Exploit.IE.Crashsos crashing iexplore.exe (1.880)

Apologies to other posters as I inadvertently ignored their questions. I have NOD32 set to scan all files, advanced heuristics/deep etc etc Only thing not checked as far as I can see is email and mapi

 

Do you have your "Context Menu Profile" set to scan all files and every other setting tweaked up, see the last post here

Cheers

 

Yes, I have my Context Menu Profile switched on to maximum settings as in your recommendations; so is NOD32 launched from the control centre. But whether I scan the file from the context menu or from the control centre it comes up clean

 

Just to highlight the puzzle. I have two files in a directory. One is a zipped jpg file infected with Win32/Exploit.MS04-028 trojan; the other file is AP4.jpg NOD32 - launched either from the control centre or the context menu - will correctly identify the infection in the zipped jpg, but does not identify AP4.jpg as infected. Beats me what is going on, as other people do not seem to be experiencing this non-detection by NOD32 (IMON did detect the infection in AP4.jpg when I downloaded it)

 

If you upload that specific AP4.jpg you have to http://www.virustotal.com/flash/index_en.html for scanning does NOD and KAV detect it?

 

Interesting question

BitDefender 7.0/20040928 found nothing
ClamWin devel-20040822/20040928 found nothing
F-Prot 3.15a/20040928 found nothing
Kaspersky 4.0.2.24/20040929 found [Exploit.IE.Crashsos]
McAfee 4395/20040928 found nothing
NOD32v2 1.880/20040928 found nothing
Norman 5.70.10/20040928 found nothing
Panda 7.02.00/20040928 found nothing
Sybari 7.5.1314/20040928 found nothing
Symantec 8.0/20040929 found nothing
TrendMicro 7.100/20040926 found nothing

 

Results of a file scan
This is the report of the scanning done over "AP4.jpg" file that VirusTotal processed on 09/29/2004 at 02:07:27.
Antivirus Version Update Result
BitDefender 7.0 09.28.2004 -
ClamWin devel-20040822 09.28.2004 -
F-Prot 3.15a 09.28.2004 -
Kaspersky 4.0.2.24 09.29.2004 Exploit.IE.Crashsos
McAfee 4395 09.28.2004 -
NOD32v2 1.880 09.28.2004 Exploit.IE.Crashsos
Norman 5.70.10 09.28.2004 -
Panda 7.02.00 09.28.2004 -
Sybari 7.5.1314 09.28.2004 -
Symantec 8.0 09.29.2004 -
TrendMicro 7.100 09.26.2004 -

It would seem that only KAV and NOD detects this exploit. I tried it on a box with "P***A (I know this is a NOD forum) and it crashed the box, but on my box with NOD it didn't.
I think it maybe a setting on your NOD profile (just my .000002 cents)
Cheers

 

I wonder if IMON did something to the file when it was downloaded, or if you have a slight different variant to that which is detected...

Cheers

 

Just to add some results here.
When I changed to Higher efficiency for ie, I can't even d/l the file...IMON stops it cold.
In Higher compatibility mode it did give me the two screens, but I could d/l the file.
This is interesting.... I think I will leave it on Higher efficiency mode and see what happens in my surfing.
If the ESET folks read this they may have a solution.
Cheers

 

Newer version is about to be released v2.12.3 I'm using it now

Cheers

 

Your first wonder looks like the right one

I downloaded the file again, only this time I closed IMON instead of opting for terminate connection. The file is detected as infected now by NOD32 and it is a different size - 62,512 as opposed to 62,103

Well, I have had quite enough of that little exploit and wiped the pair of them off my drive

 

LMAO, nice to see you had a result...

Cheers