I ran AVG and it found:

324123[1].html Exploit.anl

sploit[1].anr Exploit.MS05-002


AVG is still running so maybe it will remove it afterwards.

But, if not, how do I remove it?

Mel

Well, I guess I jumped the gun.
It says it deleted it.

Hope that's true and it doesn't return!

Mel


"MB_" <(E-Mail Removed)> wrote in message
news:rYLmj.44$(E-Mail Removed)...
>I ran AVG and it found:
>
> 324123[1].html Exploit.anl
>
> sploit[1].anr Exploit.MS05-002
>
>
> AVG is still running so maybe it will remove it afterwards.
>
> But, if not, how do I remove it?
>
> Mel
>
>
>

"MB_" wrote in message news:rYLmj.44$(E-Mail Removed)...
>I ran AVG and it found:
>
> 324123[1].html Exploit.anl

You sure that wasn't "Exploit.ani"?
http://www.cio.com/article/103055/Mo..._Vulnerability
http://www.pctools.com/mrc/infections/id/Exploit.ANI/

> sploit[1].anr Exploit.MS05-002
http://www.microsoft.com/technet/sec.../ms05-002.mspx
A really old exploit (same one as above).

> AVG is still running so maybe it will remove it afterwards.
> But, if not, how do I remove it?

Since your other post says that AVG deleted the files that
incorporated those browser exploits, probably from your TIF cache,
don't revisit those sites, or add them in the Restricted Sites
security zone (or in your hosts file so you can't get there anymore
unless you have URL blocking in your firewall or an IE plug-in, like
IE7Pro). Depends on WHERE the pest was detected. Maybe it is in a
System Restore point (which means AVG can't delete it) or in your
Recycle Bin.

From: "MZB" <(E-Mail Removed)>

| Well, I guess I jumped the gun.
| It says it deleted it.
|
| Hope that's true and it doesn't return!
|
| Mel
|

They are exploit codes found in the browser cache and when you went to a malicious site they
were blocked or, hopefully, it wasn't a case where you went to a web site a while back and
during a scan these exploit codes were subsequently found in the browser cache.

They won't "return" unless you revisit that specific site that hosted the malicious codes or
other malicious sites.

Example log even from McAfee when visiting a malicious site...
1/23/2008 8:55:55 PM Delete failed (Clean failed) DLIPMAN-1\lipman D:\temp\IE6\Temporary
Internet Files\Content.IE5\C5I301U7\324123[1].htm Exploit-ANIfile.c

The reason why the above indicates "Delete failed (Clean failed)" is because the file wasn't
allowed to be written to the cache and was blocked.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>>>>>>>>>>>>>>>>
hopefully, it wasn't a case where you went to a web site a while back and
during a scan these exploit codes were subsequently found in the browser
cache.

>>>>>>>>>>>>>>>>>>>>>>.

David:

Unfortunately, I must assume that's the case.

I only discovered the problem by routinely running AVG. I don't recall
anything popping up while I was at a site indicating any problem.

Hopefully, no damage was done.

Mel



"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:6qPmj.5824$O9.5667@trnddc01...
> From: "MZB" <(E-Mail Removed)>
>
> | Well, I guess I jumped the gun.
> | It says it deleted it.
> |
> | Hope that's true and it doesn't return!
> |
> | Mel
> |
>
> They are exploit codes found in the browser cache and when you went to a
> malicious site they
> were blocked or, hopefully, it wasn't a case where you went to a web site
> a while back and
> during a scan these exploit codes were subsequently found in the browser
> cache.
>
> They won't "return" unless you revisit that specific site that hosted the
> malicious codes or
> other malicious sites.
>
> Example log even from McAfee when visiting a malicious site...
> 1/23/2008 8:55:55 PM Delete failed (Clean failed) DLIPMAN-1\lipman
> D:\temp\IE6\Temporary
> Internet Files\Content.IE5\C5I301U7\324123[1].htm Exploit-ANIfile.c
>
> The reason why the above indicates "Delete failed (Clean failed)" is
> because the file wasn't
> allowed to be written to the cache and was blocked.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>