Exploit:HTML/MhtRedir.gen

Summary:

Exploit:HTML/MhtRedir.gen is a generic detection for crafted malicious HTML code that exploiting the MHTML (MHTML stands for MIME Encapsulation of Aggregate HTML) URL processing vulnerability, which is fixed in MS04-013. An attacker could trick the users to visit a malicious web site hosting Exploit:HTML/MhtRedir.gen, or view a HTML E-mail message containing Exploit:HTML/MhtRedir.gen. If the user's machine is not patched, the malicious HTML code will run in the Local Machine security zone of Internet Explorer on users' machine. It further allows attackers to download and run arbitrary programs (for example, trojans or trojan downloaders) with the privilege of the current user and gain complete control over the affected system.

Technical analysis:

Exploit:HTML/MhtRedir.gen is in the format of HTML. It embeds a malformed URL referring to a Compiled HTML Help (CHM) file. The CHM file, in many cases, contains HTML component with active malicious scripts that attempt to download and execute other malicious files from the Internet. When Exploit:HTML/MhtRedir.gen is rendered on an unpatched system, the CHM file will be saved in local system and the embedded scripts will be executed in context of Local Machine Zone to perform further downloading and infection. In many cases, Exploit:HTML/MhtRedir.gen will triggers infections of various other trojans, trojan downloaders, or spyware/adware.

Removal:

It is a generic detection description. Thus, the removal instruction is not the same as other specific worm/virus/trojans. Install the up-to-date windows updates will fully patch the system and prevent from the future infections. Delete the html files detected as Exploit:HTML/MhtRedir.gen will remove the current infections.