[Dshield] FW: virus found in sent message "illegal..."

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Tue Mar 9 14:32:41 GMT 2004


list-bounces at dshield.org <mailto:list-bounces at dshield.org> wrote on
Tuesday, March 09, 2004 2:34 AM UTC+2 on behalf of Al Reust

| I am running IE 6 SP1 patched. As soon as I clicked on the link Norton
| Corporate 8.1 told me that I had Sobig.F.enc in my Internet Cache.
| 
| Because it is an active web page. It can not be properly Quarantined,
| If you go there make sure you Clear You Cache and then virus Scan!
|| 
||
https://www1.columbia.edu/sec/bboard/cpu_bboard/archive/2003_08/msg00002
.html
|| 


Al et al.

Should the Auto-Protect feature of the antivirus SW not be able to
delete the contaminated temporary Internet file as soon as the user
closes the browser?

At least that is how NAV2004 behaves when it detects and identifies the
threat as W32.Sobig.F at mm.enc.

[File located at C:\Documents and Settings\UserName\Local
Settings\Temporary Internet Files\Content.IE5\G5ABKTY7\msg00002[1].htm.
Should be no problem deleting that file, should there?]

Nevertheless, I second your recommendation about cleaning the Internet
cache and scanning the system for viruses post festum.

Yet the system should be clean as soon as the antivirus SW's
Auto-Protect feature is able to delete the infected temporary Internet
file, i.e. when user exits the browser (unloads IE from RAM).

- Pete


       "Light is meaningful only in relation to darkness, 
                and truth presupposes error." 
          Louis Aragon (1897-1982); French poet. 





More information about the list mailing list