Hello All, a>> eTrust EZ Antivirus real-time protection has found that a>> C:\DOCUME~1\AVRAM\LOCALS~1\Temp\bat653.tmp is HTML.ObjectDataHTA a>> dropper <.....> a>> However, I continue to get warning messages each time I download a>> e-mail. The message is always the same, except that the number a>> changes. <.....>
TF> See above. It is a good idea to exclude the temp folder from AV TF> scanning, or at least exclude bat*.tmp files within that folder from TF> the real-time scan. I'm not sure that helps (in all cases) It probably depends on the AV but some programs don't just scan the files but the POP3/MAPI data stream. So the AV kick into action even before the virus gets written to disk. So excluding the scanning directory won't help. A 'solution' could be not to scan e-mail at all. The virus will just wait to get activated by Reading the e-mail or something. At that time the other part of your AV should kick in. But I don't like that solution because I want to kill the virus asap. TF> Oh, and referring to another thread: This problem doesn't exist with TF> plug-ins. That's the other advantage of AV plug-ins for TB. Thread will get mixed up now; but the info in both threads apply to my original question. I can understand the use of a plug-in when using encrypted connections. But I have less positive thoughts about your .bat explanation. I use an AV that outclasses (IMO) many others, including some with plug-ins. And I don't like TB! forcing me to change AV. -- Best regards, Tony An empty stomach is not a good political adviser. ________________________________________________ Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
