Exploit.HTML.Mht With F-Secure IS 2007

Discussion in 'other anti-virus software' started by elvis1959, Aug 25, 2007.

Thread Status:
Not open for further replies.
  1. elvis1959

    elvis1959 Registered Member

    Joined:
    Jan 17, 2006
    Posts:
    34
    After a scan completed with my trial of F-Secure IS 2007, I was told that Exploit.HTML.Mht (virus) was found on my computer and that attempts to disinfect it had failed. The virus is allegedly in the Temporary Internet Files of my daughter. Several scans with FSIS give the same result. Kaspersky's online scanner finds the same virus, but naturally doesn't disinfect it. The online scanners of Bitdefender, Eset, Trend Micro, and Panda don't detect this virus. What should I do? Is this a false alarm by F-Secure and by Kaspersky, or are the other programs failing to detect a real virus? If it is not a false alarm, should I abandon F-Secure IS 2007 and attempt to install the trial of Kaspersky IS 7 to see if it can disinfect it? I am running Windows XP SP2.
     
  2. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    If it's in your Temporary Internet Files folder, then just delete the file. It's a temporary file and safe to delete. Judging by the name of the virus, the whole file itself is the virus: there's nothing to "disinfect".
     
  3. elvis1959

    elvis1959 Registered Member

    Joined:
    Jan 17, 2006
    Posts:
    34
    Thanks so much. I have deleted it. However, my questions remain (1) Shouldn't F-Secure's Real Time Scanning have prevented this when it originally downloaded?; (2) Why did no scanners (Bitdefender, ESET, Trend Micro, Panda) pick this up besides F-Secure and Kaspersky?; and (3) Should I switch from the trial of FSIS 2007 to the trial of KIS 7 which I have downloaded?
     
  4. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    FS uses multiple scan engines including KAV. You should have run it thru Virus Total and posted the complete results of the scan. As you know, nothing is 100% and next time you locate a suspicious file FS/KAV may not even detect it at all.
     
  5. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Personally I suspect it was a FP, and since FSIS uses the Kaspersky engine it would probably have the same results.
    Not having a great knowledge, I doubt that all the rest of such good scanners would miss it.

    I would not change from FSIS to KIS unless there were other issues. Having used both I would feel equally secure with either. If you are trialing FSIS then also try KIS, and select what suits you the better.

    Regards,
    Jerry
     
  6. tamdam

    tamdam Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    88
    Its possible the exploit was already there before you installed FSIS. Although that might sound worrying, if your windows is up-to-date with all the latest patches chances are the exploit wouldn't have worked anyway.

    As for the other scanners, its really a matter of definition. Really, what FSIS is detecting is a script which downloads executables which themselves then run and do their nasty stuff. The script itself, however, can't do damage. The scanners that don't include these scripts in their definitions would probably detect the executables as malicious anyway.

    As for switching FSIS 07 to KIS 7, you should trial it anyway, to get a feel for the alternatives. KIS7 and FSIS 07 are very similar in detections, its more the features that differentiate them.
     
  7. Abeltje

    Abeltje Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    156
    Location:
    Netherlands
    Maybe when you got the file F-Secure did not have signature for it yet but it was only added later on. Also, do you have http-scanning turned on? Maybe you want to check.
     
  8. elvis1959

    elvis1959 Registered Member

    Joined:
    Jan 17, 2006
    Posts:
    34
    I do have HTTP scanning turned on. Also, I have been running F-Secure for about 2 weeks and the virus was only detected after my daughter downloaded some photos from a website with an online horse game for kids Wednesday (she is a huge animal lover). The only thing I wonder about is that I had real time scanning set for "Normal" which apparently only scans defined files. I have changed it to "High". Could that have been why it was not detected in real time, but only after a scan (which is configured to scan all files)?
     
  9. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    in f-secure never ever use the scan all files in realtime option.
    i done it once.
    then i turned off the computer and once turned on in the morning f-secure was using 100percent of the cpu for ages.
    in the f-secure 2007 beta scan all files was default until they relised that old computer couldnt cope with that option so default went back to defined.
    lodore
     
  10. Abeltje

    Abeltje Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    156
    Location:
    Netherlands
    It could be because you didn't scan all files in real time, indeed. But like lodore said, if you do scan all files it slows down your computer very much at times. Even newer ones. Then you can rather use Kaspersky, it analyses content of files and only scans if necessary if I remember correctly.
     
  11. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Since the virus was still in cache it might never got "activated". If it did it should show up in other places on the HD. Just deleting the cache should get rid of it.

    FSIS may be a little too sensitive. I went to Nascar.com today and it said it was blocking a couple of viruses (javascript files), lol.
     
Loading...
Thread Status:
Not open for further replies.