Archived from groups: microsoft.public.windowsxp.basics (
More info?)
Nope, each scan of the folder indicates the infected file was deleted, yet
another one is deleted (thus created) with each scan. The security bulletin
doesn't seem to want to instal as it states I do not have the proper form of
Outlook installed (it is). I deleted the temp folders etc with no luck. Is
it a registry key causing this? the only mention is the infected file being
automatically deleted from the Quarantine folder. A search of the folder
shows nothing, should I delete everything in that folder? I can not be the
only person who has had this issue, and new to me.
Help
"Wesley Vogel" <123WVogel955@comcast.net> wrote in message
news:em1XVSTIFHA.3332@TK2MSFTNGP15.phx.gbl...
> HTML.MHTMLRedir!exploit is a generic detection of web pages or e-mail
> messages which attempt to exploit the "MHTML URL Processing" vulnerability
> in Internet Explorer.
>
> This does not necessarily mean that a virus has been found. It merely
> means
> that HTML code was found which attempts to activate additional executable
> code without the user's express permission. This exploit can be used in a
> malicious web page or inside e-mail messages to execute code of the
> attacker's choice on the user's machine. Users of Internet Explorer and
> applications such as Outlook or Outlook Express that employs Internet
> Explorer to render HTML content are vulnerable to this exploit.
> Microsoft have released a patch to address this issue. Please visit
> Microsoft for further information and to apply the relevant patches:
>
http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx
>
> Note: this detection may be triggered by merely visiting a web page that
> contains malicious code. It does not necessarily mean your machine has
> been
> compromised, nor that your machine is vulnerable to this particular
> exploit.
>
> If this exploit is being detected in the Temporary Internet Files
> directory,
> in order to remove unwanted files from your computer, you will have to
> remove all off-line content from your PC
>
> The Temporary Internet Files (or cache) folder contains Web page content
> that is stored on your hard disk for quick viewing. This cache permits
> Internet Explorer or MSN Explorer to download only the content that has
> changed since you last viewed a Web page, instead of downloading all the
> content for a page every time it is displayed. To delete the files in the
> Temporary Internet Files folder, follow these steps:.
>
> To delete *all* Temporary Internet Files...
>
> 1) Start | Run | Type: inetcpl.cpl | OK
> Or right click the Internet Explorer icon on your Desktop.
> Or: Start | Settings | Control Panel | Internet Options.
> Best to do this with all instances of Internet Explorer closed.
> Especially
> if there are a large number of files.
> 2) On the General Tab, in the middle of the screen, click on Delete Files
> 3) Check the box ? Delete all offline content
> 4) Click on OK and wait for the hourglass icon to stop after it deletes
> the
> temporary internet files
> 5) You can now click on Delete Cookies and click OK to delete cookies that
> websites have placed on your hard drive.
> -----
>
> Empty out your temp folder also...
> Start | Run | Type: %tmp% | Click OK |
> Delete everything in the right hand pane.
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:eFquZBTIFHA.3588@TK2MSFTNGP14.phx.gbl,
> Bob H <bobandshauna@shaw.ca> hunted and pecked:
>> If this is the form for this question please let me know which is he
>> appropriate form.
>>
>> A recent Norton Virus scan showed a "virus found" which was
>> "automatically deleted".
>>
>> "The file C:\Program Files\Norton SystemWorks\Norton
>> Antivirus\Quarantine\74702E1C is infected with the MHTMLRedir.Exploit
>> virus."
>>
>> The file name being "74702E1C" but a second scan will give a
>> different file name, file name changes with each scan. I have done
>> Spybot spyware and Ad-Aware scans.
>>
>> Searching Symantec for removal instructions I get the following
>> removal instructions:
>>
>> "Because this is an exploit only, there are no removal instructions,
>> since there is nothing to remove. This is a detection for the
>> exploit, preventing the execution of malicious content on your
>> computer. By detecting the exploit, it is prevented from running."
>>
>> How do I get rid of this "mhtmlredir.Exploit". Is it a registry key I
>> have to change? Where did it come from? My firewall was down for a
>> bit, was that the origin? Actually, I just want to get rid of it,
>> stop it from reoccurring?
>>
>> Thanks, Bob
>