Author Topic: VBS:Malware [Script] (Read 4107 times)

ngo · « **on:** February 23, 2005, 09:35:13 PM »

hi

i have both a small homepage website , and on the other side avast 4,5 home edition

by setting the standart shield sensitivity to "high" and acceding my personal homepage forum
i get the following virus alert ?

re: VBS:Malware [Script]

"C:\Documents and Settings\rb\Local Settings\Temporary Internet Files\Content.IE5\F7DNZDSS\index[2].php"

by setting the sensitivity to "normal" , there is no problem

is there anything wrong wrong with
either the forum php files
or with the webspace-owner's scripts ?

forum located at //membres.lycos.fr/clise/CF/
would be great if someone could assist me ?
thanks

DavidR · « **Reply #1 on:** February 23, 2005, 10:46:13 PM »

Clear your browser cache, ensure that you have the latest version of avast 4.6.603.

Which setting are you setting to normal?

If there a likely to be a problem with a link you shouldn't make it clickable to avoid accidental infection such as membres.lycos.fr/clise/CF/, if you can edit your post.

There is obviously something objectionable on the link. If it is a forum, someone could have made a post containing some VBS script.

If the alarm went off immediately you tried to enter the site the chances are good that avast stopped it from being downloaded.

If you have winXP (or NT based OS), you can schedule a boot-time scan from within avast.

ngo · « **Reply #2 on:** February 24, 2005, 08:49:38 PM »

hi DavidR

thanks
i have upgraded to avast release 4.6.603

when webshield is activated , i get the following "alert" -> see attached picture
so i am unable to access this page

so what i did is :
i deactivated the webshield
i accessed the page one more time and i saved the source file on my computer

when i do scan this file , i receive a similar alert to the first

if required, i could post the source file on this forum , in *.txt format

thanks again

DavidR · « **Reply #3 on:** February 24, 2005, 09:03:17 PM »

No don't post it here, the likelihood is that it could trigger the same virus warning here.

If you can zip and password protect ('virus', will do) the suspect source file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also attach the image you have posted here. You could also include a link to this thread.

ngo · « **Reply #4 on:** February 25, 2005, 10:15:29 PM »

ok thanks, will do so

i did split the source file in 2 parts ,

and

in fact, the virus seems to be a script added by lycos,
lycos if offering free hosting, but they want to have their stats and popups (popunders, google bars, aso... ) on the homepages located on their server. this part of the source file is "detected" and "considered" as a virus!!

i have contacted lycos and reported the pb to them . let's see if they do react, ... and what their reaction is

in the meantime i will onforward the infected part to the mail recipient mentionned in the support tab of this site (the email adress seems to be slighty different from the one u gave to me )

thanks for assisting
have a nice w.e.
rgds

Eddy · « **Reply #5 on:** February 25, 2005, 10:18:23 PM »

It looks like the problem already is solved

Author Topic: VBS:Malware [Script] (Read 4107 times)

ngo

VBS:Malware [Script]

DavidR

Re: VBS:Malware [Script]

ngo

Re: VBS:Malware [Script]

DavidR

Re: VBS:Malware [Script]

ngo

Re: VBS:Malware [Script]

Eddy

Re: VBS:Malware [Script]