2 exploits identified--how to remove?

[MB_]

I ran AVG and it found:

324123[1].html Exploit.anl

sploit[1].anr Exploit.MS05-002


AVG is still running so maybe it will remove it afterwards.

But, if not, how do I remove it?

Mel

 

[MZB]

Well, I guess I jumped the gun.
It says it deleted it.

Hope that's true and it doesn't return!

Mel

 

[VanguardLH]

I ran AVG and it found:

324123[1].html Exploit.anl

You sure that wasn't "Exploit.ani"?
http://www.cio.com/article/103055/More_Than_K_Sites_Now_Exploit_.ANI_Security_Vulnerability
http://www.pctools.com/mrc/infections/id/Exploit.ANI/

sploit[1].anr Exploit.MS05-002

http://www.microsoft.com/technet/security/bulletin/ms05-002.mspx
A really old exploit (same one as above).

AVG is still running so maybe it will remove it afterwards.
But, if not, how do I remove it?

Since your other post says that AVG deleted the files that
incorporated those browser exploits, probably from your TIF cache,
don't revisit those sites, or add them in the Restricted Sites
security zone (or in your hosts file so you can't get there anymore
unless you have URL blocking in your firewall or an IE plug-in, like
IE7Pro). Depends on WHERE the pest was detected. Maybe it is in a
System Restore point (which means AVG can't delete it) or in your
Recycle Bin.

 

[David H. Lipman]

From: "MZB" <[email protected]>

| Well, I guess I jumped the gun.
| It says it deleted it.
|
| Hope that's true and it doesn't return!
|
| Mel
|

They are exploit codes found in the browser cache and when you went to a malicious site they
were blocked or, hopefully, it wasn't a case where you went to a web site a while back and
during a scan these exploit codes were subsequently found in the browser cache.

They won't "return" unless you revisit that specific site that hosted the malicious codes or
other malicious sites.

Example log even from McAfee when visiting a malicious site...
1/23/2008 8:55:55 PM Delete failed (Clean failed) DLIPMAN-1\lipman D:\temp\IE6\Temporary
Internet Files\Content.IE5\C5I301U7\324123[1].htm Exploit-ANIfile.c

The reason why the above indicates "Delete failed (Clean failed)" is because the file wasn't
allowed to be written to the cache and was blocked.

 

[MZB]

hopefully, it wasn't a case where you went to a web site a while back and
during a scan these exploit codes were subsequently found in the browser
cache.

David:

Unfortunately, I must assume that's the case.

I only discovered the problem by routinely running AVG. I don't recall
anything popping up while I was at a site indicating any problem.

Hopefully, no damage was done.

Mel

From: "MZB" <[email protected]>

| Well, I guess I jumped the gun.
| It says it deleted it.
|
| Hope that's true and it doesn't return!
|
| Mel
|

They are exploit codes found in the browser cache and when you went to a
malicious site they
were blocked or, hopefully, it wasn't a case where you went to a web site
a while back and
during a scan these exploit codes were subsequently found in the browser
cache.

They won't "return" unless you revisit that specific site that hosted the
malicious codes or
other malicious sites.

Example log even from McAfee when visiting a malicious site...
1/23/2008 8:55:55 PM Delete failed (Clean failed) DLIPMAN-1\lipman
D:\temp\IE6\Temporary
Internet Files\Content.IE5\C5I301U7\324123[1].htm Exploit-ANIfile.c

The reason why the above indicates "Delete failed (Clean failed)" is
because the file wasn't
allowed to be written to the cache and was blocked.