approx 2550 bytes
Presence of a file named m00.exe.
Please let BitDefender disinfect your files.
Mihai Razvan Benchea, virus researcher
The script exploits a vulnerability discovered on Internet Explorer 5.0 (blnmgr.dll). When executed, the script adds the following clsid: "083863f1-70de-11d0-b4d0-00a0c911ce86". The shellcode of the exploit is then executed on the remote host. It first tries to resolve its imports and after that tries to download and execute a file from the address: http://freedom.tih[hidden]. After the files is executed, the browser is being closed. The files is saved with the name m00.exe