Yesterday, AntiVir detects a vbscript as :VBS/Dldr.Agent.sver
I try had a hand with that and try to find what it is actually doing:
|Formatted script using malzilla|
If you look at the script, it set the site name as nosensetoblock and temp folder location as tfolder. It loads a cmd file in temp location as follows:
var genesis is equal to "%TEMP%\\keybtc.cmd", autorotatedomain="images";
Use the Try catch method for auto reply (refer the image).
Its good detect these kind of scripts :).
Post made by