Re: Javascript exploit



From: "Ant" <not@xxxxxxxxxx>


|
| It will try to create the other names elsewhere if the above fails:
|
| Random numeric exe in c:\recycler, or user's temp directory.
| Random numeric exe prefixed with "sys" in root of current drive.
| ntdetect.exe in c:\ (the genuine MS ntdetect has a .com extenstion).
|
| Did you use a test machine or were you able to deobfuscate the
| Javascript? It's not as straightforward as some and, apart from being
| multiply encoded, will come out as garbage if you're unaware of the
| little trick the author used.
|

Test PC.

I am having it analyzed.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.