Phishing



Calolddog
07-09-2005, 10:49 PM
While traveling for several weeks and using webmail to pick up my e-mail, I
received a couple of messages stating they were from USBancorp. and the
subject indicated there was a problem with my debit card. As I don't have a
debit card from USBancorp, nor any other business connection, I deleted the
messages without opening. When I returned home and updated my antivirus
software and ran a check it produced three problems. One was worm/bagle.gen
which was deleted. The other two were
hdr35(1).js KIT/Phish.Sekuryb.3 I instructed the program to delete the
files and it gave me a reply "Infected files in archives will not be deleted
or repaired".

Now when I am in MyMSN and click on a news item I receive a screen which
names a file
C:DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS/TEMPORARY INTERNET
FILES\CONTENT.IE5/VB7K6EGE\HDR35(1).JS
The screen then gives the following options
Move file to quarantine directory
Delete File
Wipe File
Rename file
Deny access
Allow access

None of the options appear to do anything. I check "deny access" and it
repeats the screen 2 or 3 times and finally transfers me to the webpage I had
asked for.

I have deleted everything out of CONTENT.IE5 with the exception of a file
called "Index DAT File" and when I have tried to delete it I get a warning
message that it may be required by some programs so have backed off.

I am using Windows XP and the Antivir antivirus software which was on my
computer when I bought it.

I don't seem to get this warning message any time other than when I am in
MyMSN and try to activate a webpage headlined there.

Opinicus
07-09-2005, 10:49 PM
"Calolddog" <Calolddog@discussions.microsoft.com> wrote

> I have deleted everything out of CONTENT.IE5 with the
> exception of a file
> called "Index DAT File" and when I have tried to delete it
> I get a warning
> message that it may be required by some programs so have
> backed off.

I can't help you with the other problems but I can with
this. While you can't actually delete index.dat you can
effectively flush it this way:

Right click on the IE icon on the desktop
Properties
Settings
Delete all offline content
OK
Settings (again)
Slide the "Amount of disk space to use" button all the way
to the left (to 0)
OK
OK
Reboot
Return to Settings and set the cache size to whatever you
want.

I'm wondering how just opening a message could infect a
system. Did you click on an attachment or something in it?

--
Bob

Kanyak's Doghouse
http://www.kanyak.com

Novelmom
07-09-2005, 10:49 PM
Same thing happens to me--I don't know how I received it and I never open
attachments, just one day my antivirus picked it up and only gives me the
option to remove the file, which I do, but a warning keeps popping up
everytime I try to access a msn news item off the home page. We have three
users on the comp and it shows up in the IEcontent under all three names, but
I can't seem to get rid of it. Googled "KIT/phish.sekuryb.3" and can't seem
to find much on it or how to get rid of it completely.
Any help from anyone?
Thanks, Darlene

"Opinicus" wrote:

> "Calolddog" <Calolddog@discussions.microsoft.com> wrote
>
> > I have deleted everything out of CONTENT.IE5 with the
> > exception of a file
> > called "Index DAT File" and when I have tried to delete it
> > I get a warning
> > message that it may be required by some programs so have
> > backed off.
>
> I can't help you with the other problems but I can with
> this. While you can't actually delete index.dat you can
> effectively flush it this way:
>
> Right click on the IE icon on the desktop
> Properties
> Settings
> Delete all offline content
> OK
> Settings (again)
> Slide the "Amount of disk space to use" button all the way
> to the left (to 0)
> OK
> OK
> Reboot
> Return to Settings and set the cache size to whatever you
> want.
>
> I'm wondering how just opening a message could infect a
> system. Did you click on an attachment or something in it?
>
> --
> Bob
>
> Kanyak's Doghouse
> http://www.kanyak.com
>
>


Phishing