Exploit Virus Found after loading SP2

G

Guest

I installed Windows XP SP2 several weeks ago without incident. Today my
Norton Anti-virus program found MHTMLRedir.Exploit on my PC. I searched the
Symantec web site and found the virus should have been removed with MS
Security Patch 837009 pre-SP2. I tried to run the patch but received an error
message stating the patch cannot be run without Internet Explorer 6.0 SP1
being run. Does Windows XP SP2 load all previous SP1 patches and updates? Is
there anything I should do to minimize the risk to my computer and IE6?
 
F

Frank Saunders, MS-MVP IE/OE

Caravaggio said:
I installed Windows XP SP2 several weeks ago without incident. Today
my Norton Anti-virus program found MHTMLRedir.Exploit on my PC. I
searched the Symantec web site and found the virus should have been
removed with MS Security Patch 837009 pre-SP2. I tried to run the
patch but received an error message stating the patch cannot be run
without Internet Explorer 6.0 SP1 being run. Does Windows XP SP2 load
all previous SP1 patches and updates? Is there anything I should do
to minimize the risk to my computer and IE6?
Click to expand...

SP2 includes all patches that came out before SP2 was released.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/
 
G

Guest

Caravaggio,
Did Norton report it only as a file in the IE temporary files area?
The MHTMLRdir.exploit can be detected by Norton in two ways, as a file
during a scan or when you visit a web site and the exploit runs, since it is
script contained in a web page.

When you visit a web site that runs the exploit script, it will attemp to
download another file or program (usually a trojan). With SP2's security,
scripting is off by default, so the web page with the offending script will
end up in your browser cache (temp files), without ever being a threat.
Norton may not catch it on the way in because it is looking for the action of
the script running, not the code in the file.

Try clearing IE's temporary files* and then rescanning to be sure it's gone.
If the exploit actually ran, the trojan code should be caught with a scan
with an updated version of Norton

Hope this helps
-J

Menu item Tools/Internet Options - click on Delete Files button.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

File Protocol Jpg Image Blocking in I.E 6.0 SP2 1
Cannot Run Security Update Q813951 in SP2 1
Possible QHosts problem... patch wont work!! 2
Virus found in IE Update 1
"The page cannot be found". 1
Blank Browser Windows 3
How do you install sp1 after sp2 ?? 5
IE 6 SP2? 7

Top