my kaspersky has detected exploit.html

[howard_hopkinso]

The only suspicious file I can find in your Auto runs log is this. c:\windows\system32\shellvrtf.dll I suggest, rather than deleting the file, rename it to shellvrtf.dll.old and reboot your system. See if you notice anything untoward over a couple of weeks or so. If everything seems fine after that, delete it.

Regards Howard

This thread is for the use of ejames82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ejames82]

howard,
i did it, exactly as you said and made a not of it. the computer still works great. no problem whatsoever. thanks again, Ed James

 

[ejames82]

howard,
there's a couple of reasons why i'm posting:
1. the computer works fine 95% of the time. you had me rename shellvrtf.dll to shellvrtf.dll.old. that apparently has done no harm. it has been one week.
2. i think i have a hacker because i have my internet options set to alert me when someone tries to give me a cookie. today my computer locked up twice this morning. i was unable to move my mouse. shortly thereafter i looked in my internet options>privacy>sites and found a load of porn and casino websites that shouldn't have been there. those websites wouldn't be there unless i have a hacker, would they?
i made a mistake when i first installed this firewall, by permitting connections that i thought were legitimate, when they might not have been. at that time i didn't know how to use a whois tool. do you think it would be a good idea to uninstall the kerio firewall from add/remove, then reinstall it? would this get rid of a hacker and be practical? thanks, Ed James

 

[howard_hopkinso]

Uninstalling and reinstalling the firewall may well be a good idea. However, once it`s uninstalled, I suggest you do a manual search of your system for any Kerio files that are left. Otherwise, when you reinstall it, it might just resume your old settings. Obviously, you`ll need to disconnect from the net during this procedure.

I`ve never used the Kerio firewall myself, I actually use the free Zonealarm and have never had any problems with either the programme itself or with hackers.

If you`re in any doubt as to whether your system is clean, please feel free to post a fresh HJT log if you want.

Regards Howard

This thread is for the use of ejames82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ejames82]

howard,
that's a plan that i feel good about pursuing. i will post a hijackthis when i am all done. i appreciate it, Ed James

 

[ejames82]

howard,
sorry it's been so long, but i was busy uninstalling and reinstalling the kerio firewall. i also deleted all the files after uninstalling, so that the reinstallation had no remnants of the previous programme. the first time i reinstalled i denied everything, but afterwards outlook express and internet explorer wasn't working. so i knew that i had to permit connections that were denied. with the help of arin whois, i was able to figure out who must be permitted. everything is working nicely. unfortunately, i still get the notices from kaspersky that the exploit.html is in quarantine.
here's my hijackthis log. thanks again, Ed James

 

[howard_hopkinso]

Your HJT log is clean as a whistle.

I still think you should contact the makers of Kaspersky and see what they say.

Regards Howard

This thread is for the use of ejames82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ejames82]

howard,
i have a few things that i have to talk with them about, that i've written down. they couldn't be easier to talk to on the phone.
thanks again for all the help and i look forward to reading many more of your posts. Ed James