mhtmlredir.exploit

  • Thread starter Thread starter Bob H
  • Start date Start date
B

Bob H

If this is the form for this question please let me know which is he
appropriate form.

A recent Norton Virus scan showed a "virus found" which was "automatically
deleted".

"The file C:\Program Files\Norton SystemWorks\Norton
Antivirus\Quarantine\74702E1C is infected with the MHTMLRedir.Exploit
virus."

The file name being "74702E1C" but a second scan will give a different file
name, file name changes with each scan. I have done Spybot spyware and
Ad-Aware scans.

Searching Symantec for removal instructions I get the following removal
instructions:

"Because this is an exploit only, there are no removal instructions, since
there is nothing to remove. This is a detection for the exploit, preventing
the execution of malicious content on your computer. By detecting the
exploit, it is prevented from running."

How do I get rid of this "mhtmlredir.Exploit". Is it a registry key I have
to change? Where did it come from? My firewall was down for a bit, was
that the origin? Actually, I just want to get rid of it, stop it from
reoccurring?

Thanks, Bob
 
HTML.MHTMLRedir!exploit is a generic detection of web pages or e-mail
messages which attempt to exploit the "MHTML URL Processing" vulnerability
in Internet Explorer.

This does not necessarily mean that a virus has been found. It merely means
that HTML code was found which attempts to activate additional executable
code without the user's express permission. This exploit can be used in a
malicious web page or inside e-mail messages to execute code of the
attacker's choice on the user's machine. Users of Internet Explorer and
applications such as Outlook or Outlook Express that employs Internet
Explorer to render HTML content are vulnerable to this exploit.
Microsoft have released a patch to address this issue. Please visit
Microsoft for further information and to apply the relevant patches:
http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx

Note: this detection may be triggered by merely visiting a web page that
contains malicious code. It does not necessarily mean your machine has been
compromised, nor that your machine is vulnerable to this particular exploit.

If this exploit is being detected in the Temporary Internet Files directory,
in order to remove unwanted files from your computer, you will have to
remove all off-line content from your PC

The Temporary Internet Files (or cache) folder contains Web page content
that is stored on your hard disk for quick viewing. This cache permits
Internet Explorer or MSN Explorer to download only the content that has
changed since you last viewed a Web page, instead of downloading all the
content for a page every time it is displayed. To delete the files in the
Temporary Internet Files folder, follow these steps:.

To delete *all* Temporary Internet Files...

1) Start | Run | Type: inetcpl.cpl | OK
Or right click the Internet Explorer icon on your Desktop.
Or: Start | Settings | Control Panel | Internet Options.
Best to do this with all instances of Internet Explorer closed. Especially
if there are a large number of files.
2) On the General Tab, in the middle of the screen, click on Delete Files
3) Check the box Delete all offline content
4) Click on OK and wait for the hourglass icon to stop after it deletes the
temporary internet files
5) You can now click on Delete Cookies and click OK to delete cookies that
websites have placed on your hard drive.
-----

Empty out your temp folder also...
Start | Run | Type: %tmp% | Click OK |
Delete everything in the right hand pane.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
Go to Start>All Programs>Norton SystemWorks>Norton Antivirus>Quarantine and
when the window opens you should see the file. Delete it.
 
I meant to add, if any files have been quarantined, you can remove. If not,
then you probably need take no futher action.

--
Colin Barnhorst [MVP Windows - Virtual Machine]
(Reply to the group only unless otherwise requested)
Colin Barnhorst said:
Go to Start>All Programs>Norton SystemWorks>Norton Antivirus>Quarantine
and when the window opens you should see the file. Delete it.

--
Colin Barnhorst [MVP Windows - Virtual Machine]
(Reply to the group only unless otherwise requested)
Bob H said:
If this is the form for this question please let me know which is he
appropriate form.

A recent Norton Virus scan showed a "virus found" which was
"automatically deleted".

"The file C:\Program Files\Norton SystemWorks\Norton
Antivirus\Quarantine\74702E1C is infected with the MHTMLRedir.Exploit
virus."

The file name being "74702E1C" but a second scan will give a different
file name, file name changes with each scan. I have done Spybot spyware
and Ad-Aware scans.

Searching Symantec for removal instructions I get the following removal
instructions:

"Because this is an exploit only, there are no removal instructions,
since there is nothing to remove. This is a detection for the exploit,
preventing the execution of malicious content on your computer. By
detecting the exploit, it is prevented from running."

How do I get rid of this "mhtmlredir.Exploit". Is it a registry key I
have to change? Where did it come from? My firewall was down for a bit,
was that the origin? Actually, I just want to get rid of it, stop it
from reoccurring?

Thanks, Bob
Click to expand...
Click to expand...
 
Nope, each scan of the folder indicates the infected file was deleted, yet
another one is deleted (thus created) with each scan. The security bulletin
doesn't seem to want to instal as it states I do not have the proper form of
Outlook installed (it is). I deleted the temp folders etc with no luck. Is
it a registry key causing this? the only mention is the infected file being
automatically deleted from the Quarantine folder. A search of the folder
shows nothing, should I delete everything in that folder? I can not be the
only person who has had this issue, and new to me.

Help
 
It does nmot appeaar in eth folder as Norton indicates it was automatically
deleted. I do not know what recreate this infected file.

Colin Barnhorst said:
Go to Start>All Programs>Norton SystemWorks>Norton Antivirus>Quarantine
and when the window opens you should see the file. Delete it.

--
Colin Barnhorst [MVP Windows - Virtual Machine]
(Reply to the group only unless otherwise requested)
Bob H said:
If this is the form for this question please let me know which is he
appropriate form.

A recent Norton Virus scan showed a "virus found" which was
"automatically deleted".

"The file C:\Program Files\Norton SystemWorks\Norton
Antivirus\Quarantine\74702E1C is infected with the MHTMLRedir.Exploit
virus."

The file name being "74702E1C" but a second scan will give a different
file name, file name changes with each scan. I have done Spybot spyware
and Ad-Aware scans.

Searching Symantec for removal instructions I get the following removal
instructions:

"Because this is an exploit only, there are no removal instructions,
since there is nothing to remove. This is a detection for the exploit,
preventing the execution of malicious content on your computer. By
detecting the exploit, it is prevented from running."

How do I get rid of this "mhtmlredir.Exploit". Is it a registry key I
have to change? Where did it come from? My firewall was down for a bit,
was that the origin? Actually, I just want to get rid of it, stop it
from reoccurring?

Thanks, Bob
Click to expand...
Click to expand...
 
Bob H said:
It does nmot appeaar in eth folder as Norton indicates it was
automatically
deleted. I do not know what recreate this infected file.

Colin Barnhorst said:
Go to Start>All Programs>Norton SystemWorks>Norton Antivirus>Quarantine
and when the window opens you should see the file. Delete it.

--
Colin Barnhorst [MVP Windows - Virtual Machine]
(Reply to the group only unless otherwise requested)
Bob H said:
If this is the form for this question please let me know which is he
appropriate form.

A recent Norton Virus scan showed a "virus found" which was
"automatically deleted".

"The file C:\Program Files\Norton SystemWorks\Norton
Antivirus\Quarantine\74702E1C is infected with the MHTMLRedir.Exploit
virus."

The file name being "74702E1C" but a second scan will give a different
file name, file name changes with each scan. I have done Spybot spyware
and Ad-Aware scans.

Searching Symantec for removal instructions I get the following removal
instructions:

"Because this is an exploit only, there are no removal instructions,
since there is nothing to remove. This is a detection for the exploit,
preventing the execution of malicious content on your computer. By
detecting the exploit, it is prevented from running."

How do I get rid of this "mhtmlredir.Exploit". Is it a registry key I
have to change? Where did it come from? My firewall was down for a
bit,
was that the origin? Actually, I just want to get rid of it, stop it
from reoccurring?

Thanks, Bob
Click to expand...
Click to expand...
Click to expand...

Boot to Safe Mode and run Norton again.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/default.aspx
http://defendingyourmachine.blogspot.com/
 
Damn I must be slow this weekend. As the scan showed the infected file was
in the quarantined folder, and I dod not think anything in there was really
needed, I deleted most of the contents and .. problem solved. thanks for ur
help

Colin Barnhorst said:
I meant to add, if any files have been quarantined, you can remove. If
not, then you probably need take no futher action.

--
Colin Barnhorst [MVP Windows - Virtual Machine]
(Reply to the group only unless otherwise requested)
Colin Barnhorst said:
Go to Start>All Programs>Norton SystemWorks>Norton Antivirus>Quarantine
and when the window opens you should see the file. Delete it.

--
Colin Barnhorst [MVP Windows - Virtual Machine]
(Reply to the group only unless otherwise requested)
Bob H said:
If this is the form for this question please let me know which is he
appropriate form.

A recent Norton Virus scan showed a "virus found" which was
"automatically deleted".

"The file C:\Program Files\Norton SystemWorks\Norton
Antivirus\Quarantine\74702E1C is infected with the MHTMLRedir.Exploit
virus."

The file name being "74702E1C" but a second scan will give a different
file name, file name changes with each scan. I have done Spybot spyware
and Ad-Aware scans.

Searching Symantec for removal instructions I get the following removal
instructions:

"Because this is an exploit only, there are no removal instructions,
since there is nothing to remove. This is a detection for the exploit,
preventing the execution of malicious content on your computer. By
detecting the exploit, it is prevented from running."

How do I get rid of this "mhtmlredir.Exploit". Is it a registry key I
have to change? Where did it come from? My firewall was down for a
bit, was that the origin? Actually, I just want to get rid of it, stop
it from reoccurring?

Thanks, Bob
Click to expand...
Click to expand...
Click to expand...
 
You're welcome.

--
Colin Barnhorst [MVP Windows - Virtual Machine]
(Reply to the group only unless otherwise requested)
Bob H said:
Damn I must be slow this weekend. As the scan showed the infected file
was in the quarantined folder, and I dod not think anything in there was
really needed, I deleted most of the contents and .. problem solved.
thanks for ur help

Colin Barnhorst said:
I meant to add, if any files have been quarantined, you can remove. If
not, then you probably need take no futher action.

--
Colin Barnhorst [MVP Windows - Virtual Machine]
(Reply to the group only unless otherwise requested)
Colin Barnhorst said:
Go to Start>All Programs>Norton SystemWorks>Norton Antivirus>Quarantine
and when the window opens you should see the file. Delete it.

--
Colin Barnhorst [MVP Windows - Virtual Machine]
(Reply to the group only unless otherwise requested)
If this is the form for this question please let me know which is he
appropriate form.

A recent Norton Virus scan showed a "virus found" which was
"automatically deleted".

"The file C:\Program Files\Norton SystemWorks\Norton
Antivirus\Quarantine\74702E1C is infected with the MHTMLRedir.Exploit
virus."

The file name being "74702E1C" but a second scan will give a different
file name, file name changes with each scan. I have done Spybot
spyware and Ad-Aware scans.

Searching Symantec for removal instructions I get the following removal
instructions:

"Because this is an exploit only, there are no removal instructions,
since there is nothing to remove. This is a detection for the exploit,
preventing the execution of malicious content on your computer. By
detecting the exploit, it is prevented from running."

How do I get rid of this "mhtmlredir.Exploit". Is it a registry key I
have to change? Where did it come from? My firewall was down for a
bit, was that the origin? Actually, I just want to get rid of it, stop
it from reoccurring?

Thanks, Bob
Click to expand...
Click to expand...
Click to expand...
 
Back
Top