Murder7Сcылка живая.
Кратко процитирую:
W32.Donk.S is a network-aware worm that propagates through open network shares and allows a remote attacker to have unauthorized access to the infected computer through a backdoor. The worm also attempts to spread by exploiting several system vulnerabilities
...
Once W32.Donk.S is executed, it performs the following actions:
...
Prevents access to several security related Web sites by modifying the hosts file in %System%\drivers\etc and adding the following lines:
...
127.0.0.1 customer.symantec.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 updates.symantec.com
127.0.0.1 update.symantec.com
127.0.0.1
www.nai.com
127.0.0.1 nai.com
127.0.0.1 secure.nai.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1
www.my-etrust.com
127.0.0.1 my-etrust.com
127.0.0.1 mast.mcafee.com
127.0.0.1 ca.com
127.0.0.1
www.ca.com
127.0.0.1 networkassociates.com
127.0.0.1
www.networkassociates.com
127.0.0.1 avp.com
127.0.0.1
www.kaspersky.com
127.0.0.1
www.avp.com
127.0.0.1 kaspersky.com
127.0.0.1
www.f-secure.com
127.0.0.1 f-secure.com
127.0.0.1 viruslist.com
127.0.0.1
www.viruslist.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 mcafee.com
127.0.0.1
www.mcafee.com
127.0.0.1 sophos.com
127.0.0.1
www.sophos.com
127.0.0.1 symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1
www.symantec.com
