Hello, I was not sure if I should have put this here or in the other section of coding. Anyhoo, I have been trying to research what seems to be a virus, but I can find nothing. So I use google chrome on a mac, and adobe shockwave player does not work. I cant watch videos, etc. However, every few minutes a file names f.txt keeps downloading randomly, and now I have over 15 copies of the same file. Since its a .txt file I opened it to see what it was, and I am stumped. I was wondering if anyone could point out what this means, because I cant even recognize what language its written in (code wise) and it looks like gibberish code.
if (!window.mraid) {document.write('\x3cdiv class="GoogleActiveViewClass" ' +'id="DfaVisibilityIdentifier_1343211891813310628"\x3e');
}document.write('\x3ca target\x3d\x22_blank\x22 href\x3d\x22https://adclick.g.doubleclick.net/pcs/click?xai\x3dAKAOjstvoayYvErD7aBWQ9Gu5pSTc7TlGbKDPhbp0SeCgmhjm7_U1Q72HAoTqk7DtFgrf8gg2Ggw6thOIcj0KZ7aWsVYP3j9PYBNFK7S_gDW-c_5nFCR6qsDyUq9P4B2a-Ffr19X6FvcRT0\x26amp;sig\x3dCg0ArKJSzLYoVj_99SlW\x26amp;
adurl\x3dhttp://www.togetherwesave.com/%3Futm_source%3DTrivu%26utm_medium%3DDisplay%26utm_term%3DTWS%26utm_campaign%3DTS%2520Q2%25202014\x22\x3e\x3cimg src\x3d\x22https://s0.2mdn.net/viewad/4191887/1-tstone_300x60_TWS.GIF\x22 alt\x3d\x22Advertisement\x22 border\x3d\x220\x22 width\x3d\x22300\x22 height\x3d\x2260\x22\x3e\x3c/a\x3e');if (!window.mraid) {(function() {document.write('\x3c\x3e');
var avDiv = document.getElementById("DfaVisibilityIdentifier_1343211891813310628");
if (avDiv) {avDiv['_avi_'] = 'BP7323nFMVJrzLfGwwQGOsYCwAQAAAAAQATgByAEC4AQCoAY-';
avDiv['_avihost_'] = 'pagead2.googlesyndication.com';
}var glidar = document.createElement('script');
glidar.type = 'text/javascript';
glidar.async = true;
glidar.src = '//pagead2.googlesyndication.com/pagead/js/lidar.js';
var s = document.getElementsByTagName('script')[0];s.parentNode.insertBefore(glidar, s);
})();
}(function(){var f=function(a,c,b){return a.call.apply(a.bind,arguments)},g=function(a,c,b){if(!a)throw Error();
if(2<arguments.length){var d=Array.prototype.slice.call(arguments,2);
return function(){var b=Array.prototype.slice.call(arguments);
Array.prototype.unshift.apply(b,d);return a.apply(c,b)}}return function(){return a.apply(c,arguments)}},k=function(a,c,b){k=Function.prototype.bind&&-1!=Function.prototype.bind.toString().indexOf("native code")?f:g;
return k.apply(null,arguments)};
var l=document,m=window;var n=function(a){return{visible:1,hidden:2,prerender:3,preview:4}[a.webkitVisibilityState||a.mozVisibilityState||a.visibilityState||""]||0},p=function(a){var c;a.mozVisibilityState?c="mozvisibilitychange":a.webkitVisibilityState?c="webkitvisibilitychange":a.visibilityState&&(c="visibilitychange");
return c};var r=function(){this.g=l;this.j=m;this.i=!1;this.h=[];
this.m={};
if(3==n(this.g)){var a=k(this.o,this);
this.n=a;
var c=this.g,b=p(this.g);
c.addEventListener?c.addEventListener(b,a,!1):c.attachEvent&&c.attachEvent("on"+b,a)}else q(this)};
r.p=function(){return r.l?r.l:r.l=new r};var s=/^([^:]+:\/\/[^/]+)/m,t=/^\d*,(.+)$/m,q=function(a){if(!a.i){a.i=!0;
for(var c=0;c<a.h.length;++c)a.k.apply(a,a.h[c]);a.h=[]}};
r.prototype.q=function(a,c){var b=c.target.t();
(b=t.exec(b))&&(this.m[a]=b[1])};
r.prototype.k=function(a,c){var b;
if(b=this.s)i:{try{var d=s.exec(this.j.location.href),e=s.exec(a);
if(d&&e&&d[1]==e[1]&&c){var h=k(this.q,this,c);
this.s(a,h);b=!0;
break i}}catch(y){}b=!1}b||(b=this.j,b.google_image_requests||(b.google_image_requests=[]),d=b.document.createElement("img"),d.src=a,b.google_image_requests.push(d))};
r.prototype.o=function(){if(3!=n(this.g)){q(this);var a=this.g,c=p(this.g),b=this.n;
a.removeEventListener?a.removeEventListener(c,b,!1):a.detachEvent&&a.detachEvent("on"+c,b)}};
var u=function(a,c){var b=/(google|doubleclick).*\/pagead\/adview/.test(a),d=r.p(),e=a;if(b){b="&vis="+n(d.g);c&&(b+="&ve=1");
var h=e.indexOf("&adurl"),e=-1==h?e+b:e.substring(0,h)+b+e.substring(h)}d.i?d.k(e,c):d.h.push([e,c])},v=["pdib"],w=this;
v[0]in w||!w.execScript||w.execScript("var "+v[0]);for(var x;v.length&&(x=v.shift());
)v.length||void 0===u?w=w[x]?w[x]:w[x]={}:w[x]=u;})();pdib("https://googleads4.g.doubleclick.net/pagead/adview?ai\x3dB_i6a3nFMVJrzLfGwwQGOsYCwAQAAAAAQASAAOABQivOSQljG1pocYMnG2438pKgTggEJY2EtZ29vZ2xlsgEPd3d3LnlvdXR1YmUuY29tyAECqAMB4AQCmgUZCN3pWRDb2vA0GJT5s4cBIMbWmhwoj-3_AdoFAggBoAY-\x26sigh\x3dc8gVmk1_-7Q\x26adurl\x3d");
I also noticed something fishy about this file, it executes a .exe file (which was not downloaded) when clicking on an image on google images, I think. Thats the only bit of code I understand. I thought it was cool and was wondering if anyone would shed some light.
