NortonAntivirus detects a virus when I get to the reply page

eepiccolo

Hey there,

I was trying to reply to the following topic: http://www.ddrfreak.com/phpBB2/viewtopic.php?t=100082
After I click on the reply to topic button/link, and get to the page where you write your reply, my Norton Antivirus detects and quarantines a virus that shows up in a file in the browser cache. This happens using both IE and Firefox. The virus is Bloodhound.Exploit.6. Anybody have any idea what's going on?

Cutriss · Staff Member Joined: 24 Jan 2002

Bloodhound.Exploit.6

It's an indirect IE exploit by virtue of the fact that the Windows Help system uses IE to render CHM files. This has been known about for some time.

In short, you need to patch your computer. Go to WindowsUpdate more often.
_________________

Sentient Mode is capable...

eepiccolo · Posted: Fri Jan 28, 2005 10:47 am Post subject:

Oh trust me, my computer stays patched regulary. AFAIK, patching doesn't keep the virus from getting on your computer anyway, it just keeps the virus from doing any damage. But correct me if I'm wrong.

I'm just wondering how the virus got on your page in the first place. Looking at it a little closer, the virus appears to be inside the cache of the webpage itself. The filename was posting[1].php.

Cutriss · Staff Member Joined: 24 Jan 2002

Bzzt.

Depending on the attack vector of the virus, patching usually prevents you from ever receiving it.

Think of it this way - Your virus detection software just tells you when someone's in your house. That person got in your house because there's a problem with the locks on your door. Fixing the locks would prevent the person from ever getting in.

And yeah, blame the adhost. Again.
_________________

Sentient Mode is capable...

eepiccolo · Posted: Fri Jan 28, 2005 11:11 am Post subject:

Hey, I don't know who to blame (though it's not the adhosts, since it's not random). I though of blaming someone's signature, but those don't show up on the reply screen. So I don't know exactly what's going on.

All I know is Windows Update reports no availble patches, and it happens with Firefox too anyway. It just seemed to me that you all would want to know if there was a virus Imbedded in one of your web pages, which you haven't convinced me that there isn't.

Cutriss · Staff Member Joined: 24 Jan 2002

Click on the page I linked above, and then click the link to the Microsoft advisory for the vulnerability. There's a patch tool there - manually run it and see if it happens again.

And yeah, it's the adhost - they may rotate ads, but one of the ads in the rotator is apparently throwing this in there. >.> It's not the first time it's happened.
_________________

Sentient Mode is capable...

eepiccolo · Posted: Fri Jan 28, 2005 11:49 am Post subject:

Cutriss · Staff Member Joined: 24 Jan 2002

eepiccolo · Posted: Fri Jan 28, 2005 12:32 pm Post subject:

Cutriss · Staff Member Joined: 24 Jan 2002

OE 5.01 comes on Win2K by default. The executeable name is MSIMN.EXE.

Microsoft did release a "Remove program defaults" thingy back a few years to appease the DOJ, but all it did was to remove shortcuts to IE/OE, and it doesn't actually remove the apps. If you don't have OE, then you've likely extracted it by hand.
_________________

Sentient Mode is capable...

eepiccolo · Posted: Fri Jan 28, 2005 6:51 pm Post subject:

Yeah, that executable is what I searched for, and didn't find.

So on my XP computer, it looked like OE6sp1 was installed, so I tried that patch. It said OE6sp1 wasn't installed. So I tried the other patches. Same problem. So either I'm really unlucky, or there's a problem with the patches.

Oh, and the virus get through on my XP machine too. I'd be curious if there is anyone who has an updated Norton installed who doesn't get a virus detected.

Well, I think I've spent anough time on this problem. Unless there are any other suggestions, I'm going to go play some DDR