Exploit:HTML/Repl.D found by OneCare

Discussion in 'malware problems & news' started by alexei, Feb 28, 2008.

Thread Status:
Not open for further replies.
  1. alexei

    alexei Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    13
    Hi,

    Windows Live OneCare popped up a warning message on my Vista PC earlier, but the message disappeared before I could read it.

    I checked OneCare and there were no alerts, but when I reviewed the Windows Event Log, it listed two occurrences of Exploit:HTML/Repl.D, found one minute apart.

    Does anyone know what this is and what I should do to remove it?

    The link from Event Viewer states that it is a low risk exploit, but gives no details on how to recover (http://www.microsoft.com/security/e...name=Exploit:HTML/Repl.D&threatid=2147600073).

    However, when I Google 'Exploit:HTML/Repl.D', Sophos say that this exploit can result in code being downloaded to my PC (it links to the following: http://www.sophos.com/security/analyses/trojrexploa.html)!!

    No dodgy sites have been browsed and the only software installed recently, was Spybot.

    The exploit was found in the Temporary Internet Files.

    Please help!
    Thanks in advance.
     
  2. alexei

    alexei Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    13
    FYI

    Vista is fully patched and OneCare is up-to-date with the latest definitions.

    I've just run a full scan with OneCare and it says that it removed Exploit:HTML/Repl.D, but I'm still concerned about how it installed on the machine in the first place and whether or not it's really gone.

    Any advice would be appreciated.
    Thanks.
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I'd say that you're clean. Probably, OC detected the exploit attempt and nothing happened. Also, you're using Vista, so IE protected mode could have protected you.
    There's also the possibility of a false positive.
    I'd download Prevx CSI (free) and do a scan with it (run it with admin rights)
     
  4. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    If you're really unsure, do some free scans online, that would help.
     
  5. Wake2

    Wake2 Registered Member

    Joined:
    Apr 30, 2005
    Posts:
    205
Loading...
Thread Status:
Not open for further replies.