If you haven't heard of the latest worm, the Bot worm wreaking havoc,
and have Win XP with SP1 or SP2 installed, you need to get the updated
patch.

Because Microsoft is so stupid, that they make you lower your
anti-virus, or at least turn your active x controls to allow,
(the way 99% of viruses and worms are spread in the first place)
And if one of you out there doesn't have a firewall and/or AV program,
you could become infected in minutes.

I have uploaded the patch and you can download it below.

THIS PATCH BELOW IS FOR WINDOWS XP ONLY!!!!
I am not responsible for any hosed systems.

Link removed.

We will leave this for all to see for a while and then move it to computor section.
Thanks for the info.

We will leave this for all to see for a while and then move it to computor section.
Thanks for the info.
There is a computer section here? :confused:

Yea, in the Red Light Section there is a sub-forum at the top for computor and recording on computor.

I would recommend to all who are running Windows 2000 to install the patch from Microsoft, rather than downloading from BMG Skulk. Also, it is most wise to have a patched Anti-Virus application running on your systems with a schedule to check all your files at least once a day, as well as implementing real-time scans.

BMG Skulk - my real-time anti-virus scanner has detected a virus on your site...

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Phel
File: C:\Documents and Settings\Student\Local Settings\Temporary Internet Files\Content.IE5\U9963MLO\clkopa762.com[1].htm
Location: C:\Documents and Settings\Student\Local Settings\Temporary Internet Files\Content.IE5\U9963MLO
Computer: XXXXXXXX
User: Student
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Wednesday, August 17, 2005 9:56:39 AM

Thought everyone ought to know.

Grim,
MCSE NT 3.51, 4.0, Windows 2000, Windows 2003
MCSE: Security/MCSE: Messaging
Compaq ASE/IBM PSE/Linux Certified Professional

(Just throwing in the alphabet soup so y'all know I'm not yanking your collective chains... yes, I know my sh**).

Rule of thumb is to only download from "trusted sites"...

Grim - I'm not surprised good work...

I would recommend to all who are running Windows 2000 to install the patch from Microsoft, rather than downloading from BMG Skulk. Also, it is most wise to have a patched Anti-Virus application running on your systems with a schedule to check all your files at least once a day, as well as implementing real-time scans.

BMG Skulk - my real-time anti-virus scanner has detected a virus on your site...

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Phel
File: C:\Documents and Settings\Student\Local Settings\Temporary Internet Files\Content.IE5\U9963MLO\clkopa762.com[1].htm
Location: C:\Documents and Settings\Student\Local Settings\Temporary Internet Files\Content.IE5\U9963MLO
Computer: XXXXXXXX
User: Student
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Wednesday, August 17, 2005 9:56:39 AM

Thought everyone ought to know.

Grim,
MCSE NT 3.51, 4.0, Windows 2000, Windows 2003
MCSE: Security/MCSE: Messaging
Compaq ASE/IBM PSE/Linux Certified Professional

(Just throwing in the alphabet soup so y'all know I'm not yanking your collective chains... yes, I know my sh**).

When I saw this that was the first thing I worried about. Good catch Grim.

Trojan.Phel info...for any of you that have downloaded BMG Skulks fix.

Trojan Characteristics:
-- Update Jan 11, 2005 --
Microsoft has released a patch for the vulnerability targeted by this exploit:
http://www.microsoft.com/technet/security/bulletin/MS05-001.mspx

This is a generic detection of HTML pages that attempt to exploit a Help ActiveX Control Related Topics Zone Security Bypass
Vulnerability. This has recently been combined with the JS/Exploit-HelpXSite , JS/Exploit-DragDrop.c , and VBS/Psyme trojans to create a "Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise".

This exploit tells the Windows Help Center component to open a document in the local security zone. The purpose of this function is to allow for the execution of injected code to run under the local security zone settings/permissions.

Top of Page

Symptoms
N/A This is a generic exploit detection. Any number of actions can be caused as a result of an exploit being run successfully.
Top of Page

Method Of Infection
This exploit targets Internet Explorer when run under Windows XP SP2. It is recommended that users disable active scripting in Internet Explorer.

Top of Page

Removal Instructions
All Users :
Use current engine and DAT files for detection. Delete any file which contains this detection.

Wow...really?!!!

I run several different AV programs, and firewalls, and have detected nothing.

Then again, I use Mozilla, NAV, and have all active x and javascript disabled.

I'll remove the link though.

My intention was just to help people out, as I've seen guys on their way to download from Microsoft, and get viruses before they ever hit page 2.

Thanks for the heads up.

When I saw this that was the first thing I worried about. Good catch Grim.

Trojan.Phel info...for any of you that have downloaded BMG Skulks fix.

Trojan Characteristics:
-- Update Jan 11, 2005 --
Microsoft has released a patch for the vulnerability targeted by this exploit:
http://www.microsoft.com/technet/security/bulletin/MS05-001.mspx

This is a generic detection of HTML pages that attempt to exploit a Help ActiveX Control Related Topics Zone Security Bypass
Vulnerability. This has recently been combined with the JS/Exploit-HelpXSite , JS/Exploit-DragDrop.c , and VBS/Psyme trojans to create a "Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise".

This exploit tells the Windows Help Center component to open a document in the local security zone. The purpose of this function is to allow for the execution of injected code to run under the local security zone settings/permissions.

Top of Page

Symptoms
N/A This is a generic exploit detection. Any number of actions can be caused as a result of an exploit being run successfully.
Top of Page

Method Of Infection
This exploit targets Internet Explorer when run under Windows XP SP2. It is recommended that users disable active scripting in Internet Explorer.

Top of Page

Removal Instructions
All Users :
Use current engine and DAT files for detection. Delete any file which contains this detection.

BTW...could you tell PM me and tell me what Program you used to detect that?

Good catch, Grim, and thanks for the responsible reaction, BMG_SKULK.

Here is some info on your Trojan BMG http://vil.nai.com/vil/content/v_130609.htm
To anyoe else.. ONLY get patches from Micro$oft. Secondary or hosted sites have a potential for uploading the one thing you are trying to remove.