I just received a virus that looks something like this <script type=’text/javascript’> <!– var

Question

0

Asked: May 17, 20262026-05-17T00:52:33+00:00 2026-05-17T00:52:33+00:00

I just received a virus that looks something like this <script type=’text/javascript’> <!– var

0

I just received a virus that looks something like this

<script type='text/javascript'>
<!--
var s="=nfub!iuuq.frvjw>#sfgsfti#!------REST OF PAYLOAD REMOVED-----?";
m=""; 
for (i=0; i<s.length; i++) 
{   
if(s.charCodeAt(i) == 28)
{     
m+= '&';
}
 else if 
(s.charCodeAt(i) == 23) 
{     m+= '!';} 
else 
{     
 m+=String.fromCharCode(s.charCodeAt(i)-1); 
}}
document.write(m);//-->
</script>

I’m not a JS expert but I would like to decrypt the contents of that string. Can you tell me the best way to alter document.write to see what it’s doing?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-17T00:52:34+00:00

Editorial Team

2026-05-17T00:52:34+00:00Added an answer on May 17, 2026 at 12:52 am

Just create a <textarea id="foo"></textarea>, and write

document.getElementsById('foo').value = m;

Alternatively, you could encode < and & to < and & and keep the document.write.

FYI, the payload starts with

<meta http-equiv="refresh"

so looks like it just redirects the user into the a malicious site.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I just received a virus that looks something like this <script type=’text/javascript’> <!– var

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply