Avast WEBforum
Other => General Topics => Topic started by: AZ on August 07, 2003, 05:03:50 AM
-
How do I delete these files? Do I need to.
Scanning memory...
C:\WINDOWS\Temporary Internet Files\Content.IE5\OD2RS56J\Re_ Pictures.dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OD2RS56J\Re_.dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OD2RS56J\Re_ (1).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OD2RS56J\Re_ (2).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OD2RS56J\Re_ Pictures (1).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OD2RS56J\Re_ Pictures (2).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OD2RS56J\wbk7305.TMP->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\I1AHOD89\Re_.dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\I1AHOD89\Re_ (1).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\I1AHOD89\Re_ (2).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\I1AHOD89\Re_ (3).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\I1AHOD89\Re_ (4).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\21WPOR87\Re_.dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
Scanned
Thank you
-
You can delete every file or folder inside the "Content.IE5" folder. It is absolutly save. BTW: What Mailclient do you use? Outlook(Express)?
-
BTW what tool did you use to identify these files? avast doesn't tag the IFrame's as exploit (per se) because it's generally not true.
Quotation fro usenet with which I totally agree:
>As I have said often enough, the name or term "IFrame exploit" is
>meaningless. You may consider it a poor design decision, but the
>so-called "IFrame exploit" that some products detect is not an
>exploit at all. It is an IFrame doing exactly what IFrames are
>designed to do. The exploit such detections refer to has _always_
>been an Incorrect MIME HEader exploit. It has been especially taken
>advantage of through use of an IFrame, but as I have also said often
>enough, many products that (claim to) detect exploits of the
>"Incorrect MIME Header" vulnerability are actually very limited in
>their detection and typically will only detect such exploits if they
>use (one form of) an Iframe activation method. There are several
>other methods of "activating" an inline attachment but the method
>used in the first publicly posted sample exploit was the IFrame one,
>so guess what most virus writers latched onto (showing their
>generally clueless, script- kiddy natures)? (Worse, guess what most
>of the AV industry missed in its "analysis" of this threat?)
Hope this helps,
Vlk
-
If it helps, deleting and cleaning system from Internet files, try BeClean 1.2 (Freeware) (http://boozet.xepher.net/download/beclean120.exe) ;)