I'm a designer and I was updating some disjointed links on this old
website today and I came across this super funky problem.
The pages were working 100% locally but not remotely.
It was killing me. My initial thinking was that Dreamweaver was the
problem. Then I blamed my host. Then I discovered a strange JavaScript
call that was being inserted by my own damn computer.
I know this to be true because...
1) It happens in both IE and FF
2) Other people have viewed the pages on the server and they look fine
3) When viewing the page code via FTP from the server the script call
is not there.
IS THIS FUNKY OR WHAT!
So here's what the call looks like
<script
language='javascript'src='http://127.0.0.1:1027/js.cgi?pca&r=15006'></script
>
It looks as if the js.cgi script is coming from ME! This is very very
scary! It makes me think my system has been compromised some how.
I have executed virus protection and Trojan detection and everything I
can think of but come up empty.
I have no idea how the hell this call is being generated. I have spent
two thirds of my day trying to figure it out and I'm at a loss.
Here are some questions about the call.
It looks like ports 1027 is being used. I have confirmed that this
port is in stealth mode so I guess I'm ok for now.
If 127.0.0.1 is my localhost does that mean that the file js.cgi
resides on my hard drive? I executed a search on the sucker and
nothing was found. Is ca&r=15006 related to the port or the js.cgi
script?
Whew! this is one wacky XXX problem I'm having.
If you can shed some light on it I'd be very thankful.
Fred
FYI: I'm using Zone Alarm (version 5.5) and AVG Free Edition,
I'm on a XP SP2 box.
OH One More thing I failed to mention that when I'm in FF I use a
debuggin program called "Firebug" there's a tab that shows me what
src='http://127.0.0.1:1027/js.cgi?pca&r=1500 does..
Check it out.... Take note of the Popup Blocker notation towards the
top of the code. Freakin weird!
var blockedReferrer = 'blockedReferrer';
3NS_ActualWrite=document.write;
4// Popup Blocker -->
5RanPostamble=0;
6NS_ActualOpen=window.open;
7function NS_NullWindow(){this.window;}
8function nullDoc() {
9 this.open = NS_NullWindow;
10 this.write = NS_NullWindow;
11 this.close = NS_NullWindow;
12}
13function NS_NewOpen(url,nam,atr){
14 if((nam!='' && nam==window.name) || nam=='_top'){
15 return(NS_ActualOpen(url,nam,atr));}
16 obj=new NS_NullWindow();
17 obj.focus = NS_NullWindow;
18 obj.blur = NS_NullWindow;
19 obj.opener = this.window;
20 obj.document = new nullDoc();
21 return(obj);
22}
23function NS_NullWindow2(){this.window;}
24function NS_NewOpen2(url,nam,atr){
25 if((nam!='' && nam==window.name) || nam=='_top'){
26 return(NS_ActualOpen(url,nam,atr));}
27 return(new NS_NullWindow2());
28}
29function op_stop() { NS_ActualOpen2=window.open;
window.open=NS_NewOpen2; }
30function op_start() { window.open=NS_ActualOpen2; }
31function noopen_load() {
32 op_stop(); if(zl_orig_onload) zl_orig_onload(); op_start();
33}
34function noopen_unload() { op_stop(); if(zl_orig_onunload)
zl_orig_onunload(); op_start(); }
35function postamble() {
36
37 if(!RanPostamble) {
38 RanPostamble=1;
39 zl_orig_onload = window.onload;
40 zl_orig_onunload = window.onunload;
41 window.open=NS_ActualOpen;
42 }
43}
44window.open=NS_NewOpen;
45document.ignore = new Object();
|
Web Design > Webmaster Forums > Webmaster forum > JavaScript Call Being Added To HTML Documents By Unkonwn Program
06-11-06 - 08:59 AM 
