McAfee VirusScan Detecting Exploit-ObscuredHtml Trojan Web Pages


What are Exploit-ObscuredHtml Trojan Web Pages?


If you have McAfee VirusScan installed, sometimes you may get virus warning windows saying that a Web page in Internet Explorer temporary file directory was deteced as Exploit-ObscuredHtml. The warning window also says: Move failed (Clean failed because the file isn't cleanable)

Most of the times, Exploit-ObscuredHtml trojan warnings are false alarms. The following description from McAfee Web site tells you why:

Microsoft Internet Explorer ignores certain non-ascii characters, allowing an attacker to obfuscate malicious code and still have it rendered by IE.

This detection covers HTML documents that have been crafted with the intention of evading antivirus detection. Other documents that mix HTML with non-ascii characters could also trigger this detection.

Below is a picture of the McAfee VirusScan warning window on Exploit-ObscuredHtml Trojan:
Exploit-ObscuredHtml Trojan.

2007-01-20, 12251🔥, 0💬