Author Topic: McAfee detects "Exploit-IEPageSpoof" trojan, but Avast doesn't  (Read 3764 times)

0 Members and 1 Guest are viewing this topic.

Offline Will91

  • Jr. Member
  • **
  • Posts: 46
Hi:

My outdated McAfee antivirus program gave me a message it detected Exploit-IEPageSpoof trojan and deleted it.  I don't know what this is and don't understand why Avast never detected that.

Does Avast NOT detect trojans and if not, what software should I be using?

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: McAfee detects "Exploit-IEPageSpoof" trojan, but Avast doesn't
« Reply #1 on: March 24, 2007, 06:52:55 AM »
Here's McAfee's description

http://vil.nai.com/vil/content/v_130508.htm

and more from US-CERT

http://www.kb.cert.org/vuls/id/356600

You should remove McAfee from your computer as, even in its outdated state, it can conflict with avast.

Avast! does detect trojans but there are other programs dedicated to trojan detection.  Avg AntiSpyware and A-Squared are both free and are worth having

http://free.grisoft.com/doc/20/lng/us/tpl/v5

http://www.emsisoft.com/en/software/free/

But I first suggest a Trend Micro on line scan (after removing McAfee)

http://www.trendmicro.com/hc_intro/default.asp
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline Will91

  • Jr. Member
  • **
  • Posts: 46
Re: McAfee detects "Exploit-IEPageSpoof" trojan, but Avast doesn't
« Reply #2 on: March 24, 2007, 07:10:06 AM »
Thank you mauserme.

I read the descriptions of this trojan but really don't understand what it is or, more importantly, how serious this trojan is. In other words, has it enabled any sort of hacker intrusion, etc?

It is a mystery to me how this would have been placed on my pc.  I have never opened any sort of .exe files from e-mails or downloaded any suspicious or "adult" software, etc.

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: McAfee detects "Exploit-IEPageSpoof" trojan, but Avast doesn't
« Reply #3 on: March 24, 2007, 07:14:01 AM »
Its possible that its a false positive.  One reason for updating your signatures is to correct FPs - if McAfee is out of date these corrections are not occurring.

If you can locate the file upload a sample to Virus Total and Jotti to see if any other AV programs detect a problem

http://www.virustotal.com/en/indexf.html

http://virusscan.jotti.org/

EDIT:  Just noticed you deleted rather than quarantined so our options are limited.  Try the Trend Micro scan I mentioned above just to make sure.
« Last Edit: March 24, 2007, 07:16:08 AM by mauserme »
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline Will91

  • Jr. Member
  • **
  • Posts: 46
Re: McAfee detects "Exploit-IEPageSpoof" trojan, but Avast doesn't
« Reply #4 on: March 24, 2007, 07:40:50 AM »
I think I should maybe remove this Dell/McAfee security suite through setting/add/remove.  I will also lose the McAfee firewall by doing this.

Can someone recommend a good software firewall that will will work well with Avast and one of the anti-spyware programs recommended by mauserme?

Thank you.

Offline BJ_GeOrgE

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 350
  • prevention is better than cure
Re: McAfee detects "Exploit-IEPageSpoof" trojan, but Avast doesn't
« Reply #5 on: March 24, 2007, 10:23:30 AM »
I think I should maybe remove this Dell/McAfee security suite through setting/add/remove.  I will also lose the McAfee firewall by doing this.

Can someone recommend a good software firewall that will will work well with Avast and one of the anti-spyware programs recommended by mauserme?

Thank you.
there are many free firewalls to choose http://www.snapfiles.com/Freeware/security/fwfirewall.html..i recommend comodo though coz its very effective and has lots of features and works well with avast..the decision is urs..

as anti-spyware i recommend AVG antispyware(http://free.grisoft.com/doc/20/lng/us/tpl/v5)
spybot search & destroy(http://www.snapfiles.com/get/spybot.html) and spywareblaster(http://www.snapfiles.com/get/spywareblaster.html) for immunization..if u use spywareblaster and spybot s&destroy disable the immunization of spybot coz it will conflict with spywareblaster.. ;)
« Last Edit: March 24, 2007, 10:26:55 AM by BJ_GeOrgE »
OS:Windows 7 Professional 64-bit SP1
Antivirus: Avast Free v8.0.1497/Firewall: Windows Firewall/On Demand: Malwarebytes Free Edition/Other tools: CCleaner

Offline Spiritsongs

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1757
  • Ad-aware orientated Support forum(s)
COMPLETELY REMOVING McAfee
« Reply #6 on: March 24, 2007, 05:50:30 PM »
 :)  Hi :

     To COMPLETELY REMOVE McAfee from your computer, follow the info at

     http://ts.mcafeehelp.com/faq3.asp?docid=71525

     One of the Best antispyware/antitrojan programs is the FREE version
     of SUPERantispyware, available from www.superantispyware.com .

     There are Good Firewalls, some of them FREE at
     www.filehippo.com/software/firewalls/  ; of the ones here, I recommend
     either the Sunbelt Kerio, Sygate, or Zone Alarm. If you chose the Sygate,
     I will provide a link to its "SetUp Guide" .
For the Best in what counts in Life :
www.tacf.org

Offline Will91

  • Jr. Member
  • **
  • Posts: 46
Re: McAfee detects "Exploit-IEPageSpoof" trojan, but Avast doesn't
« Reply #7 on: March 25, 2007, 05:34:51 PM »
Thank you everyone.

I have read the descriptions of this Exploit trojan but really don't understand what it is or does.  Can they be sent at random to a pc?  In other words, I didn't download any software, open and *.exe files, suspicious e-mail, etc.

Offline rayi7332

  • Newbie
  • *
  • Posts: 16
Re: McAfee detects "Exploit-IEPageSpoof" trojan, but Avast doesn't
« Reply #8 on: March 25, 2007, 07:28:51 PM »
Hello. These exploit detections are usually scripts embedded in a webpage that take advantage of unpatched systems to install malware with no user interaction. The vml exploit which affected Windows vgx.dll is another example. Make sure you have all critical Windows patches from Windows Update and keep your AV up to date. Unpatched systems can become infected by simply visiting a malicious site. IE is a favorite target so locking down security settings is a must. Also Avast doesn't seem to detect the vml exploit neither, I'm not sure if they cover exploits but it detects everything else I have thrown at it with the exception of a few old vbs script viruses. Hope this helps.
Windows 98 Millennium Edition 4.10.2222a/4.90.3000. No IE, no Outlook, no WSH and no infections.