Re: Javascript exploit

---

• From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
• Date: Mon, 06 Nov 2006 22:03:47 GMT

---

From: "Ant" <not@xxxxxxxxxx>


|
| It will try to create the other names elsewhere if the above fails:
|
| Random numeric exe in c:\recycler, or user's temp directory.
| Random numeric exe prefixed with "sys" in root of current drive.
| ntdetect.exe in c:\ (the genuine MS ntdetect has a .com extenstion).
|
| Did you use a test machine or were you able to deobfuscate the
| Javascript? It's not as straightforward as some and, apart from being
| multiply encoded, will come out as garbage if you're unaware of the
| little trick the author used.
|

Test PC.

I am having it analyzed.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.

---

• Follow-Ups:
  • Re: Javascript exploit
    • From: Ant

• References:
  • Javascript exploit
    • From: tomasz . wasiluk
  • Re: Javascript exploit
    • From: David H. Lipman
  • Re: Javascript exploit
    • From: brooner
  • Re: Javascript exploit
    • From: David H. Lipman
  • Re: Javascript exploit
    • From: Ant
  • Re: Javascript exploit
    • From: David H. Lipman
  • Re: Javascript exploit
    • From: Ant

• Prev by Date: Re: MS WORD launches slowly due to IE local security setting
• Next by Date: Re: Javascript exploit
• Previous by thread: Re: Javascript exploit
• Next by thread: Re: Javascript exploit
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > alt.computer.security  > 2006-11