Computer virus help

I have Windows XP and Norton AntiVirus (my latest update was today).

While surfing around tonight, I got the prompt that Norton had detected a virus:

Object name:C:\Documents and Settings"my name"\Application Dat…\O5FFAB88d01
Virus name: JS.Exception.Exploit
Action Taken: Unable to repair file

I had been clicking hyperlinks, PDFs, and JPGs hyperlinks, but no .exe files (at least that I know of–usually my browser gives me a prompt if I do this).

I clicked on Norton’s hyperlink and apparently this has been around since August 2001.

Copied from their website:

Several cases have been reported in which JS.Exception.Exploit was received in a compressed file. (This has not been confirmed by Symantec Security Response.) In general, while Symantec antivirus products will detect an infected file that is contained in a compressed file, by design it cannot extract and remove it. If you receive an alert for this or any threat on a compressed file (such as a .zip file) we recommend that you simply delete the compressed file using Windows Explorer.

Well, that seems simple enough, but…

The file location that the AntiVirus located: C:\Documents and Settings"my name"\Application Dat…\O5FFAB88d01 is a little slippery.

Using Windows Explorer and My Computer, I can’t find the subfolder Application Data (I assume) that’s in the “my name” folder.

In “my name” there is no folder that’s named even close to that. There’s stuff like Cookies and Favorites and such.

Searching using the Find File(s) with either the Virus name or Application Data returns “files not found”.

What the hell? If the Antivirus people say it’s as easy as deleting the file with Explorer, why doesn’t the folder that they say the virus is in even appear on my computer?

Any help by the SDMB would be greatly appreciated.

After Norton says that it is unable to repair the file, it gives you some choices, one of which is to quarantine the infected file. I recommend that you do that.

Barbitu8

Thanks for the reponse, but Norton didn’t give me that option.

I would have tried that before I posted.

I actually have the original prompt still active, and believe me–it ain’t giving me any options but to click OK-which acknowleges the Virus dection.

I’m acually worried about rebooting, because, as I understand it, some viruses take hold with the re-boot.

I’m not sure what to do, since my computer is new and the antivirus software from Norton has been updated to thuiday

What do I need to get rid of this bug?

I agree that quarantine is the best choice for the first step. Do it! In addition, if I’m not mistaken, you can then delete the quarantined file.

The file may simply be in the Applications Data folder when you open XP using your settings (as opposed to some other user name that shows when you boot up the machine)

Application Data is a hidden folder. I assume you have explorer set not to show hidden files & folders.
In Explorer:
Tools Menu -> Folder Options. Go to the View Tab. There is a radio dial towards the middle for viewing hidden files & folders. Select the show radio button. You may need to uncheck the “hide system files” & “hide extensions” checkboxes as well. Explorer will give a warning on the system files option, ok the warning, and then apply & ok.

You should now be able to locate the application data folder under your user profile.

C’mon guys

I really do appreciate your help,But…

If I could locate the file–believe me-- I’d delete it.

How do I quarantine a file that won’t show up?

I’m the sole user, and the Applications Data folder doesn’t show up on my computer.

How do I get rid of a virus that hides in a folder that can’t be identified?

I’ve never used Explorer, BTW

Explorer=Windows Explorer=My Computer

Probably the best way to get to that location is through the command line. It’s not too hard, try this:

start>run>CMD [enter]

you should be looking at a command prompt that says:

c:\documents and settings(your name)

now let’s ‘browse’ to the location:

type:

CD application settings

then hit [enter]

you should be seeing a command prompt that looks like:

c:\documents and settings(your name)\application settings

HEY! here’s a trick:

type: CD then type the next 3 letters of the ‘path’ you’re looking for, then hit the ‘tab’ key. This should ‘autofill’ the rest of the path for you, preventing any spelling mistakes, etc…

I’m assuming the full path you’re looking for is:

C:\Documents and Settings(your name)\Application Data\Identities{O5FFAB88d01…}

If that’s not correct, you’ll need to modify the next few instructions to match the path that virus scan gave you.
so try typing:

CD iden

and hit [TAB]

Which should fill in ‘identities’, and let you hit [ENTER], which will have you looking at:

C:\Documents and Settings(your name)\Application Data\Identities\

we’re very close now.

next type:

CD {O5FF

and hit the [TAB] key, then [ENTER]

which should put you into the directory you want to be in. Type:

del (the name of the file that virus scan points to)

which will delete the nasty file.

hope that helps, or at least gives you some pointers that can help. I may not have the exact path you’re looking for, so modify my instructions to match your needs.

The “Application Data” directory is hidden by default in most versions of Windows. Turning on “See hidden files” in the folder options will let you find it.

By the looks of the name of the directory, the infected file is in your Outlook Express email folder. You probably received an infected email which is sitting there dormant waiting for you to do something that would wake it up. So avoid clicking on any strange emails, and make sure you have all the security updates.

This may or may not work depending on registry values for “CompletionChar”. At least on NT and 2000 the default was some cryptic keystrok like ctrl-shift-space or something like that.

A second point: you may not want to delete that file. If I am not mistaken, doing that will delete all (or a large part) of your email.

when i thought i had the virus such and such @32 etc
a newish one cant recall the exact name…sorry…however
the symantec site had extraction tools to download to get it out
it took a long time but finally i got the all clear
i have XP
is there any instruction on symantec for tools to get the one you have off.
are you using norton 2003?
:frowning:

Thanks for the advice everyone.

KellyM–Thanks for the advice about the hidden folders. I was an idiot about that. But, a search of the hidden folders still didn’t locate the file.

Now I’m wondering what’s going on. If the file exists, why can I find it–even in the hidden folder my antivirus tells me it’s in?

I’m running the latest updates of Norton and this thing’s been around for awhile.

I was prompted to use Explorer to delete the file and Norton said I’d have to to this manually–but I still can’t find it.

What gives?

I’ve had this one and Norton caught it.
It’s a JAVA applet that essentially resets your home page and add a bunch of links to your favs (generally porn).
Norton will catch the applet as it downloads, will NOT let it in, and tells you about it, but deoesn’ tell you it didn’t let it in.
You probably can’t find it, because Norton did not let it in (ie. it’s not in your cache).
Restart your machine.
Do not connect to the internet.
Run Norton.
If it can’t find anything then it stopped it before it ended up on your disk.

What you should do is to surf the Web with Java off.

Oh, great. It’s like firemen rushing into a crowded movie theater and yelling “FIRE!!!”, but neglecting to announce that it’s already been put out and there’s nothing to worry about. Someone at Norton must think this is funny.

Just curious, but how did you manage to figure out this is what Norton is doing?

I ended up doing the same thing you did.
Searched for hours to find the infected little sucker, then worked out that Norton hadn’t let him through the door.
It’s not a terribly common applet and it’s generally found on sites that like to make you rememebr who they were.
Did you actually scan your machine?
While my advice is more than likely correct, I do recommend if you haven’t scanned, you do, 'cos I may be wrong.

Actually it’s moocher (another poster with a two-syllable username starting with a lower-case “m”) who’s been on the wild goose chase here. But I’ve had a similar experience with Norton in the past, with some other virus.