Help removing Trojan Horse Exploit-Mht Redir.gen

Discussion in 'Computer Support' started by Ken_Stabler12, Sep 10, 2005.

  1. When I ran Mcafee Antivirus last night it said that there was a trojan
    horse on my system called Exploit-Mht Redir.gen? When i clicked on to
    remove, clean, or quarantine this trojan, it said that it was unable to do
    so? Does anyone have any ideas on how to remove this Trojan from my
    system? Also what does this Trojan horse do? Should I just wipe my hard
    drive clean and reinstall my whole system again? Thanks:)
     
    Ken_Stabler12, Sep 10, 2005
    #1
    1. Advertising

  2. Ken_Stabler12

    Noel Paton Guest

    "Ken_Stabler12" <> wrote in message
    news:...
    > When I ran Mcafee Antivirus last night it said that there was a trojan
    > horse on my system called Exploit-Mht Redir.gen? When i clicked on to
    > remove, clean, or quarantine this trojan, it said that it was unable to do
    > so? Does anyone have any ideas on how to remove this Trojan from my
    > system? Also what does this Trojan horse do? Should I just wipe my hard
    > drive clean and reinstall my whole system again? Thanks:)
    >

    Where was the 'infection' found?

    --
    Noel Paton (MS-MVP 2002-2005, Windows)

    Nil Carborundum Illegitemi
    http://www.btinternet.com/~winnoel/millsrpch.htm

    http://tinyurl.com/6oztj

    Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
     
    Noel Paton, Sep 10, 2005
    #2
    1. Advertising

  3. "Ken_Stabler12" <> wrote in message
    news:...
    > When I ran Mcafee Antivirus last night it said that there was a trojan
    > horse on my system called Exploit-Mht Redir.gen? When i clicked on to
    > remove, clean, or quarantine this trojan, it said that it was unable to do
    > so? Does anyone have any ideas on how to remove this Trojan from my
    > system? Also what does this Trojan horse do? Should I just wipe my hard
    > drive clean and reinstall my whole system again? Thanks:)
    >


    Try Avast! antivirus from http://www.avast.com
    It also might be a good idea to just back your stuff up and format.


    --
    Rob
    http://www.techhowto.org
     
    Rob Burghdoff, Sep 10, 2005
    #3
  4. Ken_Stabler12

    why? Guest

    On Sat, 10 Sep 2005 10:18:59 -0400, Ken_Stabler12 wrote:

    >When I ran Mcafee Antivirus last night it said that there was a trojan


    No mention of version, current dat update version or OS.

    >horse on my system called Exploit-Mht Redir.gen? When i clicked on to


    It's a possible exploit , not the same as a virus , worm or trojan.

    >remove, clean, or quarantine this trojan, it said that it was unable to do


    Complain to McAfee.

    >so? Does anyone have any ideas on how to remove this Trojan from my
    >system? Also what does this Trojan horse do? Should I just wipe my hard


    See below, 2 minutes work to find out info to several of your
    questions..

    >drive clean and reinstall my whole system again? Thanks:)


    That's a bit harsh, considering you don't know what it does or even have
    checked up on removal instructions.


    Try the McAfee site?

    http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101033


    -- Update June 24, 2004--
    It has recently been made known that some IIS servers have been remotely
    hacked. This exploit was utilized to redirect the client's browser to
    the location http://217.107.218.147 containing an infected webpage
    causing unsolicited files to be downloaded and executed.

    Certain downloaded files are detected as BackDoor-AXJ.dll ,
    JS/Exploit-DialogArg.b , and VBS/Psyme with the current DAT files.

    For further details concerning this threat, and details of available
    Microsoft patches see:
    http://www.microsoft.com/security/incident/download_ject.mspx

    -- Update June 10, 2004 --

    The risk assessment of this threat has been updated to Low-Profiled due
    to media attention at:
    http://news.com.com/Pop-up toolbar spreads via IE flaws/2100-1002_3-5229707.html?tag=nefd.top

    A new attack vector was discovered recently, which by passes the
    MS04-013 patch. Generic detection of this new exploit code will be
    included in the 4366 DAT release.

    This detection covers code designed to exploit an Internet Explorer
    vulnerability.

    The exploit results in a CHM (Microsoft Compiled Help) file being
    written to the local system allowing for additional exploit code to then
    execute the downloaded file.

    The end result is the execution of arbitrary code at the permission
    level of the current user.

    Microsoft has released a patch for this vulnerability.
    See: http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx


    Indications of Infection

    This exploit code could be used to execute a variety of different
    programs/malware. Therefore it is not possible to give specific details
    about how to recognize an infection.
    Method of Infection

    This threat exploits an Internet Explorer vulnerability.

    Removal Instructions

    All Users :
    Use current engine and DAT files for detection and removal.

    Modifications made to the system Registry and/or INI files for the
    purposes of hooking system startup, will be successfully removed if
    cleaning with the recommended engine and DAT combination (or higher).

    Additional Windows ME/XP removal considerations
    Aliases
    Bloodhound.exploit.6.html (Symantec), Exploit-MhtRedir


    Virus Profile: Exploit-MhtRedir.gen
    Risk Assessment
    - Home Users: Low-Profiled
    - Corporate Users: Low-Profiled
    Date Discovered: 2/13/2004
    Date Added: 2/17/2004
    Origin: Unknown
    Length: Varies
    Type: Trojan
    SubType: Exploit
    DAT Required: 4326


    Symantec site -
    http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.6.html
    read all of the page mentioned above ,

    removal instructions

    This is a detection for exploits of a Microsoft Internet Explorer
    vulnerability, so it therefore does not need to be removed in the same
    manner as a virus or worm.

    It is important that you apply the patch for the vulnerability as
    described in Microsoft Security Bulletin MS04-013. Once patched, the
    system is no longer be vulnerable to the exploit.

    If the exploit has run on your system, it is possible that some HTML
    files remain on the infected computer, even after the system was patched
    against the vulnerability.

    The most likely place to find such files are the Internet Explorer
    Temporary Internet Files and cookies. If you are still getting
    detections after applying the patch, the files should be deleted. See
    the Additional Information section for instructions.


    www.sophos.com , a few variants mentioned

    http://www.sophos.com/virusinfo/analyses/trojmhtredirg.html
    http://www.sophos.com/virusinfo/analyses/trojmhtredirh.html
    and so on.


    Me
     
    why?, Sep 10, 2005
    #4
  5. Ken_Stabler12

    pcbutts1 Guest

    Download, install, update and run all of the following.

    Ad-Aware
    http://www.pcbutts1.com/downloads/aawsepersonal.exe

    Spybot search and destroy
    http://www.pcbutts1.com/downloads/spybotsd14.exe

    Ewido Security Suite Trial version
    http://www.pcbutts1.com/downloads/ewidosetup.exe

    Microsoft Windows AntiSpyware (Beta1)
    http://www.microsoft.com/downloads/...A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

    If none of the above fixes the issue then download Hijack this, run it, save
    a copy of the log file and cut and paste it back here to this group so that
    I can analyze it. Ignore anyone especially the troll Leythos, who will tag
    along a nonsense post to this message, who tells you to post it elsewhere. I
    need to see it not them.


    HijackThis
    http://www.pcbutts1.com/downloads/HijackThis.zip


    The authors of the above programs, with the exception of Microsoft has given
    the owner of pcbutts1.com express written permission to redistribute their
    software.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    "Ken_Stabler12" <> wrote in message
    news:...
    > When I ran Mcafee Antivirus last night it said that there was a trojan
    > horse on my system called Exploit-Mht Redir.gen? When i clicked on to
    > remove, clean, or quarantine this trojan, it said that it was unable to do
    > so? Does anyone have any ideas on how to remove this Trojan from my
    > system? Also what does this Trojan horse do? Should I just wipe my hard
    > drive clean and reinstall my whole system again? Thanks:)
    >
     
    pcbutts1, Sep 10, 2005
    #5
  6. Ken_Stabler12

    Plato Guest

    pcbutts1 wrote:
    >
    > The authors of the above programs, with the exception of Microsoft has given
    > the owner of pcbutts1.com express written permission to redistribute their
    > software.


    No need to be defensive. Post what you want. The details are nobodies
    business but your own.
     
    Plato, Sep 10, 2005
    #6
  7. Ken_Stabler12

    pcbutts1 Guest

    Yep I know. I just added it because of the idiots in the other ng.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    "Plato" <|@|.|> wrote in message
    news:432349ea$2$181$...
    > pcbutts1 wrote:
    >>
    >> The authors of the above programs, with the exception of Microsoft has
    >> given
    >> the owner of pcbutts1.com express written permission to redistribute
    >> their
    >> software.

    >
    > No need to be defensive. Post what you want. The details are nobodies
    > business but your own.
    >
    >
     
    pcbutts1, Sep 11, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CoCo
    Replies:
    1
    Views:
    542
  2. Buckwheat

    Removing Trojan Horse & Safe Mode

    Buckwheat, Feb 26, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    3,246
    Abbyss
    Mar 2, 2005
  3. Ken_Stabler12
    Replies:
    1
    Views:
    619
    The Old Sourdough
    Sep 10, 2005
  4. D@Z
    Replies:
    5
    Views:
    991
    Liza Smorgaborgsson
    Jan 30, 2006
  5. jamesa01
    Replies:
    2
    Views:
    520
    Steve
    Feb 27, 2006
Loading...

Share This Page