[Dshield] FW: virus found in sent message "illegal..."

Al Reust areust at comcast.net
Wed Mar 10 03:57:37 GMT 2004


Thank You

Not every product will take care of that. I did want to point out that a 
Link prompted that a Virus was present and could not take care of it. Many 
New people would do not know how to deal with it. In most cases closing the 
IE whatever version and Clearing the Browser Cache and then a quick virus 
scan of the machine should take care of the problem. Not always. Yes, You 
pointed that out also. Symantec keyed on the fact that the embedded binary 
was in fact a virus.

At 04:32 PM 3/9/2004 +0200, you wrote:

>list-bounces at dshield.org <mailto:list-bounces at dshield.org> wrote on
>Tuesday, March 09, 2004 2:34 AM UTC+2 on behalf of Al Reust
>| I am running IE 6 SP1 patched. As soon as I clicked on the link Norton
>| Corporate 8.1 told me that I had Sobig.F.enc in my Internet Cache.
>| Because it is an active web page. It can not be properly Quarantined,
>| If you go there make sure you Clear You Cache and then virus Scan!
>Al et al.
>Should the Auto-Protect feature of the antivirus SW not be able to
>delete the contaminated temporary Internet file as soon as the user
>closes the browser?
>At least that is how NAV2004 behaves when it detects and identifies the
>threat as W32.Sobig.F at mm.enc.
>[File located at C:\Documents and Settings\UserName\Local
>Settings\Temporary Internet Files\Content.IE5\G5ABKTY7\msg00002[1].htm.
>Should be no problem deleting that file, should there?]
>Nevertheless, I second your recommendation about cleaning the Internet
>cache and scanning the system for viruses post festum.
>Yet the system should be clean as soon as the antivirus SW's
>Auto-Protect feature is able to delete the infected temporary Internet
>file, i.e. when user exits the browser (unloads IE from RAM).
>- Pete
>        "Light is meaningful only in relation to darkness,
>                 and truth presupposes error."
>           Louis Aragon (1897-1982); French poet.
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 

More information about the list mailing list