Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Delete or Rename this file?

Feb 6, 2004 12:23AM PST

I have a file sitting in my PC-cillin Quarantine at the moment. It was detected by my AV when running a full scan of AD-Aware 6. I have downloaded all of the updates on both scanners to stay current, which seems to be daily.
What was detected was JS_Exception.GEN
Sent the file to Trend Micro for instructions.
Checked for the Patch in "Microsoft VM ActiveX Component". Everything was up to date there, so I didn't have to download or install anything.

The file name in question is UNIMP.[1].HTM

I don't know what this file is, what it does or what will happen if I delete it. (Newbie)

This infection only shows up when I run a full scan of Adaware 6 and my AV is running at the same time. Hmmm?
Thanks in advance for helping.
Susan

Discussion is locked

- Collapse -
Re:Delete or Rename this file?
Feb 6, 2004 12:33AM PST

Susan,

you can delete the file:

JS_EXCEPTION.GEN

Virus type: JavaScript

Destructive: No

Aliases: Trojan.Seeker-based, HTML.VMExploit, JS.Exception.Exploit, EXCEPTION, EXCEPTION.GEN, Coolsite, Coolsite.A, JS/Coolsite.A


The vulnerability allows Java applets to run any desired ActiveX control from a Web page, or from within an HTML-based email message, that would enable it to read, write, and run files from accessible drives. This vulnerability also allows applets to download a file from a specified Web site and execute this file locally.

JavaScript malware containing this vulnerability are often embedded in HTML sites and are usually used to modify the default Internet Explorer home page and to add web links to the Favorites folder. Other malware samples modify the default stationery for Outlook Express, while some are found to have mailing capabilities.

More information on this vulnerability is available at the Microsoft Security Bulletin article, Patch Available for 'Microsoft VM ActiveX Component' Vulnerability.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_EXCEPTION.GEN

- Collapse -
Re:The sucker is gone!
Feb 6, 2004 12:56AM PST

Thanks Marianna! File has been deleted. I will run scans again and reboot puter. Will post back if any new developements.
Susan

- Collapse -
(NT) Susan, You're Welcome ! Yep, keep us informed :)
Feb 6, 2004 1:15AM PST

.