- From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
- Date: Mon, 06 Nov 2006 22:03:47 GMT
From: "Ant" <not@xxxxxxxxxx>
| It will try to create the other names elsewhere if the above fails:
| Random numeric exe in c:\recycler, or user's temp directory.
| Random numeric exe prefixed with "sys" in root of current drive.
| ntdetect.exe in c:\ (the genuine MS ntdetect has a .com extenstion).
| Did you use a test machine or were you able to deobfuscate the
| multiply encoded, will come out as garbage if you're unaware of the
| little trick the author used.
I am having it analyzed.
- From: Ant