What I did mean by the icon file, is not that it's sending you just a plain icon, or that there is anything in the icon file that in itself has any impact. It is possible to setup the server to send something else next to the icon file. Which you won't pick up plainly in downloading the file.
I suggest going to dos prompt and loading up Telnet against the server and port number, and I think typing GET (...file name with directory structure). I think that is the one, I have an ebook which lists in great detail HTTP connections and using other methods other then a browser to obtain the header information that goes back and forth which isn't visible in the HTML. There is even a proxy style program you can place inbetween to grab the header before it's sent and alter it. There are many types of vulnerabilities that reside in the HTTP headers.
This is no voodoo magic my friend. "send something else next to the icon file"...."the header information that goes back and forth which isn't visible in the HTML". I mean, obviously you are referring to 2 things which must be named. 1- Content of headers 2- Packet headers. These are 2 different things.
You are implying specially crafted packet and headers, with buffer oveflows and privilege elevation, etc, but this has nothing to do with VBS.Jscript.worm - AVAST will not react to only the header of my code and will react to my code LOCALLY - it also needs the window.open part, which proves we are not talking only about stuff parsed in the html head - , nor does it actually react right away to the chat room code, it'll take some minute or so. In any case your point is moot since AVAST traps my code LOCALLY as containing a virus....I paste the code I put in my first post in notepad and scan the file with the shell extension... so there's no header stuff or anything. It is important to read the facts before speculating - were this a test you would have failed miserably. This is a lesson - read the facts. You can cut your network cable, paste my code to notepad then scan the file, it'll be trapped by big-mouthed AVAST... and he will bark VBS.Jscript.worm...!!!! Must be some hidden matrix signal in the tcp/ip ... in between 2 layers!!! Go Neo!
"loading up Telnet against the server " Man, this is right out of a comic book...
you're an extra for the Hackers movie or what?
do you think I can "telnet" that commercial server? This is not Mission Impossible. GET a brain. lollllll This is so good! Yes I can read the packet content and headers using tools like etherpeek etc. so what? You want me to parse that garbage and look for what... your naked picture? I don't have to prove that there is no virus here; rather, once I think I have a well documented false positive, a support staff minimally concerned about their product and willing to respond to good questions instead of hiding behind newbies questions should confirm if this is a virus or not. Here, no one has confirmed anything nor dares anything, as if I were talking about area 51. Lame this is. We must always remember there is always an explanantion in IT, and I don't like that concept of technogical speculation babble rambling... with half-baked junk. It is obvious ppl here behave like they know but they're just clueless, most of the time well intentioned though... In my firm you could work xeroxing documents and things like that, bringing me nice coffees, and that would help
Using you guys in my IT department and I would be bankrupt by now!
I can only stress again that it is not by forwarding this idea that it is "cool" because your AV traps more false-positives than others that we help users. Are you wearing AVAST pins or caps, or bling? You guys think you're part of this cool bunch of virus super-heroes with their smart AV that "sees more things" than other AV... like daredevil....or is it the Million dollar Man Steve Austin?? nah, you're just suffering from a case of bad coding and ignorant fellow users and silent support staff who tell me: "Wait for a new def update", and it's been like 10 wtf.... wake up ppl. Your AV traps my harmless garbage script. I'm trying your software and helping along the way, and I deserve a nice little post.. don't you think?
Avast should correct this false positive or demonstrate that my code is harmful. Attemps at techno-babble will fail with me, as I am not easily impressed, and I am a professional, for one. It is doubtful any of you would pass an entry CCNA exam or C++ or even MS TCP/IP... or a college sat for that matter! There are many nice books readily available. College education is possible. It is possible to not say dumb things even without a degree. If you collect MS's little hologram cards, at some point you can call yourself an "engineer" lolllllll With reserved speech, limiting oneself to his own limited knowledge and not trying to impress ppl with techno-babble, we can discuss and come up with some answers. Weak reasonning, panic, secret agent cult AV club mentality is for dummies.
It is amazing in some week or so no one in the support team can write anything interesting... I mean, if I'd work there I'd find that fun, investigating a well documented issue. But no, I get the general verbiage and speculation from "power" users. When will someone with minimal knowledge of html/javascript take a look at this and stop speculating? Ppl are ready to tell me that the matrix is for real instead of just agreing with me that there is no virus in my code, simply because they like Avast - I mean, come on - avast is not perfect and I get the "you should parse the packets during html communication to capture the bit that triggered avast" and jokes like that. Children, leave the matter to grown-ups. When will I get someone's attention?
But thanks anyway for the half-baked effort
Better than support staff! I found it pretty imaginative.... I'd try maybe Newline or Paramount... good luck!
Trial_User until more and more soon uninstallation