2 exploits identified--how to remove?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I ran AVG and it found:

324123[1].html  Exploit.anl

sploit[1].anr  Exploit.MS05-002


AVG is still running so maybe it will remove it afterwards.

But, if not, how do I remove it?

Mel




Re: 2 exploits identified--how to remove?

Well, I guess I jumped the gun.
It says it deleted it.

Hope that's true and it doesn't return!

Mel


Quoted text here. Click to load it



Re: 2 exploits identified--how to remove?


| Well, I guess I jumped the gun.
| It says it deleted it.
|
| Hope that's true and it doesn't return!
|
| Mel
|

They are exploit codes found in the browser cache and when you went to a
malicious site they
were blocked or, hopefully, it wasn't a case where you went to a web site a
while back and
during a scan these exploit codes were subsequently found in the browser cache.

They won't "return" unless you revisit that specific site that hosted the
malicious codes or
other malicious sites.

Example log even from McAfee when visiting a malicious site...
1/23/2008 8:55:55 PM Delete failed (Clean failed)  DLIPMAN-1\lipman
D:\temp\IE6\Temporary
Internet Files\Content.IE5\C5I301U74123[1].htm Exploit-ANIfile.c

The reason why the above indicates "Delete failed (Clean failed)" is because the
file wasn't
allowed to be written to the cache and was blocked.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: 2 exploits identified--how to remove?

Quoted text here. Click to load it
hopefully, it wasn't a case where you went to a web site a while back and
during a scan these exploit codes were subsequently found in the browser
cache.

Quoted text here. Click to load it

David:

Unfortunately, I must assume that's the case.

I only discovered the problem by routinely running AVG. I don't recall
anything popping up while I was at a site indicating any problem.

Hopefully, no damage was done.

Mel



Quoted text here. Click to load it



Re: 2 exploits identified--how to remove?

Quoted text here. Click to load it

You sure that wasn't "Exploit.ani"?
http://www.cio.com/article/103055/More_Than_K_Sites_Now_Exploit_.ANI_Security_Vulnerability
http://www.pctools.com/mrc/infections/id/Exploit.ANI /

Quoted text here. Click to load it
http://www.microsoft.com/technet/security/bulletin/ms05-002.mspx
A really old exploit (same one as above).

Quoted text here. Click to load it

Since your other post says that AVG deleted the files that
incorporated those browser exploits, probably from your TIF cache,
don't revisit those sites, or add them in the Restricted Sites
security zone (or in your hosts file so you can't get there anymore
unless you have URL blocking in your firewall or an IE plug-in, like
IE7Pro).  Depends on WHERE the pest was detected.  Maybe it is in a
System Restore point (which means AVG can't delete it) or in your
Recycle Bin.


Site Timeline