 sj |
||
|
||
Tech: Problem with a Mudcat thread
|
|
|
|||||||
|
Tech: Problem with a Mudcat thread |
Share Thread
|
||||||
|
Subject: Tech: Problem with a Mudcat thread From: GUEST,leeneia Date: 10 Jan 07 - 11:30 PM Two times today I have tried to open the thread here called Lyr Req Lish Young Buy a Broom. I see the list of posts for a moment, then the page that says "The page can not be opened" appears. Then Norton Anti Virus posts a notice that it has blocked a worm called BD Blade Runner 0.8 Is there a worm or virus imbedded in that thread somehow? |
|
Subject: RE: Tech: Problem with a Mudcat thread From: JennyO Date: 10 Jan 07 - 11:36 PM Strange, leeneia, I just tried it and it opened fine for me. Do you only get the virus warning on THAT thread? |
|
Subject: RE: Tech: Problem with a Mudcat thread From: George Seto - af221@chebucto.ns.ca Date: 10 Jan 07 - 11:40 PM I was just in there using a Text Browser and didn't notice any problems. |
|
Subject: RE: Tech: Problem with a Mudcat thread From: JohnInKansas Date: 11 Jan 07 - 12:20 AM One more vote for nothing wrong with the thread. It opened normally for me (the whole thread rather than paging it) in IE7, with Norton Internet Security, and Microsoft XP firewall finding nothing wrong. Back Door (BD) Bladerunner is an old trojan that should be blocked by Norton since sometime way back in 2000. with a signature update in 2002. It is possible that it might have gotten on your machine in something that was saved, and wasn't turned loose until the file that contained it was opened. The warning you saw might have indicated that the trojan somewhere on your machine was attempting to open port 5400 to "talk to its master" - i.e. that the suspect action was from the inside of your machine rather than the from the outside via the thread(?). Norton Tech Sheet has some info. If you're confident enough, you can look in Regedit for the key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run If the trojan is on your machine it will have added a value there: System-Tray <path to the server file> The "path to the server file" will tell you where the bad file is located on your machine so that you can go delete the file. The key value should also be deleted from the registry. Norton should be able to do all the "fixing" for you if you run a full system scan with current updates if this trojan is actually there. A warning sometimes will pop up if the infected file was deleted but the registry key value wasn't cleared when the file was deleted, so you may have to do some "interpreting" to clean things up manually. The tech file page (link above) also has a link (on the right) to the online system scan by Norton that you might want to run, since it may be more thorough than the Norton you have installed if yours isn't one of the advanced versions. John |
|
Subject: RE: Tech: Problem with a Mudcat thread From: Joe Offer Date: 11 Jan 07 - 02:04 AM John, is there anything that could be posted in a thread that could be a problem? Jeff has many html commands and scripts blocked, so they can't be posted. Can you think of anything that could be a problem, since the only thing peoplc can post is text? -Joe- |
|
Subject: RE: Tech: Problem with a Mudcat thread From: JohnInKansas Date: 11 Jan 07 - 04:09 AM Joe - Nothing that I can think of that should trigger an AV alarm. We've seen a few funny things like "blank" pages that look like someone has tried to post an "amended stylesheet" fragment, or has attempted to "script" illegal actions; but so far as I've seen they just fail to do anything. Most of the nasty stuff has to include some binary content, so far as I've heard. I'm probably not the expert on what can be done though, since those who operate websites will likely have seen more tricks than I can think of. I'll note that a friend who was bragging about his "MySpace" page led me to take a look there, and they're getting hit really hard by spammers, both posting pages under false idents and hacking existing pages to put up links to porn. There have been reports of other of the "big name" sites being under a lot of pressure. The evildoers are trying really hard. Older AV systems usually relied on catching incoming stuff, and deleting it before it could get launched to install itself. For stuff that was easy to catch and delete, they didn't look for "installed bits" associated with the evil incoming stuff. If something got on a machine, and managed to poke it's control kernel in, deleting the original file - which is all the AV would usually do - usually breaks the worm, but the bit that it installed may still try to open a port, which will trigger a firewall warning, or you may get a "file not found" when the installed bit tries to call up the file that was deleted. I suspect that something like that triggered leenia's warning; although it's tough to say exactly what happened. For the worm she named, there probably will be a registry entry; but she may want to get pro help to look. It's also possible that she got "hit" from outside by someone just scanning the web for machines with ports that could be opened, and by coincidence it happened when she was trying to open that thread. John |
|
Subject: RE: Tech: Problem with a Mudcat thread From: My guru always said Date: 11 Jan 07 - 05:53 AM Maybe if *leeneia* clears her cache it would work for her if something like that had happened? Not a techie so I may be way off-beam, excuse me! |
|
Subject: RE: Tech: Problem with a Mudcat thread From: Matthew Edwards Date: 11 Jan 07 - 09:05 AM Hope its nothing I've linked to in that thread. Could it that be the antivirus programme can't handle Cumbrian dialect? *G* Question "Hes t'ivver seen a cuddy lowp a five-barred yat?" Answer "It mun a been a gey lish cuddy or a gey la'al yat!" (It would be interesting to see what the page translator does with that.) |
|
Subject: RE: Tech: Problem with a Mudcat thread From: Jack Campin Date: 11 Jan 07 - 08:22 PM At a guess: these antivirus programs usually work by matching tiny fragments of code using fast but approximate matching algorithms. It may not be able to to tell the difference between some innocuous string in that thread and a signature fragment from a piece of malicious code. In which case there is nothing to be done except turn off the virus checker or get it fixed. It might be an idea to notify the virus checker company, they won't want their product to suffer from false positives. |
| Share Thread: |