polonus
4
Tend to belive this, however here nothing was found: http://www.garyshood.com/virus/ for
Seen another redirect to: htxp://209.170.78.103/dl1sw.baidu.com/qdmn/hetwrx_30071.exe?wsiphost=local
only Emisift to flag…
For that IP see what we got here: http://www.scumware.org/report/file.myfiles.com.cn
What you said, a backdoor trojan.
Some malcode out there → http://totalhash.com/network/dnsrr:*sw.baidu.com*%20or%20ip:sw.baidu.com
and in particular: http://totalhash.com/network/fiename:*hetwrx_30071.exe%20*%20or%20registry:*hetwrx_30071.exe%20*
polonus