Symptoms
Presence of a file named ~.exe in Content.IE5 folder
(eg. c:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 )
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Dana Stanut, virus researcher
Technical Description:
This is an exploit for
MS06-071 vulnerability in Microsoft XML Core Services. When executed, this script will download the file hxxp://????2w43iudeo38a.com/v382/getexe.exe?o=1&t=1221373836&i=1136370027&e=12, save it under ~.exe in Content.IE5 folder and then execute it. When this description was made the URL was not active.
SHARE
THIS ON