|
-
June 30th, 2002, 04:20 AM
#1
HELP! Do I have a virus?
Hi,
My daughter was on the computer and EZTrust popped up and said it detected a virus. We were in the middle of d/l shockwave, so we waited until that was done.
I then scanned my computer and it found no virus! I looked in the virus reporting log and here's what it says:
eTrust EZ Antivirus real-time protection has found that C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\CPEN8LYF\MAXHITS[1].HTM is infected with HTML.VMExploit.enc virus.
That message is listed 3 times.
I deleted all of my temporary internet files and history (haven't touched the cookies yet.)
I went to the virus library and it said it's not a virus, but a security vulnerability re java machine where code can be run thru active X and to get latest java patch. I checked, and I have version 3805 Virtual Machine. I think that's the latest one so I don't understand how this could have affected me. And I just now searched with Find "html.VMExploit.enc" and nothing showed up.
Is my computer okay?
Also, anyone familiar with EZTrust - why is it that the message popped up telling me about the virus and when I clicked okay, the box just left? I expected it to give me a choice to delete it or something.
Thanks for any help. I don't want to turn off the computer until I know it's okay (I know some viruses get active on a boot).
Sincerely, Nancee
-
June 30th, 2002, 04:48 AM
#2
Nan,
dump the cookies..........if you have Spider, delete the hidden URLs.
Spaceman
...more will be revealed.
-
June 30th, 2002, 05:03 AM
#3
Hi Nancee - run HouseCall from here. If the scan is clear, you should be OK.
-
June 30th, 2002, 05:40 AM
#4
3805 should I think have been pretty much immune to that one. Be nice if you tossed me that url 
-
June 30th, 2002, 06:06 AM
#5
AnnMarie and Spaceman - thank you so very much. I came up clean at Housecall! I deleted my cookies first. Since I don't have spider, I deleted the four cascading folders below IE5 also.
I appreciate your help very much.
IMM - I deleted history, etc. My daughter got an e-mail and clicked on a link - I think it was suppose to be a greeting from her friend. Then I got the alert. When she looked at the page she said her friend didn't send her whatever it was.
This may be the link (I'm leaving a space in the address)
www.funnycard.net/f centry.cgi?
Sincerely, Nancy
-
June 30th, 2002, 06:12 AM
#6
You are welcome Nancee. I think that ETrust uses real time protection (like InnoculateIT used to) and does everything automatically. It does leave you wondering though 
-
June 30th, 2002, 06:21 AM
#7
AnnMarie, it does use real time protection, but I didn't realize that meant it just took care of it. A little notice would be nice.
Thanks again.
Sincerely, Nancy
-
June 30th, 2002, 06:27 AM
#8
Hmm - it uses a popup window to luckyhomepage and then tries to insert itself in favorites and offers to become your homepage - but from there there are myriad links and I couldn't guess which way anyone went - never saw the hitcounter or whatever that MAXHITS belongs to.
-
June 30th, 2002, 02:13 PM
#9
Thanks IMM for checking that out. I discussed it with my daughter and that was the link she clicked on. Did you remove the space I put in there and use the whole address including the "?"
Thanks.
Sincerely, Nancee
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
