HELP! Do I have a virus?

Printable View

June 30th, 2002, 04:20 AM
Nanceel0

HELP! Do I have a virus?

Hi,
My daughter was on the computer and EZTrust popped up and said it detected a virus. We were in the middle of d/l shockwave, so we waited until that was done.
I then scanned my computer and it found no virus! I looked in the virus reporting log and here's what it says:

eTrust EZ Antivirus real-time protection has found that C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\CPEN8LYF\MAXHITS[1].HTM is infected with HTML.VMExploit.enc virus.

That message is listed 3 times.

I deleted all of my temporary internet files and history (haven't touched the cookies yet.)

I went to the virus library and it said it's not a virus, but a security vulnerability re java machine where code can be run thru active X and to get latest java patch. I checked, and I have version 3805 Virtual Machine. I think that's the latest one so I don't understand how this could have affected me. And I just now searched with Find "html.VMExploit.enc" and nothing showed up.

Is my computer okay?

Also, anyone familiar with EZTrust - why is it that the message popped up telling me about the virus and when I clicked okay, the box just left? I expected it to give me a choice to delete it or something.

Thanks for any help. I don't want to turn off the computer until I know it's okay (I know some viruses get active on a boot).

Sincerely, Nancee
June 30th, 2002, 04:48 AM
spaceman_333

Nan,

dump the cookies..........if you have Spider, delete the hidden URLs.

Spaceman
June 30th, 2002, 05:03 AM
AnnMarie

Hi Nancee - run HouseCall from here. If the scan is clear, you should be OK.
June 30th, 2002, 05:40 AM
IMM

3805 should I think have been pretty much immune to that one. Be nice if you tossed me that url :)
June 30th, 2002, 06:06 AM
Nanceel0

AnnMarie and Spaceman - thank you so very much. I came up clean at Housecall! I deleted my cookies first. Since I don't have spider, I deleted the four cascading folders below IE5 also.
I appreciate your help very much.

IMM - I deleted history, etc. My daughter got an e-mail and clicked on a link - I think it was suppose to be a greeting from her friend. Then I got the alert. When she looked at the page she said her friend didn't send her whatever it was.
This may be the link (I'm leaving a space in the address)
www.funnycard.net/f centry.cgi?

Sincerely, Nancy
June 30th, 2002, 06:12 AM
AnnMarie

You are welcome Nancee. I think that ETrust uses real time protection (like InnoculateIT used to) and does everything automatically. It does leave you wondering though ;)
June 30th, 2002, 06:21 AM
Nanceel0

AnnMarie, it does use real time protection, but I didn't realize that meant it just took care of it. A little notice would be nice. :)
Thanks again.
Sincerely, Nancy
June 30th, 2002, 06:27 AM
IMM

Hmm - it uses a popup window to luckyhomepage and then tries to insert itself in favorites and offers to become your homepage - but from there there are myriad links and I couldn't guess which way anyone went - never saw the hitcounter or whatever that MAXHITS belongs to.
June 30th, 2002, 02:13 PM
Nanceel0

Thanks IMM for checking that out. I discussed it with my daughter and that was the link she clicked on. Did you remove the space I put in there and use the whole address including the "?"
Thanks.
Sincerely, Nancee