MS04-013/KB837009/Trojan

B

Bruce

Hi,

I'm running WinXPHome SP1 with OE6 SP1. I keep up with critical updates,
and I run McAfee Virus Scan Online.

I'm trying to understand why, as my daughter was browsing the internet, the
real time mode of McAfee automatically detected and cleaned three trojans,
even though I have everything patched up.

Here are the McAfee messages, one for each trojan:

1) The file C:\Documents and Settings\DEFAULT\Local Settings\Temporary
Internet Files\Content.IE5\WXW7P0KM\wmp[1].htm was infected by the Exploit-
MhtRedir.gen trojan and has been deleted to complete the Clean process.

2) The file C:\Documents and Settings\DEFAULT\Local Settings\Temporary
Internet Files\Content.IE5\6LFC3M9D\wmp[1].htm was infected by the Exploit-
MhtRedir.gen trojan and has been deleted to complete the Clean process.

3 The file C:\Documents and Settings\DEFAULT\Local Settings\Temporary
Internet Files\Content.IE5\89CGO98L\FRAMEPB_1U[1].HTML was infected by the
Exploit-IFrame trojan and has been deleted to complete the Clean process.

Numbers 1) and 2) are supposed to be prevented by a patch issued on
3/29/01, as described in MS01-020, Q290108.

Number 3) is supposed to be prevented by a patch issued on 4/13/04, as
described in MS04-013, KB837009.

If I go into my Update History, I see that I installed the patch in 3) on
4/19/04. It's decsribed as a Cumulative Security Update for Outlook
Express 6 Service Pack 1 (KB837009).

The other, older patch from 3/29/01, I assume was incorporated in the newer
versions on OE, i.e OE 5.5/6.

Question?

Am I justified in wondering how these trojans even got in, or am I missing
something very basic.

(I also have the basic XP firewall enabled.)

Sincerely,
Bruce
 
C

Carey Frisch [MVP]

Those folks who write virus files have found ways to bypass
some antivirus programs or disable them. Having a fully
patched operating system will not necessarily prevent a virus from
entering your system. You need to take stronger, preventive measures.

Download Ad-Aware 6.0 and scan your PC for spyware:
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

To secure your computer and prevent possible future security breeches,
consider installing a first-rate, comprehensive, internet security program:

Norton Internet Security 2004
http://www.symantec.com/sabu/nis/nis_pe/

-- Includes Norton AntiVirus 2004
-- Includes Norton Personal Firewall
-- Includes prevention of annoying web pop-ups
-- Includes Parental Controls
-- All in one, easy-to-install package

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

---------------------------------------------------------------------------------


| Hi,
|
| I'm running WinXPHome SP1 with OE6 SP1. I keep up with critical updates,
| and I run McAfee Virus Scan Online.
|
| I'm trying to understand why, as my daughter was browsing the internet, the
| real time mode of McAfee automatically detected and cleaned three trojans,
| even though I have everything patched up.
|
| Here are the McAfee messages, one for each trojan:
|
| 1) The file C:\Documents and Settings\DEFAULT\Local Settings\Temporary
| Internet Files\Content.IE5\WXW7P0KM\wmp[1].htm was infected by the Exploit-
| MhtRedir.gen trojan and has been deleted to complete the Clean process.
|
| 2) The file C:\Documents and Settings\DEFAULT\Local Settings\Temporary
| Internet Files\Content.IE5\6LFC3M9D\wmp[1].htm was infected by the Exploit-
| MhtRedir.gen trojan and has been deleted to complete the Clean process.
|
| 3 The file C:\Documents and Settings\DEFAULT\Local Settings\Temporary
| Internet Files\Content.IE5\89CGO98L\FRAMEPB_1U[1].HTML was infected by the
| Exploit-IFrame trojan and has been deleted to complete the Clean process.
|
| Numbers 1) and 2) are supposed to be prevented by a patch issued on
| 3/29/01, as described in MS01-020, Q290108.
|
| Number 3) is supposed to be prevented by a patch issued on 4/13/04, as
| described in MS04-013, KB837009.
|
| If I go into my Update History, I see that I installed the patch in 3) on
| 4/19/04. It's decsribed as a Cumulative Security Update for Outlook
| Express 6 Service Pack 1 (KB837009).
|
| The other, older patch from 3/29/01, I assume was incorporated in the newer
| versions on OE, i.e OE 5.5/6.
|
| Question?
|
| Am I justified in wondering how these trojans even got in, or am I missing
| something very basic.
|
| (I also have the basic XP firewall enabled.)
|
| Sincerely,
| Bruce
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Backdoor.Trojan virus 1
McAffee Caught a Trojan That AS Missed 4
Trojan/Riskware Help 34
Trojan ByteVerify 1
Unable to remove Trojan 2
Trojan Horse regularly appearing under similar names in temp net f 4
MS04-013 needs revision? 3
trojan advice 3

Top