Previous Thread
Next Thread
Print Thread
Hop To
#250261 09/13/2012 10:33 PM
Joined: Jun 2006
Posts: 287
enthusiast
enthusiast
Joined: Jun 2006
Posts: 287
So I am surfing around the net minding my own business when my Norton Anti-virus software puts a red warning up in my face stating "Risks in compressed file "dts-forums-08-26-2012.zip" have been detected. The compressed file and all contents, including uninfected files will be deleted"

Risk: High.

Threat type: Heuristic Virus. Detection of threat based on malware heuristics.


Clicking on the Norton File Incite link shows the following compressed threats:
Quote
Full Path: c:\users\me\documents\backups\ford doctors dts\ubb forums\dts-forums-08-26-2012.zip
Threat: Compressed threats
____________________________
____________________________
On computers as of Not Available
Last Used 9/13/2012 at 8:23:28 PM
Startup Item No
Launched No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
____________________________

____________________________
File Actions
resetsettings.exe
[Contained in] tweak-nt.exe
[Contained in] c:\users\me\documents\backups\ford doctors dts\ubb forums\dts-forums-08-26-2012.zip
No fix attempted
dtsystemmonitor.ocx
[Contained in] tweak-nt.exe
[Contained in] c:\users\me\documents\backups\ford doctors dts\ubb forums\dts-forums-08-26-2012.zip
No fix attempted
resetsettings.exe
[Contained in] 20-tweak-nt.zl9
[Contained in] c:\users\me\documents\backups\ford doctors dts\ubb forums\dts-forums-08-26-2012.zip
No fix attempted
dtsystemmonitor.ocx
[Contained in] 20-tweak-nt.zl9
[Contained in] c:\users\me\documents\backups\ford doctors dts\ubb forums\dts-forums-08-26-2012.zip
No fix attempted
____________________________
File Thumbprint - SHA:
Not Available
____________________________
File Thumbprint - MD5:
Not Available
____________________________


This zip file is my server backup file of my entire froums directory from last month. Norton has quarantined this file and recommends removing it. After reading about Heuristics I am not sure if this is actually a problem due to the number of false positives this type of threat detection puts up. On the other hand, have I stumbled onto something here? I dont know if these are normal ubb files. My forums have been running perfectly so...

Need advice!!!


Ford diesel master technician by day...
Webmaster by night! cool
FordDoctorsDTS.com running UBB Threads 7.5.4.2p2
Joined: Jun 2006
Posts: 81
M
member
member
M Offline
Joined: Jun 2006
Posts: 81
I'd start by running another scanner on those files to see if you get a verification of a threat.

Microsquish has a nice lightweight scanner...

http://www.microsoft.com/security/scanner/en-us/

For myself, I run Microsoft Security Essentials as my main first line of defense.

Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
Well, it looks like it found these files that it's listing as threats:
resetsettings.exe
[Contained in] tweak-nt.exe
dtsystemmonitor.ocx
[Contained in] tweak-nt.exe
resetsettings.exe
[Contained in] 20-tweak-nt.zl9
dtsystemmonitor.ocx
[Contained in] 20-tweak-nt.zl9

None of these are files that come with the UBB; you should police your webspace to see if they exist.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Mike L #250267 09/14/2012 7:22 PM
Joined: Jun 2006
Posts: 287
enthusiast
enthusiast
Joined: Jun 2006
Posts: 287
Originally Posted by Mike L
I'd start by running another scanner on those files to see if you get a verification of a threat.

Microsquish has a nice lightweight scanner...

http://www.microsoft.com/security/scanner/en-us/

For myself, I run Microsoft Security Essentials as my main first line of defense.


Thank you, I ran it an all came up clean.


Ford diesel master technician by day...
Webmaster by night! cool
FordDoctorsDTS.com running UBB Threads 7.5.4.2p2
Gizmo #250268 09/14/2012 7:26 PM
Joined: Jun 2006
Posts: 287
enthusiast
enthusiast
Joined: Jun 2006
Posts: 287
Originally Posted by Gizmo
Well, it looks like it found these files that it's listing as threats:
resetsettings.exe
[Contained in] tweak-nt.exe
dtsystemmonitor.ocx
[Contained in] tweak-nt.exe
resetsettings.exe
[Contained in] 20-tweak-nt.zl9
dtsystemmonitor.ocx
[Contained in] 20-tweak-nt.zl9

None of these are files that come with the UBB; you should police your webspace to see if they exist.

I looked into all of the forum directories on my server and came up empty. I also scanned the zip file on my local hard drive and no problems were detected. Googling the file names and file extensions that were listed by Norton did not reveal anything malicious... I think.

It is possible that this warning is a false positive as I read it could be... but I cant locate the files and I don't think they are stock UBB files - this is what bothers me.


I am going to re search my server when I am fresher and more awake... in trhe mean time I am moving my backup files to removable media and eliminate this warning.


Ford diesel master technician by day...
Webmaster by night! cool
FordDoctorsDTS.com running UBB Threads 7.5.4.2p2

Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
0 members (), 744 guests, and 147 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)