Yesterday, AntiVir detects a vbscript as :VBS/Dldr.Agent.sver
I try had a hand with that and try to find what it is actually doing:
 |
| Malicious script |
 |
| Formatted script using malzilla |
If you look at the script, it set the site name as nosensetoblock and temp folder location as tfolder. It loads a cmd file in temp location as follows:
var genesis is equal to "%TEMP%\\keybtc.cmd", autorotatedomain="images";
Use the Try catch method for auto reply (refer the image).
Its good detect these kind of scripts :).
Post made by
newWorld
No comments:
Post a Comment