Re: MHTMLRedir.Exploit

From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 01/21/04

• Next message: anonymous_at_discussions.microsoft.com: "Re: Sourwebsearch.net How can to get rid of it?"
• Previous message: Jim Macklin: "Re: Virus disabling my computer"
• In reply to: anonymous_at_discussions.microsoft.com: "Re: MHTMLRedir.Exploit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 20 Jan 2004 23:18:39 -0500

For what it's worth:

I've read through this thread. I believe Sandi is absolutely right--there's
no need to take action on this warning--the warning indicates that the
antivirus has done its job. You've checked your IE security settings, and
they are correct.

The warning message you recall can come from several sources. If your
machine is on a network, others on that network can connect to your machine
if you allow this.

Since you didn't mention that possibility, I suspect you may not be on a
local network.

The message can also occur if you are running, for example, Windows XP and
have Fast User Switching turned on--one evidence of this is a welcome page
with icons for different users. It is possible for multiple users of the
same machine to be signed on at the same time--those multiple users can be
just you, of course. You'd get that same message at shut down either way.

Here's another good resource site for checking that you've done all the
right things to secure your PC:

http://www.microsoft.com/security/protect/default.asp

I highly recommend using this site and the automatic feature for configuring
Windows XP, in particular.

<anonymous@discussions.microsoft.com> wrote in message
news:15be01c3dfd3$36cca2a0$a001280a@phx.gbl...
> Thanks Sandi & Sarah. Let me make sure I have this
> straight. My computer is not at risk nor is anyone I
> email? I do not have to remove this? Basically, if my IE
> security is set to at least Medium, nothing else is
> required and this will not allow anyone to access my
> system? The reason I am so concerned, is that while
> signing off one evening, a message appeared indicating
> there was someone else logged onto my computer, and my
> shutting down may cause them to lose data they were
> attempting to downlaod. I have not seen that message in a
> couple weeks, but it concerned me.
>
>>-----Original Message-----
>>David,
>>
>>According to Symantec...
>>
>>"Because this is an exploit only, there are no removal
> instructions, since
>>there is nothing to remove. This is a detection for the
> exploit, preventing
>>the execution of malicious content on your computer. By
> detecting the
>>exploit, it is prevented from running."
>>
>>In short, you don't need to do all of that stuff.
>>
>>--
>>_______________________________________
>>Sandi - Microsoft MVP since 1999 (IE/OE)
>>http://www.mvps.org/inetexplorer
>>
>>"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
> message
>>news:ODiFBVX3DHA.2060@TK2MSFTNGP10.phx.gbl...
>>> 1) Disable System Restore
>>>
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.ht
> m
>>> 2) Reboot your PC into Safe Mode
>>> 3) Using your AV software, perform a Full Scan of
> your platform and
>>> clean/delete any
>>> infectors found
>>> 4) Restart your PC and perform a "final" Full Scan
> of your platform
>>> 5) Re-enable System Restore and re-apply any
> System Restore
>>> preferences,
>>> (e.g. HD space to use suggested 200 ~
> 400MB), reboot PC.
>>> 6) Create a new Restore point
>>> 7) Please report back your results
>>>
>>>
>>> Dave
>>>
>>>
>>>
>>>
>>> <anonymous@discussions.microsoft.com> wrote in message
>>> news:001801c3dd72$21c08060$a001280a@phx.gbl...
>>> | Norton detected this virus on my XP system. Says this
>>> | threat only effects Microsoft internet explorer,
> exploit
>>> | only, and there is no patch at this time. Is there
>>> | anything I can do? How concerned should I be? Please
> Help?
>>>
>>>
>>
>>.
>>

---

• Next message: anonymous_at_discussions.microsoft.com: "Re: Sourwebsearch.net How can to get rid of it?"
• Previous message: Jim Macklin: "Re: Virus disabling my computer"
• In reply to: anonymous_at_discussions.microsoft.com: "Re: MHTMLRedir.Exploit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Network access ... multiple times by the same user or by multiple users. ... folder in which the app resides. ... "All computers on the network are Vista Home Premium" ... (microsoft.public.access.modulesdaovba) Disable Mouse Wheel Access 2003/2002 ... field is a primary key in the main table(which I'll call ... the record matches what is selected in cmbSearch. ... If you run this over a network w/ multiple users, ... (microsoft.public.access.formscoding) Re: Network access ... multiple times by the same user or by multiple users. ... folder in which the app resides. ... "All computers on the network are Vista Home Premium" ... (microsoft.public.access.modulesdaovba) Re: Trying to track a hacker ... > attempts for multiple users, ... start, settings, control panel, add remove programs, add remove windows ... are from machines on the local network. ... If these people are logging in from the internet, you need a firewall to ... (microsoft.public.security) Re: Equations ... JennBard1 wrote: ... Just a warning that using the DMax+ 1 strategy as the DefaultValue property ... multiple users you should assign that value in the BeforeUpdate event of the ... (microsoft.public.access.modulesdaovba)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)