2 exploits identified--how to remove?

"MB_" wrote in message news:rYLmj.44$jw7.26@newsfe02.lga...
>I ran AVG and it found:
>
> 324123[1].html Exploit.anl

You sure that wasn't "Exploit.ani"?
http://www.cio.com/article/103055/More_Than_K_Sites_Now_Exploit_.ANI_S...rity_Vu
http://www.pctools.com/mrc/infections/id/Exploit.ANI/

> sploit[1].anr Exploit.MS05-002
http://www.microsoft.com/technet/security/bulletin/ms05-002.mspx
A really old exploit (same one as above).

> AVG is still running so maybe it will remove it afterwards.
> But, if not, how do I remove it?

Since your other post says that AVG deleted the files that
incorporated those browser exploits, probably from your TIF cache,
don't revisit those sites, or add them in the Restricted Sites
security zone (or in your hosts file so you can't get there anymore
unless you have URL blocking in your firewall or an IE plug-in, like
IE7Pro). Depends on WHERE the pest was detected. Maybe it is in a
System Restore point (which means AVG can't delete it) or in your
Recycle Bin.
 >> Stay informed about: 2 exploits identified--how to remove? 

From: "MZB" <moo DeleteThis @noway.prudigy.net>

| Well, I guess I jumped the gun.
| It says it deleted it.
|
| Hope that's true and it doesn't return!
|
| Mel
|

They are exploit codes found in the browser cache and when you went to a malicious site they
were blocked or, hopefully, it wasn't a case where you went to a web site a while back and
during a scan these exploit codes were subsequently found in the browser cache.

They won't "return" unless you revisit that specific site that hosted the malicious codes or
other malicious sites.

Example log even from McAfee when visiting a malicious site...
1/23/2008 8:55:55 PM Delete failed (Clean failed) DLIPMAN-1\lipman D:\temp\IE6\Temporary
Internet Files\Content.IE5\C5I301U7\324123[1].htm Exploit-ANIfile.c

The reason why the above indicates "Delete failed (Clean failed)" is because the file wasn't
allowed to be written to the cache and was blocked.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 >> Stay informed about: 2 exploits identified--how to remove? 

>>>>>>>>>>>>>>>>
hopefully, it wasn't a case where you went to a web site a while back and
during a scan these exploit codes were subsequently found in the browser
cache.

>>>>>>>>>>>>>>>>>>>>>>.

David:

Unfortunately, I must assume that's the case.

I only discovered the problem by routinely running AVG. I don't recall
anything popping up while I was at a site indicating any problem.

Hopefully, no damage was done.

Mel



"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:6qPmj.5824$O9.5667@trnddc01...
> From: "MZB" <moo.RemoveThis@noway.prudigy.net>
>
> | Well, I guess I jumped the gun.
> | It says it deleted it.
> |
> | Hope that's true and it doesn't return!
> |
> | Mel
> |
>
> They are exploit codes found in the browser cache and when you went to a
> malicious site they
> were blocked or, hopefully, it wasn't a case where you went to a web site
> a while back and
> during a scan these exploit codes were subsequently found in the browser
> cache.
>
> They won't "return" unless you revisit that specific site that hosted the
> malicious codes or
> other malicious sites.
>
> Example log even from McAfee when visiting a malicious site...
> 1/23/2008 8:55:55 PM Delete failed (Clean failed) DLIPMAN-1\lipman
> D:\temp\IE6\Temporary
> Internet Files\Content.IE5\C5I301U7\324123[1].htm Exploit-ANIfile.c
>
> The reason why the above indicates "Delete failed (Clean failed)" is
> because the file wasn't
> allowed to be written to the cache and was blocked.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
 >> Stay informed about: 2 exploits identified--how to remove?