Avast WEBforum

Other => General Topics => Topic started by: AZ on August 07, 2003, 05:03:50 AM

Title: How to Delete ?
Post by: AZ on August 07, 2003, 05:03:50 AM

How do I delete these files? Do I need to.

 Scanning memory...
C:\WINDOWS\Temporary Internet Files\Content.IE5\OD2RS56J\Re_ Pictures.dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OD2RS56J\Re_.dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OD2RS56J\Re_ (1).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OD2RS56J\Re_ (2).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OD2RS56J\Re_ Pictures (1).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OD2RS56J\Re_ Pictures (2).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OD2RS56J\wbk7305.TMP->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\I1AHOD89\Re_.dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\I1AHOD89\Re_ (1).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\I1AHOD89\Re_ (2).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\I1AHOD89\Re_ (3).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\I1AHOD89\Re_ (4).dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\Temporary Internet Files\Content.IE5\21WPOR87\Re_.dat->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

Scanned


Thank you

Title: Re:How to Delete ?
Post by: raman on August 07, 2003, 06:03:51 AM

You can delete every file or folder inside the "Content.IE5" folder. It is absolutly save. BTW: What Mailclient do you use? Outlook(Express)?

Title: Re:How to Delete ?
Post by: Vlk on August 07, 2003, 05:24:32 PM

BTW what tool did you use to identify these files? avast doesn't tag the IFrame's as exploit (per se) because it's generally not true.

Quotation fro usenet with which I totally agree:

>As I have said often enough, the name or term "IFrame exploit" is
>meaningless.  You may consider it a poor design decision, but the
>so-called "IFrame exploit" that some products detect is not an
>exploit at all.  It is an IFrame doing exactly what IFrames are
>designed to do.  The exploit such detections refer to has _always_
>been an Incorrect MIME HEader exploit.  It has been especially taken
>advantage of through use of an IFrame, but as I have also said often
>enough, many products that (claim to) detect exploits of the
>"Incorrect MIME Header" vulnerability are actually very limited in
>their detection and typically will only detect such exploits if they
>use (one form of) an Iframe activation method.  There are several
>other methods of "activating" an inline attachment but the method
>used in the first publicly posted sample exploit was the IFrame one,
>so guess what most virus writers latched onto (showing their
>generally clueless, script- kiddy natures)?  (Worse, guess what most
>of the AV industry missed in its "analysis" of this threat?)


Hope this helps,
Vlk

Title: Re:How to Delete ?
Post by: Lisandro on August 08, 2003, 03:47:01 AM

If it helps, deleting and cleaning system from Internet files, try BeClean 1.2 (Freeware) (http://boozet.xepher.net/download/beclean120.exe)  ;)