Exploit.HTML.Mht With F-Secure IS 2007

After a scan completed with my trial of F-Secure IS 2007, I was told that Exploit.HTML.Mht (virus) was found on my computer and that attempts to disinfect it had failed. The virus is allegedly in the Temporary Internet Files of my daughter. Several scans with FSIS give the same result. Kaspersky's online scanner finds the same virus, but naturally doesn't disinfect it. The online scanners of Bitdefender, Eset, Trend Micro, and Panda don't detect this virus. What should I do? Is this a false alarm by F-Secure and by Kaspersky, or are the other programs failing to detect a real virus? If it is not a false alarm, should I abandon F-Secure IS 2007 and attempt to install the trial of Kaspersky IS 7 to see if it can disinfect it? I am running Windows XP SP2.

 

If it's in your Temporary Internet Files folder, then just delete the file. It's a temporary file and safe to delete. Judging by the name of the virus, the whole file itself is the virus: there's nothing to "disinfect".

 

Thanks so much. I have deleted it. However, my questions remain (1) Shouldn't F-Secure's Real Time Scanning have prevented this when it originally downloaded?; (2) Why did no scanners (Bitdefender, ESET, Trend Micro, Panda) pick this up besides F-Secure and Kaspersky?; and (3) Should I switch from the trial of FSIS 2007 to the trial of KIS 7 which I have downloaded?

 

FS uses multiple scan engines including KAV. You should have run it thru Virus Total and posted the complete results of the scan. As you know, nothing is 100% and next time you locate a suspicious file FS/KAV may not even detect it at all.

 

Personally I suspect it was a FP, and since FSIS uses the Kaspersky engine it would probably have the same results.
Not having a great knowledge, I doubt that all the rest of such good scanners would miss it.

I would not change from FSIS to KIS unless there were other issues. Having used both I would feel equally secure with either. If you are trialing FSIS then also try KIS, and select what suits you the better.

Regards,
Jerry

 

Its possible the exploit was already there before you installed FSIS. Although that might sound worrying, if your windows is up-to-date with all the latest patches chances are the exploit wouldn't have worked anyway.

As for the other scanners, its really a matter of definition. Really, what FSIS is detecting is a script which downloads executables which themselves then run and do their nasty stuff. The script itself, however, can't do damage. The scanners that don't include these scripts in their definitions would probably detect the executables as malicious anyway.

As for switching FSIS 07 to KIS 7, you should trial it anyway, to get a feel for the alternatives. KIS7 and FSIS 07 are very similar in detections, its more the features that differentiate them.

 

Maybe when you got the file F-Secure did not have signature for it yet but it was only added later on. Also, do you have http-scanning turned on? Maybe you want to check.

 

I do have HTTP scanning turned on. Also, I have been running F-Secure for about 2 weeks and the virus was only detected after my daughter downloaded some photos from a website with an online horse game for kids Wednesday (she is a huge animal lover). The only thing I wonder about is that I had real time scanning set for "Normal" which apparently only scans defined files. I have changed it to "High". Could that have been why it was not detected in real time, but only after a scan (which is configured to scan all files)?

 

in f-secure never ever use the scan all files in realtime option.
i done it once.
then i turned off the computer and once turned on in the morning f-secure was using 100percent of the cpu for ages.
in the f-secure 2007 beta scan all files was default until they relised that old computer couldnt cope with that option so default went back to defined.
lodore

 

It could be because you didn't scan all files in real time, indeed. But like lodore said, if you do scan all files it slows down your computer very much at times. Even newer ones. Then you can rather use Kaspersky, it analyses content of files and only scans if necessary if I remember correctly.

 

Since the virus was still in cache it might never got "activated". If it did it should show up in other places on the HD. Just deleting the cache should get rid of it.

FSIS may be a little too sensitive. I went to Nascar.com today and it said it was blocking a couple of viruses (javascript files), lol.