剛稍微研究了一下，除了那個wretcn.exe外。
有個yahoo.htm會用VBScript去下載http://www.gamanai.net/test/gamanai.yyy (yyy=exe 怕有人誤連所以打yyy)
來安裝，

另外還有個songs.smi好像是用realplayer的漏洞來裝不知道啥東西。


wretcn.exe和gamanai.exe我已經送去卡巴斯基了，他回信

New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.