The Mudcat Café TM
Thread #73767   Message #2508671
Posted By: JohnInKansas
05-Dec-08 - 11:20 AM
Thread Name: Popular sheet music archive
Subject: RE: Popular sheet music archive
Bonnie -

Per your PM, I've looked at the site and get no warnings from my Norton Internet Security. From the indications seen, I don't see a reason to be concerned about visiting there.

The site has blocked viewing of page code, so it's not possible to look at whether the file Jim reported is called in the code somewhere. (Any right-click on the page just pops up a copyright notice.)

A check of my Temporary Internet Files1 folder doesn't show anything resembling the file cited.

Four of six times that I opened the page, IE reported "Done but with errors." This might indicate that the page code is "not quite finished" or that the server is experiencing some difficulty. In all cases, a "refresh" got a normal "Done."

The site has been fairly well known, and has been reliable. It's possible that the "page under construction" is a euphemism for "we got hit and we're cleaning it up" but I see no threat when I look at the front door. I didn't try any of the links, since they told me I can't go there without registering; but they all show apparently "good names" with none that resemble the cited file.

One of the difficulties faced by those who write the goodies for AV is determining what "signatures" to check that will reliably detect all real cases of a particular malware but will not give too many false warnings. This seems to be a rather rare happening, but does occasionally get mentioned.

There is the possibility that a signature was used by AVG that gives a false postive here, and that a fresh update of the AVG program signature file might get a more accurate detector that doesn't report an infection from something that only "looks a little bit like" some real threat. Corrections of this kind are generally not considered critical, so sometimes such a correction will wait until a scheduled update, but you usually can get it sooner by manually updating.

I think I heard that AVG has a fairly recent "newer version" of their (free?) program, and if the older one is still in place it may not be getting updates(?).

As several people, with multiple AV programs/versons report a "clean" page, the suggestion would be that Jim make sure his machine has the latest detection updates and visit the site again to see if the warning still appears - but if he's reluctant to go back I wouldn't press him to do so.

As noted by Bonnie, there are crud forms that claim to be AV programs but are actually scams to scare people into buying useless (and often harmful) "programs." A problem here is that the malware discussed in the thread she mentioned actually uses the same name as one of AVG's programs. (The malware name is an "included part" of the name of at least one AVG version. Several other AV providers use very similar, if not identical names.) In order for this to be a factor, some such malware probably would have to be on Jim's computer. That's probably not likely, since we know he's a generally competent user; but it's a possibility that he might look at if he's concerned. An unexpected request, while browsing, that "something needs updated" - especially if fairly recent - would be a possible warning sign that something might have crept in, or tried to.

Several of the "geek sites" do report a fair number of "false positives" claiming this or similar "viruses." It's worth noting that the AV in use in nearly all these cases was AVG. This is somewhat puzzling, as AVG still gets fairly good reports in comparison tests I've seen recently, and does have a "good reputation." It could just be that most of the people asking them for help happen to use AVG. (And not all the geek reports were completely convincing in their analyses, although all seemed to have cleared up the problems.)

1 For anyone interested and not familiar with how to get to them, the simplest way to access Temporary Internet Files in IE is at Tools | Internet Options, on the General Tab, there should be a section called "Browsing History" with "Delete" and "Settings" buttons. Click "Settings," and then "View Files" and they're all right there.