Re: HTML.ObjectDataHTA

From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
Date: Thu, 05 Jan 2006 01:04:48 GMT

From: "lkriTÐs" <medium@xxxxxxxxxxxxxxxxxxxxxxxxx>

| I think you hit the nail on the head with this last statment. Any
| suggestions for tools that can do this? That is "able to scan MIME and
| remove infectors in MIME encoded files".
|
| The two Pegasus PMM files are containers for much important unread email.
| The point of this exercise is to repair the files. Deleting is the VERY
| last resort option.
|
| The problem is I can't see the two email "folders" now in Pegasus because
| of the two infections (Pegasus email filing system works by a .pmm file
| referring to a .pmi file). But I can see the files in file manager. The two
| files contain incoming yet to be read email that is directly filtered to
| the folders and other read email. It is important we TRY to repair. So at
| this point I'm just interested in "repair" suggestions. (yes there should
| ba a recent backup of these folders somewhere but there is not)
|
| Scanning files in safe mode was the next step but hoping some tools/tips
| might be applicable/useful in my circumstance in normal startup mode.
|
| I think the infections made it onto the PC via SPAM between the time NAV
| live update subscription ran out and the time ZAISS 6.x was installed
| (several weeks). If was up to me I would never allowed that time frame to
| elapse (ie. it is my girl friends PC).
|
| I observed recommendations of Ewido on another forum so it is already on my
| list to tryout if other tools did not quarantine or repair the trojan.
|
| I don't know anything yet about your Multi-AV or Sysclean. So Sysclean is
| from Trend Micro? Thus is it hosted on the TrendMicro site. I am wary of
| downloading from non well-known (to me) sites (e.g. elephantboy).
|
| However if possible I'm hoping to avoid installing a major number of third
| party tools to solve this one time problem. Registry bloat usually occurs
| because so many apps don't clean up after themseleves when uninstalled and
| many contain malware or DRM crap that I don't need to deal with.
|
| e.g. Uninstalling a-squared auto launched my web browser opening a survey
| webpage asking why I was installing their free product. I refused to submit
| the form and closed the browser, so the uninstall did not complete. I found
| major garbage left behind in file directories and the registry. I lost my
| trust in the a2 product or emsi software with this experience.
|
| Thanks for the recommends. Still open for others.
|
| Woody
|
P-Mail is a simple email program. It is NOT like an email application that uses VIM or MAPI
to scan email messages. P-Mail stores email in MIME ASCII files. However, P-Mail is
proprietary. I don't know of any other email application that works the same or store email
messages and folders the same way.

I only see the two options I provided.

Now the McAfee Command Line Scanner CAN scan MIME files with the /MIME switch parameter.
However, I don't know if it can SAFELY remove viruses without corrupting the P-Mail email
storage structure. So I ran an experiment. I emailed myself three WMF-Exploit files. I
downloaded the email and and moved it in a folder.

I then manually ran the McAfee commnad line scanner on the c:\pmail folder (after I made a
backup) and I scanned using the /MIME switch. No go. It didn't work.

I then tried kaspersky. It could see the infected files in the email but could NOT
disinfecte the messages.

ElephantBoy Computers is a company by Malke. She is a Microsoft MVP as "she can be
trusted".

I am the author of the Multi AV Scanning tool and it is just a front end to the command
line scanners from; Trend Micro, Mcafee, Sophos and Kaspersky.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

.

References:
- Re: HTML.ObjectDataHTA
  - From: David H. Lipman
- Re: HTML.ObjectDataHTA
  - From: lkriTÐs

Prev by Date: Re: Spy Sheriff - so how do people get infected w/ this thing?
Next by Date: the end result re Re: Spam Filters?
Previous by thread: Re: HTML.ObjectDataHTA
Next by thread: Re: System Restore and malware.
Index(es):
- Date
- Thread

Relevant Pages

XP Repair Upgrade Trashes 150 Start Menu Program Links
... After the repair I was astounded to find that 95% of my start menu program ... All the programs still exist in the Program Files folders, ... repair upgrade would have all the system restore points blown away. ... software online and was able to recover some of the old recovery folders ...
(microsoft.public.windowsxp.configuration_manage)
Re: Imaging Drivers Slowing Explore/My Computer & Net Explorer Address
... Go to your folders where you have photo's and video's stored (sub folders ... Close explorer. ... it had something to do with a conflict with the Scanner Drivers. ...
(microsoft.public.windowsxp.general)
Re: Join Split Database
... Correction - I was able to compact and repair; it was when I tried to import ... Make two copies of the BE file and place in separate folders on ... Best case scenario is the users will not need to use the database ...
(microsoft.public.access.gettingstarted)
Re: TIF files
... I can't seem to find the one scanned picture I did (I ... it's possible that you might find at TIF file in a temporary ... it may be located in one of the temporary folders. ... the scanner program may remember where it last saved or what it last ...
(microsoft.public.windowsxp.basics)
Re: Setup Project - how to prevent repair of subfolder within Application Folder
... re-evaluated during a repair). ... You'll see Windows Installer come up and try ... but REINSTALL will be true and the file should not be ... > Conditions on folders don't help. ...
(microsoft.public.dotnet.framework.setup)