No kurienes, nav ne jausmas. Vienīgais, pamēģini iebāzt šito pašu eksi tarbālā vai 7zipā ar lzma. Un tad iedod linku, palūrēs.
@D_L nekas tur netiek kabināts. Tur tiek saķerts explorers aiz pašiem pautiem, iexplore ir handleris.
Aldis līdz ar to var nemaz nebūt vainīgs. Vismaz apzināti ne.The virus is written in assembly language.
It infects *.exe and *.scr files when files are opened (the usage of tools that show file icons is very harmful in this situation). When infecting the virus appends itself at the end of the file as a crypted body. It does not infect dll files or file whose name start with (â€œwincâ€,â€wcunâ€,â€wc32â€,â€pstoâ€). It hides its process by injecting viral code in other processes in the system.
The virus is continuously trying to connect to a IRC (proxima.irc[removed]) server on port 65520 and receives commands to download a file. It can interpret 2 different commands:
a "check if connected" command
a PRIV command witch can contain a link to a possible virus.
The default file witch is being downloaded from the IRC server is VT100.exe (witch moves itself in %windir%/system32 directory and acts as a backdoor program).