Using eTrust AV--Win 98SE--on a Dell PII

Ran a scan and two files are infected but I can't find out what to do next. They don't show up in my quarantine or cleaned list. Do I just trash them? What am I missing?

The viruses are HTML/phishbank.EH and HTML/phishbank.IR

They're in files \Windows\Application Data\Mozilla\Profiles\Ark...

I'm not familiar with eTrust anymore, but if you can't find them, how do you know the location? Since they have the name "phish" in the titles, these may not be viruses/worms/trojans at all, but rather something to do with a phishing scam. I'm guessing here, but that may be why they don't show up in a quarantine or cleaned list???? By the way, have you entered your banking information online recently in response to an e-mail? If so, you may have been the victim of a phishing scam and might need to contact your bank immediately.

As far as finding the files goes, you might try this. Start Windows Explorer and click Tools-File Options (may vary a bit on 98SE, such as Tools-Options). On the "View" tab, check "Show hidden files and folders" and uncheck "Hide protected operating system files" (if 98 has that. I can't remember). Then search again for the files. From the folder location you mention, these files may be in the internet cache for Mozilla. Deleting the cache may get rid of them, or may already have. I don't know how to delete the cache in Mozilla though, since I haven't used it in quite some time.

You can go here (http://www.antiphishing.org/) to see if any of the recent phishing scams seem familiar to you, since you may have been the victim (or attempted victim) of one.

Some security proggies identify "phishing" emails. Here's a web page that describes a variation.

HTML/Ebay-phish (http://www.fortinet.com/VirusEncyclopedia/search/encyclopediaSearch.do?method=viewVirusDetailsInfoD irectly&fid=52775)

And another common one re CitiBank ...

HTML/Phish.Citi (http://www.fortinet.com/VirusEncyclopedia/search/encyclopediaSearch.do?method=viewVirusDetailsInfoD irectly&fid=2118)

Don't fret about them. They're not a danger to your machine.

Rules to follow:

1. NEVER click on a link in an email purporting to be from a company or financial institution with which you do business, particularly if it claims that security upgrades require updating account info, or it threatens to suspend an account. Reputable companies will never include a link like that in their emails.

When in doubt, go to the company's website and check the account directly.

2. One way to tell a phishing mail is to hover the mouse over the link and look for a line that appears showing the actual link address. With Outlook Express, it appears on the left side of the bottom bar on the window. If it doesn't agree with the text in the email, it's a fraud. And if it DOES agree, look at the link closely to see if it differs from what one usually sees while on the site.

3. Another sure indicator is that the email text cannot be highlighted, and the mouse cursor changes to the pointing hand. Many phishing emails use a GIF graphic rather than actual text, and clicking anywhere in the email will open the link.

Okay, I did some more research. It is indeed a phishing scam, and is most often received as an HTML e-mail. There are many variants of it, .eh and .ir being only two, and it seems to be most often associated with CitiBank. Since the files themselves are most likely attachments to the e-mail, or embedded within the e-mail itself, it is likely you would not see them on a file search. Unless you responded to the e-mail and provided your bank account or credit card information, you should be okay. Clear the deleted items or trash out of your e-mail program, and this warning should go away.