -GT

[Hacked website]

Hi All,

My friends website got hacked this week, all the .html files had a reference to a russian site inserted before the <body> tag. Like a twit when the site said it needed to access a microsoft .dll I let it (doh) and am now wondering what it may have done to my machine.

I have extracted two scripts from my temporary files the first was I think run on the first visit and the 2nd when I went back to the site to have another look, doh !

The 1st script looks like this...

//<script>

try{if(n3Vk='*')throw new TypeError('%');}catch(thz){n3Vk=thz.message;}

var oF2='.....data.....';

eval(unescape(oF2.replace(/[siPY]/g,n3Vk)));

//</script>

and the 2nd...

<script>

try{if(GT55='*')throw new TypeError('%');}catch(nOi){GT55=nOi.message;}

ptfx='.....data.....';

eval(unescape(ptfx.replace(/[~LVn]/g,GT55)));

</script>

Would this forum be a good place to post the complete script and hopefully have someone decode it and find out what it may have done ??

Many thanks -Gt