Hello Tony, On Sun, 13 Jun 2004 08:51:39 +0200 GMT (13/06/2004, 13:51 +0700 GMT), Tony wrote:
a>>> eTrust EZ Antivirus real-time protection has found that a>>> C:\DOCUME~1\AVRAM\LOCALS~1\Temp\bat653.tmp is HTML.ObjectDataHTA a>>> dropper TF>> See above. It is a good idea to exclude the temp folder from AV TF>> scanning, or at least exclude bat*.tmp files within that folder from TF>> the real-time scan. T> I'm not sure that helps (in all cases) It would help in above case. T> It probably depends on the AV but some programs don't just scan the T> files but the POP3/MAPI data stream. So the AV kick into action T> even before the virus gets written to disk. Not in the above case, and then there wouldn't an a file name. T> So excluding the scanning directory won't help. T> A 'solution' could be not to scan e-mail at all. That's what I do: not scan emails. T> The virus will just wait to get activated by Reading the e-mail or T> something. That's only possible with Microsoft products. T> At that time the other part of your AV should kick in. The AV should kick in when I ask it. That's how I have set it: It I do want to open an attachment, I ask the doctor (PC-Cillin): Does this file contain a virus? T> But I don't like that solution because I want to kill the virus asap. I do that with the <del> key. T> And I don't like TB! forcing me to change AV. It isn't. You only need to adjust your settings to your environment and your desired behaviour. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Avoid cliches like the plague (They're old hat.) Message reply created with The Bat! 2.11 under Chinese Windows 98 4.10 Build 2222 A using a Pentium P4 1.7 GHz, 256MB RAM ________________________________________________ Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html