anybody found an av that can remove xml exploit virus?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

xml exploit [ aka Exploit:JS/Agent.IHL ]. Announced on Dec 12, 2008 by
Microsoft in their bulletin. Affects Internet Explorer 7, and all other
versions of Internet Explorer.  Security hole mentioned  in thread "Serious
security flaw found in IE"

It's a bad one, no known anti-virus program can remove it at this writing
[ AFAIK ]. Wiping the disk and reinstalling are the only known cures at this
time.

It is known to inhabit the servers at certain places in youtube and myspace,
anong others.

You can still get it even if you use only good websites, because it can
inject itself across the databases shared by sites.

A friend in the business reports having 7 systems infected in his backlog,
and a shop nearby has overflow of 12 or so. [ Houston, Tx  Northside] thurs
, 12/18/08

anybody see it yet in your area? [ haven't seen it mentioned by name in this
group since 12 /17]
--
Tommy



Re: anybody found an av that can remove xml exploit virus?



| xml exploit [ aka Exploit:JS/Agent.IHL ]. Announced on Dec 12, 2008 by
| Microsoft in their bulletin. Affects Internet Explorer 7, and all other
| versions of Internet Explorer.  Security hole mentioned  in thread "Serious
| security flaw found in IE"

| It's a bad one, no known anti-virus program can remove it at this writing
| [ AFAIK ]. Wiping the disk and reinstalling are the only known cures at this
| time.

| It is known to inhabit the servers at certain places in youtube and myspace,
| anong others.

| You can still get it even if you use only good websites, because it can
| inject itself across the databases shared by sites.

| A friend in the business reports having 7 systems infected in his backlog,
| and a shop nearby has overflow of 12 or so. [ Houston, Tx  Northside] thurs
| , 12/18/08

| anybody see it yet in your area? [ haven't seen it mentioned by name in this
| group since 12 /17]
| --
| Tommy


Exploits are NOT viruses.  They exploit code.  Antivirus applications can block
eploitation attempts or remoce exploit code.

Since we are talking about explotation of IE, the code is resident upon a web
page and
chances are there is NOTHING latent on the PC to remove.  If the exploitation
code was
successful prior to the HotFix and the code was not recognized by a particular
AV
solution, it is too late.  The objective is to patch IE ASAP and get a sample of
the
exploit code to the AV vendor so they may generate signatures for it.  One way
to do this
is submit the exploit code directly to the vendor and another is to submit a
sample to
Virus Total.

You said... "It's a bad one, no known anti-virus program can remove it at this
writing".
You must understand that that this exploit is server based and there is nothing
to remove.
If the exploit was succesful, ou are dealing with the payload of the
exploitation not the
exploit.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: anybody found an av that can remove xml exploit virus?



Quoted text here. Click to load it
"Serious
Quoted text here. Click to load it
writing
this
myspace,
backlog,
thurs
this
block
web page and
Quoted text here. Click to load it
exploitation code was
Quoted text here. Click to load it
particular AV
sample of the
Quoted text here. Click to load it
way to do this
Quoted text here. Click to load it
a sample to
Quoted text here. Click to load it
this writing".
Quoted text here. Click to load it
nothing to remove.
Quoted text here. Click to load it
exploitation not the
Quoted text here. Click to load it
I stand corrected. I didn't know what to call it. It was passed along to me
with not too many details. I haven't heard of the name of the virus
[payload] that they have found. They claim they have used all known av
scans, and haven't been able to restore the machines. [ and are reinstalling
all the software on them] I will report back after getting some more details
if possible.

I apologize for my imprecise language and thank you for pointing this out to
me.
I will also pass along your remarks, but do not expect that they have the
payload[s] as they report nothing from av scanning. There must be damage
otherwise they would have no need to reformat and reinstall.

I'm still wondering if anybody else has seen this on a.c.a.v

Thanks for your comments.
--
Tommy




Site Timeline