Previous Thread
Next Thread
Print Thread
Hop To
Threats Detected! #250261 09/13/2012 9:33 PM
Joined: Jun 2006
Posts: 287
FordDoctor Offline OP
enthusiast
OP Offline
enthusiast
Joined: Jun 2006
Posts: 287
So I am surfing around the net minding my own business when my Norton Anti-virus software puts a red warning up in my face stating "Risks in compressed file "dts-forums-08-26-2012.zip" have been detected. The compressed file and all contents, including uninfected files will be deleted"

Risk: High.

Threat type: Heuristic Virus. Detection of threat based on malware heuristics.


Clicking on the Norton File Incite link shows the following compressed threats:
Quote:
Full Path: c:\users\me\documents\backups\ford doctors dts\ubb forums\dts-forums-08-26-2012.zip
Threat: Compressed threats
____________________________
____________________________
On computers as of Not Available
Last Used 9/13/2012 at 8:23:28 PM
Startup Item No
Launched No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
____________________________

____________________________
File Actions
resetsettings.exe
[Contained in] tweak-nt.exe
[Contained in] c:\users\me\documents\backups\ford doctors dts\ubb forums\dts-forums-08-26-2012.zip
No fix attempted
dtsystemmonitor.ocx
[Contained in] tweak-nt.exe
[Contained in] c:\users\me\documents\backups\ford doctors dts\ubb forums\dts-forums-08-26-2012.zip
No fix attempted
resetsettings.exe
[Contained in] 20-tweak-nt.zl9
[Contained in] c:\users\me\documents\backups\ford doctors dts\ubb forums\dts-forums-08-26-2012.zip
No fix attempted
dtsystemmonitor.ocx
[Contained in] 20-tweak-nt.zl9
[Contained in] c:\users\me\documents\backups\ford doctors dts\ubb forums\dts-forums-08-26-2012.zip
No fix attempted
____________________________
File Thumbprint - SHA:
Not Available
____________________________
File Thumbprint - MD5:
Not Available
____________________________


This zip file is my server backup file of my entire froums directory from last month. Norton has quarantined this file and recommends removing it. After reading about Heuristics I am not sure if this is actually a problem due to the number of false positives this type of threat detection puts up. On the other hand, have I stumbled onto something here? I dont know if these are normal ubb files. My forums have been running perfectly so...

Need advice!!!


Ford diesel master technician by day...
Webmaster by night! cool
FordDoctorsDTS.com running UBB Threads 7.5.4.2p2
Re: Threats Detected! [Re: FordDoctor] #250264 09/14/2012 11:06 AM
Joined: Jun 2006
Posts: 81
Mike L Offline
member
Offline
member
Joined: Jun 2006
Posts: 81
I'd start by running another scanner on those files to see if you get a verification of a threat.

Microsquish has a nice lightweight scanner...

http://www.microsoft.com/security/scanner/en-us/

For myself, I run Microsoft Security Essentials as my main first line of defense.

Re: Threats Detected! [Re: FordDoctor] #250265 09/14/2012 12:21 PM
Joined: Jun 2006
Posts: 15,852
Gizmo Offline
UBB.threads Developer
Offline
UBB.threads Developer
Joined: Jun 2006
Posts: 15,852
Well, it looks like it found these files that it's listing as threats:
resetsettings.exe
[Contained in] tweak-nt.exe
dtsystemmonitor.ocx
[Contained in] tweak-nt.exe
resetsettings.exe
[Contained in] 20-tweak-nt.zl9
dtsystemmonitor.ocx
[Contained in] 20-tweak-nt.zl9

None of these are files that come with the UBB; you should police your webspace to see if they exist.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Need to Upgrade?
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: Threats Detected! [Re: Mike L] #250267 09/14/2012 6:22 PM
Joined: Jun 2006
Posts: 287
FordDoctor Offline OP
enthusiast
OP Offline
enthusiast
Joined: Jun 2006
Posts: 287
Originally Posted by Mike L
I'd start by running another scanner on those files to see if you get a verification of a threat.

Microsquish has a nice lightweight scanner...

http://www.microsoft.com/security/scanner/en-us/

For myself, I run Microsoft Security Essentials as my main first line of defense.



Thank you, I ran it an all came up clean.


Ford diesel master technician by day...
Webmaster by night! cool
FordDoctorsDTS.com running UBB Threads 7.5.4.2p2
Re: Threats Detected! [Re: Gizmo] #250268 09/14/2012 6:26 PM
Joined: Jun 2006
Posts: 287
FordDoctor Offline OP
enthusiast
OP Offline
enthusiast
Joined: Jun 2006
Posts: 287
Originally Posted by Gizmo
Well, it looks like it found these files that it's listing as threats:
resetsettings.exe
[Contained in] tweak-nt.exe
dtsystemmonitor.ocx
[Contained in] tweak-nt.exe
resetsettings.exe
[Contained in] 20-tweak-nt.zl9
dtsystemmonitor.ocx
[Contained in] 20-tweak-nt.zl9

None of these are files that come with the UBB; you should police your webspace to see if they exist.


I looked into all of the forum directories on my server and came up empty. I also scanned the zip file on my local hard drive and no problems were detected. Googling the file names and file extensions that were listed by Norton did not reveal anything malicious... I think.

It is possible that this warning is a false positive as I read it could be... but I cant locate the files and I don't think they are stock UBB files - this is what bothers me.


I am going to re search my server when I am fresher and more awake... in trhe mean time I am moving my backup files to removable media and eliminate this warning.


Ford diesel master technician by day...
Webmaster by night! cool
FordDoctorsDTS.com running UBB Threads 7.5.4.2p2

Forum Search
ShoutChat Box
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Mobile app?
by Baldeagle - 12/06/2019 9:32 PM
How do you change Text Line spacing?
by jorb - 11/23/2019 12:14 AM
What happened to FAQ or Forum Help
by Ruben - 11/20/2019 11:58 AM
Search feature encountering an Error message
by jorb - 11/20/2019 12:06 AM
Followed List v7.7.2 Question
by Ruben - 11/12/2019 12:22 PM
Who's Online Now
0 registered members (), 58 guests, and 422 spiders.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Amusing Terain Scenics
Amusing Terain Scenics
by isaac, August 19
Sky places
Sky places
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Snapshot build 20191023)