SWF:CVE-2007-0071

Hey all.

Read the sticky, heres some quick info:

  1. How was it detected? What was scanning, you yourself or the back-ground scanner? When did the message occur on a download, unzipping, opening a file, mail or mail-attachment, etc.?
    Must have been the background scanner as it just popped up with ‘Malware Found’

  2. What was the source of the file, where did the file come from?.: e.g. address, URL, source.
    Not quite sure what you mean, if where is it then
    C:\DOCUMENTS AND SETTINGS\USERNAME\Local Settings\Application Data\Mozilla\Firefox\Profiles\82s58be9.default\Cache\2DF9A61Ad01

  3. When was it downloaded or received?
    12:37 today

  4. What is the exact file name with extension.
    See question 2
    Also in the log viewer it says Sign of “SWF:CVE-2007-0071 [Expl]”

  5. What was the exact wording of the message that the AV program came up with? This is important for later.
    Malware Found, i then chose the delete option

  6. Now go back and do nothing yet. Scan the particular file once again with your AV product.
    Err, little to late for that
    Ive scanned the folder again and no threats found

From a google search it looks like its something to do with an adobe flash exploit found in earlier versions, the thing is, the version im using is the latest available.

Apart from doing a thorough scan is there anything else i should be doing?

Thanks for any feedback given

The safer is send to Chest for further analysis: there you could rescan, restore or delete.

To be sure everything is fine, I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

Thanks for the reply, already used Hijackthis and ran spybot-search&destroy, will start on the others you have suggested