2 Microsoft files Detected as spyware.

See next post with attachment.

--
Thank you,
Eric Vogel
http://shelluser.mvps.org
http://msn.mvps.org
http://www.msmvps.com/shelluser

Normally my system is clean. Somehow (SAV was not clear as to which varient)
HTML/IE Crash got into the MSN Desktop Search Cache and SAV 9.01 with
12/28/04 Defs. (Latest def's when it found it earlier this week) got right
through the AV Real-time scanner. I have not seen any outbound requests on
XP2 Firewall. (Have ISA 2000 for inbound on SBS 2003). This could by why I
got infected.

I just renewed SAV, looks like I may have to re-evaluate whats out there
next year.

--
Thank you,
Eric Vogel
http://shelluser.mvps.org
http://msn.mvps.org
http://www.msmvps.com/shelluser
"Eric C. Vogel" <evogel@benefitservicesgroup.com> wrote in message
news:Ogc0kt$8EHA.2364@CPMSFTNGSA04.privatenews.microsoft.com...
> See next post with attachment.
>
> --
> Thank you,
> Eric Vogel
> http://shelluser.mvps.org
> http://msn.mvps.org
> http://www.msmvps.com/shelluser
>
>

I think chktrust.exe and extract.exe aren't windows files cuz I don't have
them in my windows system32 dir

"Eric C. Vogel" <evogel@benefitservicesgroup.com> wrote in message
news:edS5tw$8EHA.2468@cpmsftngsa05.privatenews.microsoft.com...
> Normally my system is clean. Somehow (SAV was not clear as to which
> varient) HTML/IE Crash got into the MSN Desktop Search Cache and SAV 9.01
> with 12/28/04 Defs. (Latest def's when it found it earlier this week) got
> right through the AV Real-time scanner. I have not seen any outbound
> requests on XP2 Firewall. (Have ISA 2000 for inbound on SBS 2003). This
> could by why I got infected.
>
> I just renewed SAV, looks like I may have to re-evaluate whats out there
> next year.
>
> --
> Thank you,
> Eric Vogel
> http://shelluser.mvps.org
> http://msn.mvps.org
> http://www.msmvps.com/shelluser
> "Eric C. Vogel" <evogel@benefitservicesgroup.com> wrote in message
> news:Ogc0kt$8EHA.2364@CPMSFTNGSA04.privatenews.microsoft.com...
>> See next post with attachment.
>>
>> --
>> Thank you,
>> Eric Vogel
>> http://shelluser.mvps.org
>> http://msn.mvps.org
>> http://www.msmvps.com/shelluser
>>
>>
>
>
>

chktrust.exe is part of the .NET Framework tools:
http://msdn.microsoft.com/library/d...chktrustexe.asp

It looks like extract.exe (in this case) is actually spyware:
http://sarc.com/avcenter/venc/data/adware.ieplugin.html


"Paul L." <msbeta@virus2.net> wrote in message
news:%23A94vlB9EHA.2348@CPMSFTNGSA04.privatenews.microsoft.com...
>I think chktrust.exe and extract.exe aren't windows files cuz I don't have
>them in my windows system32 dir
>
> "Eric C. Vogel" <evogel@benefitservicesgroup.com> wrote in message
> news:edS5tw$8EHA.2468@cpmsftngsa05.privatenews.microsoft.com...
>> Normally my system is clean. Somehow (SAV was not clear as to which
>> varient) HTML/IE Crash got into the MSN Desktop Search Cache and SAV 9.01
>> with 12/28/04 Defs. (Latest def's when it found it earlier this week) got
>> right through the AV Real-time scanner. I have not seen any outbound
>> requests on XP2 Firewall. (Have ISA 2000 for inbound on SBS 2003). This
>> could by why I got infected.
>>
>> I just renewed SAV, looks like I may have to re-evaluate whats out there
>> next year.
>>
>> --
>> Thank you,
>> Eric Vogel
>> http://shelluser.mvps.org
>> http://msn.mvps.org
>> http://www.msmvps.com/shelluser
>> "Eric C. Vogel" <evogel@benefitservicesgroup.com> wrote in message
>> news:Ogc0kt$8EHA.2364@CPMSFTNGSA04.privatenews.microsoft.com...
>>> See next post with attachment.
>>>
>>> --
>>> Thank you,
>>> Eric Vogel
>>> http://shelluser.mvps.org
>>> http://msn.mvps.org
>>> http://www.msmvps.com/shelluser
>>>
>>>
>>
>>
>>
>
>