Results 1 to 2 of 2

Thread: Exploit.VBS.Phel.bl What's This??

  1. #1
    skeezix Guest

    Default Exploit.VBS.Phel.bl What's This??

    ZAISS found this in my Temporary Internet Files folder today, but when I went there to have a look-see, the folder contained no files. Took awhile (5-6 seconds) to open the folder, I might add. ZASS quarantined the file, but a search of my computer for "exploit*.* turned up nothing.
    Searched for that filename on the internet, found nothing. Is this a false report, or is there something I need to worry about??

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    naivemelody Guest

    Default Re: Exploit.VBS.Phel.bl What's This??

    Since you have Kaspersky av in your ZA Suite, you may want to add this site to your Favorites list or bookmark - www.viruslist.com , you may need info in the future about other detections. From this site I got this - http://www.viruslist.com/en/viruses/...?virusid=96699
    . which didn't offer much info.,<hr>but it offered McAfee listings for same item - http://vil.nai.com/vil/content/v_130610.htm
    .<hr>JS/Exploit-HelpXSiteTypeTrojanSubTypeExploitDiscovery Date12/21/2004LengthVariesMinimum DAT<a target="_blank"></a>4417 (12/29/2004)Updated DAT<a target="_blank"></a>4862 (09/28/2006)Minimum Engine5.1.00Description Added12/28/2004Description Modified01/11/2005 1:43 PM (PT)
    Risk AssessmentCorporate User<a target="_blank">Low</a>Home User<a target="_blank">Low</a>Overview

    This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.Characteristics



    -- Update Jan 11, 2005 --
    Microsoft has released a patch for the vulnerability targeted by this exploit:
    http://www.microsoft.com/technet/sec.../MS05-001.mspx
    &lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;

    This is a generic detection of HTML pages that attempt to exploit a Help ActiveX Control Related Topics Cross Site Scripting
    Vulnerability.
    This has recently been combined with the Exploit-HelpZonePass , JS/Exploit-DragDrop.c , and VBS/Psyme trojans to create a &quot;Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise&quot;.

    This exploit injects script code into an existing browser window and executes it.

    Symptoms

    N/A
    This is a generic exploit detection.
    Any number of actions can be caused as a result of an exploit being run successfully.Method of Infection



    This exploit targets Internet Explorer when run under Windows XP SP2.
    It is recommended that users disable active scripting in Internet Explorer.

    Removal

    All Users:
    Use current engine and DAT files for detection. Delete any file which contains this detection.VariantsVariants<ul>

    N/A[/list]<hr>Just make sure you have that Microsoft patch &lt;&lt;that I indicated above.<hr>NaiveMelody NYC 6-15-07~9:26pm e.s.t. - Midnight Train To Georgia - Galdys Knight and The Pips

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •