Jump to content

remove virus


Recommended Posts

Hello, I have this virus which is continuously present in the deleted files of the mail and it has not been possible to control this. How can I eliminate it?

virus.PNG

Link to comment
Share on other sites

it only detects it but it cannot be eradicated It sends scans, but it cannot delete it, since it is found in that Outlook path, the file was deleted, but it is recreated and continues to report the threat, the client is choosing to format the computer, but if the threat is in Outlook, would this reinstallation work?

Link to comment
Share on other sites

  • Administrators

Are you still using Outlook Express? What OS do you have?

Dbx is a proprietary format and it's not possible to make modifications in it. You can only find the malicious email yourself (e.g. by subject, time of receipt, etc.) and delete it.

Link to comment
Share on other sites

  • Most Valued Members
On 6/15/2021 at 6:55 PM, sereset said:

it only detects it but it cannot be eradicated It sends scans, but it cannot delete it, since it is found in that Outlook path, the file was deleted, but it is recreated and continues to report the threat, the client is choosing to format the computer, but if the threat is in Outlook, would this reinstallation work?

The file is recreated upon clicking the email that is infected

 

Quote

 

Vulnerabilities, vulnerabilities

In addition to user interactivity, a virus or worm that spreads on the Internet can exploit a security flaw in the operating system or application of an affected computer. This allows it to gain control of the attacked computer.

The Win32 / Aliz.A worm exploits the Microsoft MS01-020 vulnerability to spread .

This error occurs because Internet Explorer incorrectly handles MIME headers in HTML e-mail messages. If an attacker sends or stores an HTML e-mail message that exploits the vulnerability on a Web page and a user opens the e-mail message or clicks on the link, Internet Explorer automatically runs the executable file on the user's computer. An attacker could then take complete control of the computer.

 

This is from ESET Hungaria : https://www.eset.hu/tamogatas/viruslabor/virusleirasok/aliz-a

Quote

 

To run from an infected message, the worm uses a security breach (IFRAME
vulnerability, similar to the one used by the “Nimda” worm). So the worm may be
activated from infected e-mail simply upon reading or previewing the message.

When an infected file is run, the unpacking routine takes control,
unpacks the main worm code into the memory and jumps to it. The main code then
sends infected messages to e-mail addresses found in WAB (Windows Address
Book). To send e-mails, the worm connects to default the SMTP server.

 

This is from Kaspersky post :

https://threats.kaspersky.com/en/threat/Email-Worm.Win32.Aliz/

More in wikipedia:

Quote

 

Outlook Express was one of the earlier email clients to support HTML email and scripts. As a result, emails were commonly infected with viruses.[12][13] Previously, another security flaw was that a script could automatically be opened as an attachment. Another bug was in Outlook Express's attachment handling that allowed an executable to appear to be a harmless attachment such as a graphics file. Opening or previewing the email could cause code to run without the user's knowledge or consent. Outlook Express uses Internet Explorer to render HTML email. Internet Explorer has been subjected to many security vulnerabilities and concerns.

With Outlook Express SP2 (part of Windows XP SP2), Microsoft has tried to correct the security holes. Outlook Express now blocks images inside emails by default.[14][15] It uses only the restricted security zone for HTML email, which disables scripts and imposes restrictions on what web content can be rendered. It also warns when opening potentially malicious attachments.[16]

 

But as Maros asked , you are probably using an old operating system and it's possibly vulnerable to vulnerability that was talked about in both posts.

Is it Windows XP?

 

Edited by Nightowl
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...