Its not only Nimda. I clicked on an innocent looking link on an innocent looking web site a while ago and got this warning from InnoculateIT PE:
The File C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\ULSP43IH\FEELGOOD2[1].EXE is Win32.PE-Crypt dropper. Not restored.
InoculateIT real-time protection has found that C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\ULSP43IH\FEELGOOD2[1].EXE is Win32.PE-Crypt dropper. Not Restored.
The little darling just leapt right of the web page onto my computer. Sent a panicky email to CA who, full credit to them, responded within an hour telling me to delete my Temporary Internet Files and all would be OK. Phew - the relief.
Have since installed HTA Stop from here Wilders. Its free and is a prevention tool for a particular method of transmitting executables, trojans, viruses etc, that are encoded and embedded DIRECTLY into web pages to your computer. It runs alongside Innoculate without any problem. Might be overkill but I'd rather that than the alternative.
