cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Exploit-MIME -- next step?

Hi All,

I've never had a questionable file/program detected until today, and I'm not sure how to proceed.

McA Identified the file as Exploit-MIME.gen.c. McAfee gave me the option to either manually delete the file or to let McAfee handle it, with the warning that it may have been installed as part of a bundle/suite, signed license, etc. Now I don't know what to do. I did just install Microsoft Office Home & Student edition yesterday.

I'm also new to Vista, and very unfamiliar w/how this version of Windows Explorer works. I did try typing "exploit" in the search window, indicating it was the name of a file, but turned up nothing. But as I said, I'm new to Vista Explorer so not finding the file isn't necessarily meaningful.

Suggestions?

Thanks.

-- mk --
9 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 10

RE: Exploit-MIME -- next step?

Vista Windows Explorer works similarly to XP's which I'm assuming that you are familiar with. There's little difference except in appearance. You still have to enable the view of hidden or system files as in XP etc. etc. (Tools/Folder Options/View).

Using "exploit" or "mime" as search parameters wouldn't get you anywhere....you would have to use the name of the actual infected file.

I wouldn't worry too much if you can't locate the actual file. Did McAfee not indicate any path for the infection?
In cases like this it's best to forward a sample to McAfee Avert Labs if at all possible. That way they can test it to see if it is in fact an infection, or a legitimate object, in which case they would send you an extra.dat to manually update the detection file in VirusScan.

Send a file to Avert for analysis:
http://vil.nai.com/vil/submit-sample.aspx
or
https://www.webimmune.net/default.asp
or
Email file to: [EMAIL="virus_research@avertlabs.com"]virus_research@avertlabs.com
When submitting samples via E-mail all samples must be packaged in a .ZIP file. When creating this .ZIP file, it is important to understand that the .ZIP can be no more than 3 megabytes in size and can contain no more than 30 files. Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the ""). Failure to follow these guidelines will cause your submission to be rejected.

Download and run the free version of this anti-spyware tool: http://www.superantispyware.com/superantispywarefreevspro.html

It's useful to keep around as long as you keep it updated.

If that doesn't take care of it, then download Hijackthis and post its log on one of the following forums for expert advice:

Do not post the log here, we can't help!

DOWNLOAD HIJACKTHIS

Post the logs at a specialist Forum:

AUMHA FORUM

BLEEPING COMPUTER FORUM

CASTLECOPS FORUM

GEEKS TO GO FORUM

MAJOR GEEKS FORUM

MALWARE REMOVAL FORUM

SPYWARE INFO FORUM

TECH SUPPORT GUY FORUM

WHAT THE TECH FORUM (Formerly Tom Coyote)

Be sure to read all the sticky announcements/instructions at the top of each malware forum!


Lastly, make sure that you keep Vista totally up to date. Help with SP1 installation here: http://community.mcafee.com/showthread.php?t=220206

RE: Exploit-MIME -- next step?

Good morning, Peter. Thanks for your response.

I received the virus detection warning just before I had to leave, so posted quickly, but last night was able to return and read some of the earlier messages about it. I've been visiting the internet for many, many years, and due to safe practices and virus protection, never had a virus on a computer before, so I was quite shocked to have two warnings come up in one week on this new laptop.

Based on what I read, I wonder if the vulnerability occured because I had been using the very screen-cluttered (trial version of) Microsoft Outlook 2007 which I think permitted previews of attachments. A couple of days ago, I did uninstall the Office Professional Suite and Outlook (and maybe the few messages Outlook downloaded along with it?), and am using Microsoft Mail.

Do you know if there are settings in the e-mail program that I should use to minimize future problems?

Thanks.

-- mk --
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 4 of 10

RE: Exploit-MIME -- next step?

I'm not familiar with Outlook at all and the nearest I've got to Office is Works 8.5 + Word 2002 (which I have in both Vista SP1 and XP SP3) so your questions regarding the merits or pitfalls of those are best directed to a Windows help group. I can recommend http://forums.techguy.org/ or http://www.vistax64.com/ but I would imagine that you are taking the right approach to being safe. We all have experienced an infection at some stage or other. Sometimes they are real and other times they are false alarms.

Vista Windows Mail has the same Security tab under Tools/Options as XP's Outlook Express has (see attached thumbnail) and there are extra security precautions there, which I don't use because I've found them too restrictive and, quite honestly, a nuisance.

As long as you have an anti-virus and firewall and some anti-spyware tools handy, and you surf wisely and keep your system up to date, I would say that's all that is necessary.
If something drastic occurs there is always help out there.

RE: Exploit-MIME -- next step?

Thanks, Peter, for you help. I thought the Security Center took care of spyware, but if not, then I'll certainly get the program you suggested.
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 6 of 10

RE: Exploit-MIME -- next step?

Well it does, as well as it can do. There isn't such a thing as the perfect protection. That's why we always recommend some extra anti-spyware tools.

Malware makers are becoming ever more devious in the way they design trojans/worms etc. so it's an ongoing battle one has to be well equipped to resist.

Anyway, good luck! Let me know here if there are any other issues.

RE: Exploit-MIME -- next step?

Will do. Thanks!
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 8 of 10

RE: Exploit-MIME -- next step?

Can I mark this one solved?

RE: Exploit-MIME -- next step?

By all means. Thanks again for your excellent and timely advice.
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 10 of 10

RE: Exploit-MIME -- next step?

Glad to help and good luck.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community