PDA

View Full Version : What are those two lines of Javascript code for?



vw98034
Mar 22nd, 2007, 07:44 PM
I notice two lines of Javascript code on the top and bottoms of a web page. The first line of the codes is in the head section of a HTML file, something like

<script language='javascript' src='http://127.0.0.1:1029/js.cgi?pca&r=22798'></script>

And the second line of code is the following:

<script language="javascript">postamble();</script>

Can someone tell me what they are for?

Thanks.

david_kw
Mar 22nd, 2007, 08:38 PM
Google search found this which may be the answer

http://www.velocityreviews.com/forums/t164274-whats-this-http1270011043jscgip.html

david_kw

vw98034
Mar 22nd, 2007, 08:52 PM
In fact, I already did some online search before posting this question. I didn't find any good answers yet. So, I shall ignore them, shalln't I?

liorean
Mar 22nd, 2007, 09:01 PM
<script language='javascript' src='http://127.0.0.1:1029/js.cgi?pca&r=22798'></script>127.0.0.1 is the IP for localhost. 1029 is a port used by a ICQNuke 98 and the trojan InCommand, though this can very well be a custom use of that port.

<script language="javascript">postamble();</script>A call to the function named postamble. What it does, the code doesn't tell.

david_kw
Mar 22nd, 2007, 10:46 PM
Are you running any software by Zone Labs? Like the ZoneAlarms firewall?

vw98034
Mar 22nd, 2007, 11:56 PM
Are you running any software by Zone Labs? Like the ZoneAlarms firewall?

Yes, I do have the ZoneAlarms firewall installed on my PC box. I, however, can't believe that the Javascript codes are inserted by the firewall on every single web page I downlanded.

david_kw
Mar 23rd, 2007, 12:14 AM
Personally I have no experience with Zone Labs software so I'm just repeating what several of the websites found by the Google search repeated. You could try disabling it and see if the problem persists I suppose.

graficus
Mar 23rd, 2007, 12:14 AM
Wow, originally I thought it was something for debugging the programmer used.
I can't believe ZoneAlarm is going this. Invasion by your own firewall! LOL.
Best thing is to use a router with firewall built-in.

FJbrian
Mar 23rd, 2007, 12:19 AM
That's spyware

Adaware might get it. Ewido.net's online scanner will definitely get it.

It's somewhat old and I'm not sure if that person is even really spying on you any more. IIRC people incorrectly blamed one of google's apps for this a year ago if not longer.

Hit ewido and let us no if that doesn't just clean it up.

I don't believe it's ZoneAlarm doing that but people used to.

ArcticFox
Mar 23rd, 2007, 12:37 AM
It is Zone Alarm. It's put there for the ad/popup blocker. Go into the ZA settings and turn off the ad/popup blocker and the JS code will disappear.

vw98034
Mar 23rd, 2007, 01:23 AM
Thanks folks.

I finally solve this years' long puzzle. Sometimes, you have to believe what you can't believe.