Exploit-mhtRedir.gen

Mcafee virus detected this trojan on my computer as soon as I tried to look at a website that discusses the development of the Mastiff / bulldog breed dogs. Anyone know anything about this trojan? Is it impossible to remove, and how dangerous is it?

I'm going through the Mcaffee instructions now, but I don't really understand all of the specifics.

do u keep ya pc updated at microsoft.i thought they relasesd a fix but maybe im confused

also when ya ran ya scaner didnt it give ya option to delete it?

I can't tell if you were infected or if it stopped the download and isolated the virus.

A "trojan" by definition is a program that looks safe and entices you to execute it somehow. This particular trojan appears to be spread via infected web servers.

There is information at http://vil.nai.com/vil/content/v_101033.htm about this specific trojan and the microsoft patch that should keep it from spreading.

According to that page, McAfee will detect and clean this trojan.

This IS a serious bug as one of the programs it might install is a backdoor program that opens you up to other exploits.


Good Luck

Daniel

I keep windows updated all the time (the patches and security updates). I'm pretty sure I've been to this dog site in the past, which is why I felt safe to click the link.

[ QUOTE ]
gadget_lover said:
I can't tell if you were infected or if it stopped the download and isolated the virus.

A "trojan" by definition is a program that looks safe and entices you to execute it somehow. This particular trojan appears to be spread via infected web servers.

There is information at http://vil.nai.com/vil/content/v_101033.htm about this specific trojan and the microsoft patch that should keep it from spreading.

According to that page, McAfee will detect and clean this trojan.

This IS a serious bug as one of the programs it might install is a backdoor program that opens you up to other exploits.


Good Luck

Daniel

[/ QUOTE ]

This is a problem with Mcaffee. It said something like "this trojan has been detected and deleted", and yet when I ran the virus scan manually a minute later it found the virus, so how could it have deleted it during download? This is my frustration with Mcaffee, mixed signals, or maybe I don't understand their messages.

This virus "crept up" on me a couple days ago...same scenario. My Antivirus ware immediately caught it and in the AV window that "popped up"...it looked like the file had placed itself 3 times in my "Documents/Owner/Local settings (a hidden directory)/and on into a couple more folders deep in that path", the final directory ended up being a temp internet file folder.

The first instance of the file had been "deleted" by my AV wares. The second two appeared to still be there.

I immediately disconnected from the web, closed everything down, deleted everything in that folder, then ran a complete scan on my system with my updated AV wares.

Sometimes a virus will also get to your "backup" files (XP roll back) and one needs to delete those backup files as well.

My system appears clean at this time. It was listed as a "trojan" as you have said and "hopefully" nothing activated it in the time it took me to get rid of it.

It appeared as I was surfing and don't know which website it came from..one thing I know though, as soon as I am aware of such an "infiltrator" - I shut down and clean up the system immediately before it can be activated, spread, and cause any damage!

[ QUOTE ]
Sigman said:
This virus "crept up" on me a couple days ago...same scenario. My Antivirus ware immediately caught it and in the AV window that "popped up"...it looked like the file had placed itself 3 times in my "Documents/Owner/Local settings (a hidden directory)/and on into a couple more folders deep in that path", the final directory ended up being a temp internet file folder.

The first instance of the file had been "deleted" by my AV wares. The second two appeared to still be there.

I immediately disconnected from the web, closed everything down, deleted everything in that folder, then ran a complete scan on my system with my updated AV wares.

Sometimes a virus will also get to your "backup" files (XP roll back) and one needs to delete those backup files as well.

My system appears clean at this time. It was listed as a "trojan" as you have said and "hopefully" nothing activated it in the time it took me to get rid of it.

It appeared as I was surfing and don't know which website it came from..one thing I know though, as soon as I am aware of such an "infiltrator" - I shut down and clean up the system!

[/ QUOTE ]

Interesting. This trojan might be more prevelant than Mcaffee made it sound. Two of us in three days getting the same virus that post on the same board seems like this virus is common. I only had one instance of it listed after running the manual scan.

It was called Exploit-mhtdedir.gen when Mcaffee first detected it (as soon as I entered the site). Then, after running the virus scan the name was "Exploit-byteverify". I quaranting the byteverify one and then deleted it, and then turned off system restore as Mcaffee suggested. I think (and hope that the Exploit-mhtdedir.gen) was autocleaned/deleted by Mcaffee Activeshield. This is really frustrating, I am always careful about going to legit sites and don't open up strange emails. Yet, I still get a trojan despite being at a site that I recall being to in the past.

Thanks for all the help gentlemen.

So, I've had XP Service Pack 2 installed for a long time, I update the critical updates daily (automatic updating), and also have the Service Pack 2 firewall loaded. Plus, Mcafee is no longer detecting instances of this virus/trojan/piece of garbage code that some punk created.

In your opinions, am I reasonably safe considering that I had the patches before I got the trojan? Should I no longer use credit cards and other personal info on this computer or am I panicking?


Other than ordering a new computer (this one is only a few months old, so I hope to avoid that), the only other "safe" solution would be to wipe the hard drive and reinstall everything? Or would you advise to just take a chill pill and assume that the patches did their job?

Hmmmm, after I found it and my actions taken...I feel safe.

I'd hate to tell you "all's well"...but...you seem to have done the "right thing" when you discovered it.

Before you get infected, you should always build a "rescue disk" that has Mcafee and it's dat files. If you suspect it's been compromised you then boot from the FLOPPY, (not hard drive) and use the rescue disk to check the system. If you boot from the hard drive the virus may have a chance to run and hide itself from the virus scanner.

The Exploit-byteverify virus is java code that might have been downloaded but was not necessarily executed.

Visiting a web site you've been to before is no assurance that it has not been compromised. All web servers have had security holes, some courtesy of the OS, some due to configurations.

The US Government has sent a memo suggesting that gov employees avoid using microsoft internet explorer. The only safe way to surf is to turn off the java and java script and active-X and.....


Daniel