You do realize the last post in this thread is from JUNE, correct?
Coded.txt, once you look at the code in a bit better formatting, you see it does this:
sets $F equal to the name of itself (the file)
sets $X to an encrypted string
decodes and evaluates:
JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='
I would assume that code would then, once decoded and evaluated, act on decoding and evaluating those two variables. Also, your decript.php uses gzinflate, not base64_decode, which is what your encoding in coded.txt is.
Sooooo.... go back and read the rest of this thread (not the manual), and see how they break down the base64 encoding, in the first couple of posts. Then, implement THAT on the SECOND encoding in your file. Then you can figure out what it does to the first encoding, and decode that.
Just don't hurt yourself :/ If I have more time in a bit I'll decode it for you
Edit: Okay, done with supper.
That second encoding evaluates out to this:
$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;
$_X then decodes to this:
?>v1r l4nks = n5w Arr1y(); $t4m5n2w ORDER BY 4d ASC") 2r d45(mysql_5rr2r()); $p55l_1d_c23nt = mysql_r5s3lt(mysql_q35ry("SELECT COUNT(*) 1s N3m FROM 1dp55l5rs WHERE st1t3s = 6 AND 5xp4r5 > $t4m5n2w"),0); 4f($1ff4l41t54d!="") { $p55l_1d_c23nt = $p55l_1d_c23nt+6; $c23nt5r6 = 6; pr4nt "l4nks[6] = 5sc1p5('http://www.1dp55l5rs.c2m/2ff5r-".$1ff4l41t54d."-6i8eo-6.html');"; } 5ls5 { $c23nt5r6 = 0; } wh4l5 ($r2wpd = mysql_f5tch_1rr1y($p55l_d1t1)) { ++$c23nt5r6; pr4nt "l4nks[".$c23nt5r6."] = 5sc1p5('".$r2wpd['l4nk']."');"; pr4nt "\n"; } ?> v1r b4g_4m1g5s = n5w Arr1y();
Which then seems to evaluate out to:
?>var links = new Array(); $timenow ORDER BY id ASC") or die(mysql_error()); $peel_ad_count = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM adpeelers WHERE status = 1 AND expire > $timenow"),0); if($affiliateid!="") { $peel_ad_count = $peel_ad_count+1; $counter1 = 1; print "links[1] = escape('http://www.adpeelers.com/offer-".$affiliateid."-15863-1.html');"; } else { $counter1 = 0; } while ($rowpd = mysql_fetch_array($peel_data)) { ++$counter1; print "links[".$counter1."] = escape('".$rowpd['link']."');"; print "\n"; } ?> var big_images = new Array();
Then, I'm not sure about this next bit, but it looks like it tries to replace any references to FILE in the original evaluated code with the actual filename it's running from, then executes that code.
Looks like it's an ad loading script?
