html mhredir a

Gene · May 2, 2005

I just found 'html mhredir a " on my computer. Can anyoe tell
me what this is and what it does? I can't find anything on it from the
web. Thanks.

Tom

David H. Lipman · May 2, 2005

From: "Gene" <[email protected]>

|
| I just found 'html mhredir a " on my computer. Can anyoe tell
| me what this is and what it does? I can't find anything on it from the
| web. Thanks.
|
| Tom

Tom, you provided insufficient information.

What anti virus software detected this ?

What was the exact name this AV software identified as ?

Gene · May 2, 2005

From: "Gene" <[email protected]>

|
| I just found 'html mhredir a " on my computer. Can anyoe tell
| me what this is and what it does? I can't find anything on it from the
| web. Thanks.
|
| Tom

Tom, you provided insufficient information.

What anti virus software detected this ?

What was the exact name this AV software identified as ?

I used Micro Trend online virus scanner from the web.
It found, HTML mhredir A, and JS Phel A. The
Js phel a it found twice. Html mhredir a was non cleanable
so i deleated all of them. It found all of them in the temporary
internet explorer directory. Those are the exact names. I
wrote them down as it found them. The js phel a I found
is a trojan dropper for the coreflood trojan.

Tom

David H. Lipman · May 2, 2005

From: "Gene" <[email protected]>

| On Mon, 02 May 2005 20:05:32 GMT, "David H. Lipman"

| said:
|> I just found 'html mhredir a " on my computer. Can anyoe tell
|> me what this is and what it does? I can't find anything on it from the
|> web. Thanks.
|>
|> Tom

|
| I used Micro Trend online virus scanner from the web.
| It found, HTML mhredir A, and JS Phel A. The
| Js phel a it found twice. Html mhredir a was non cleanable
| so i deleated all of them. It found all of them in the temporary
| internet explorer directory. Those are the exact names. I
| wrote them down as it found them. The js phel a I found
| is a trojan dropper for the coreflood trojan.
|
| Tom

Tom:

Those are not the exact as "Trend Micro" names.

{ Notice there are no spaces in the infector's name }

HTML_MHREDIR.A --
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HTML_MHREDIR.A

This is an exploit code that cause redirection to specified web sites by taking advantage of
an OE vulnerability but is mitigated by installing the the patch listed in ms04-013
[KB837009]
http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx

JS_PHEL.A -- http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_PHEL.A

This is a JavaScript exploit code. It is mitigated by the installation of WinXP SP2.

I suggest the following....

1) Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options --> delete files

2) Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

3) Dump the contents of your Sun Java cache -
Start --> settings --> control panel --> Java applet --> cache --> clear
or
Start --> settings --> control panel --> Java applet --> general --> settings -->
delete files

4) Download TrendMicro Sysclean

Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

Run the SYSCLEAN_FE tool and let it download SYSCLEAN.COM and the Pattern File thee exit the
utility.
Reboot your PC into Safe Mode and shutdown as many applications as possible and then
execute;
c:\sysclean\sysclean.com

And scan you your computer once again.

* * * Please report back your results * * *

Gene · May 3, 2005

On Mon, 02 May 2005 20:52:02 GMT, "David H. Lipman"

--------------------sniped for space-----------------------

{ Notice there are no spaces in the infector's name }

HTML_MHREDIR.A --
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HTML_MHREDIR.A

This is an exploit code that cause redirection to specified web sites by taking advantage of
an OE vulnerability but is mitigated by installing the the patch listed in ms04-013
[KB837009]
http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx

JS_PHEL.A -- http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_PHEL.A

This is a JavaScript exploit code. It is mitigated by the installation of WinXP SP2.

I suggest the following....

1) Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options --> delete files

2) Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

3) Dump the contents of your Sun Java cache -
Start --> settings --> control panel --> Java applet --> cache --> clear
or
Start --> settings --> control panel --> Java applet --> general --> settings -->
delete files

4) Download TrendMicro Sysclean

Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

Run the SYSCLEAN_FE tool and let it download SYSCLEAN.COM and the Pattern File thee exit the
utility.
Reboot your PC into Safe Mode and shutdown as many applications as possible and then
execute;
c:\sysclean\sysclean.com

And scan you your computer once again.

* * * Please report back your results * * *

I downloaded sysclean_fe and ran it. It turned up clean. Then I
rescaned and everything is clean.

I didn't see the underscore in the malware names. I guess it's time
to get stronger reading glasses. : ] Thanks for the help.

Tom