Trojan.Phel.A is a Trojan horse program, which is distributed as an .html file, and attempts to exploit the Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability (BID 11467).
Trojan.Phel.A attempts to infect computers running Microsoft Windows XP Service Pack 2 or later.
Type: Trojan Horse
Systems Affected: Windows XP Service Pack 2
More information at: http://securityresponse.symantec.com/avcenter/venc/data/trojan.phel.a.html
I can’t find it into avast VPS history (http://www.avast.com/eng/vps_history.html).
Do you know if we’re protected?
This has been known for at least 2 months already
http://www.securityfocus.com/bid/11467
I think it is also know as XPHelpDelete.A.
Symantec sees it as Bloodhound.Exploit.21 (their heuristic scan)
Bloodhound.Exploit.21 is a heuristic detection for files that have been designed to exploit the Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability (BID 11467). The vulnerability is still unpatched by Microsoft as of December 25, 2004.
http://www.virusbtn.com/perlbin/vgrep/vgrep.cgi?terms=phel&product=0
Since it is an exploit, MS should take care of it not Alwil imo.
And it is not attacking XP with SP2 it is attacking IE SP2.
Microsoft Windows XP SP2 and Internet Explorer 6 SP2 have included enhanced Local Zone security restrictions to prevent various exploits that have depended on the previous relaxed security settings associated with this Security Zone. A proof-of-concept has been released demonstrating that it is possible to bypass these restrictions through the use of the ‘hhctrl.ocx’ HTML ActiveX control.
If the attacker is able to place malicious HTML/scripting content on the system through another vulnerability, such as BID 11466, then this control could be exploited to bypass Local Zone security restrictions that would normally prevent the content from being executed. The proof-of-concept also employs various ADODB methods such as ADODB.Connection and ADODB.recordset to write malicious arbitrary code to the file system, in the form of an .HTA file.
I disagree with you Eddy. Antivirus should handle Exploits too.
Sometimes you have to get updates somehow and antivirus is the first line of defense until you get proper patches. In this case there is even no patch at all. And JPEG Exploit is one of the best examples. You can patch 10 photo edit programs or just have 1 up to date AV to block exploited JPG/JPEG images. Sounds logical doesn’t it?
So if I create something that isn’t working like it should, you are gonna spend money and time on it to fix it and waste your expensive resources instead of concentrating on your own job?
I wouldn’t call that wasting resources for someone else.
Every time i open IE, with pop ups, I get a trojan virus warning. here are some moved to the chest. never happened before, have a left open a vulnerability somewhere?
C:\WINDOWS\system32\cdsjz.dll
Not necessary. Today i cought one page that attempted to load exe file along with popup(not detected by avast!). After page source examination i found the download link of the file and submitted it to avast!. File was marked as trojan by Kaspersky…
If your file is detected correctly (perfect match) you should just delete it using boot-time scan or by scanning in safe mode.
thanks. what do you mean by scanning in the safe mode? its a real nuissance listening to the alert and then deleting the file. Can it be done automatically and is there a prblem with that?
Just boot your PC into Safe-Mode (press and hold F8 at startup and when you get boot menu,select Safe Mode).
When you’re in it just run SImple interface and scan just windows folder (to shorten scan,use Standard mode without archives).
Or you can use Boot-time scan…
Are you using Windows XP? So you can schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning
Select for scanning archives.
Boot 
Welcome to forums…
By the way, it should be better to open a new thread to not mess two different issues in the same one 
Ok, but I strongly feel avast MUST be able to detect this trojan! Think of those those computer users out there who are using IE SP2!
Those who use avast and IE SP2 will not be protected against this trojan!
Norton antivirus and Mcafee viruscan both detect this Phel trojan now.
This is a rather dangerous exploit and trojan IMHO. Avast MUST detect this trojan.
Why not? I think exactly the same.
Any comment from Karel? 8)
There are a number of MS exploits (known and many as yet undiscovered), AV companies would have to be devoting the same amount of time as MS to close these exploits. This is both not practical or possible (resources, programmers, etc.) given the deep pockets of MS, AV companies don’t stand a chance.
Devoting resources to theoretical problems is not practical, but Yes if there is a known virus using that exploit, then Yes AV companies will and should act.
If you are so concerned with this I would suggest that you give Firefox a try.