Shoutbox

Flaw in the new "social" part of live? - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Skype & Live Messenger (/forumdisplay.php?fid=10)
+----- Thread: Flaw in the new "social" part of live? (/showthread.php?tid=95903)

Flaw in the new "social" part of live? by Noodlestein on 11-24-2010 at 07:50 PM

So, after (unfortunately) upgrade windows live to the newest version, I realized there were a bunch of new features, including this... facebook/twitter stuff on it.
After a short while of being open, my anti-virus pops up saying its found something.
After some testing, it ONLY happens when live is running

"Object: pid=Messenger_IMSCB2_234x60_MMM[1].htm
Detection: HTML/Infected.WebPage.Gen"

I was skeptical at first, thinking it might be a false positive but after sending the file to "Avira" they have confirmed that it is in fact Malware.

"We received the following archive files:
File ID      Filename     Size (Byte)     Result
25956855      4944058e.qua     7.2 KB     OK

A listing of files contained inside archives alongside their results can be found below:
File ID      Filename     Size (Byte)     Result
25956856      4944058e.vir      6.71 KB      MALWARE


Please find a detailed report concerning each individual sample below:
Filename     Result
4944058e.vir      MALWARE

The file '4944058e.vir' has been determined to be 'MALWARE'. Our analysts named the threat HEUR/HTML.Malware. This file is detected by a special detection routine from the engine module. "


Now, I can only assume that this is from something that someone might have posted on that stupid wall I never use, but I'd like to know if this is already a known issue or not.


RE: Flaw in the new "social" part of live? by Chris4 on 11-24-2010 at 10:35 PM

I highly doubt it's a file from Windows Live Messenger.

Does your anti-virus tell you the location that this file was found?

It could be an infected Messenger add-on which only got detected after the WLM 2011 install.

Your thread on Avrira Support Forum will be of more help, as it's a specific antivirus-related problem.

Get a better anti-virus would be my suggestion. (Y)


RE: Flaw in the new "social" part of live? by Noodlestein on 11-25-2010 at 12:43 AM

I find my anti-virus works just fine.

Though you might be right with the addon part, I did use a winamp addon so it would display songs from said program, never had anything pop up before.

and I can only assume it is found in temp files considering its a "webpage" file.

I'll try essentials, didn't like it in the past but I'll see if that will detect it at all when it comes back up.


RE: Flaw in the new "social" part of live? by Spunky on 11-25-2010 at 10:03 AM

quote:
Originally posted by Noodlestein
I was skeptical at first, thinking it might be a false positive but after sending the file to "Avira" they have confirmed that it is in fact Malware

To the best of their knowledge. HEUR/HTML.Malware means that the detection is a best guess, because they can't file it under anything specific. For all you know it's a bit of harmless javascript Avira doesn't like the look of. It's the first AV detection we've heard of, let alone first with that AV client. Until there are more complaints/questions from users with different AV clients, you'll have to assume it's something else on your PC, whether or not it's specific to only when WLM2011 is installed.
RE: Flaw in the new "social" part of live? by Menthix on 11-25-2010 at 12:49 PM

quote:
Originally posted by Noodlestein
"Object: pid=Messenger_IMSCB2_234x60_MMM[1].htm
Detection: HTML/Infected.WebPage.Gen"
quote:
Originally posted by Chris4
I highly doubt it's a file from Windows Live Messenger.
It sounds like one of the ads in Messenger (234x60 is a common banner size). It wouldn't be the first time a malicious banner gets into Messenger's ad network.

It could be a false positive, but hard to say without more information. If it happens again, see if there is an option to quarantine it or some other way to save the supposed infected file.
RE: RE: Flaw in the new "social" part of live? by blogginginc on 11-26-2010 at 01:09 PM

quote:
Originally posted by Noodlestein
I find my anti-virus works just fine.

Though you might be right with the addon part, I did use a winamp addon so it would display songs from said program, never had anything pop up before.

and I can only assume it is found in temp files considering its a "webpage" file.

I'll try essentials, didn't like it in the past but I'll see if that will detect it at all when it comes back up.

Sorry to briefly change the subject, but what addon are you using exactly for winamp (also to show song info)?.
RE: Flaw in the new "social" part of live? by Noodlestein on 11-26-2010 at 11:45 PM

quote:
Originally posted by Menthix
quote:
Originally posted by Noodlestein
"Object: pid=Messenger_IMSCB2_234x60_MMM[1].htm
Detection: HTML/Infected.WebPage.Gen"
quote:
Originally posted by Chris4
I highly doubt it's a file from Windows Live Messenger.
It sounds like one of the ads in Messenger (234x60 is a common banner size). It wouldn't be the first time a malicious banner gets into Messenger's ad network.

It could be a false positive, but hard to say without more information. If it happens again, see if there is an option to quarantine it or some other way to save the supposed infected file.

It happens probably once an hour, and it quarentens the file, I have probably 20 or so now, I've sent one in the Avira, it wasn't called HUER/HTML before I had sent mine in and then they named it that.
On my thread on their forum I've PM'd some guy to have him recheck it because it does seem rather odd.

@Blogg
I honestly don't remember, it was so long ago when I got it and I dont recall how to find out what addons are installed.


quote:
Originally posted by Spunky
quote:
Originally posted by Noodlestein
I was skeptical at first, thinking it might be a false positive but after sending the file to "Avira" they have confirmed that it is in fact Malware

To the best of their knowledge. HEUR/HTML.Malware means that the detection is a best guess, because they can't file it under anything specific. For all you know it's a bit of harmless javascript Avira doesn't like the look of. It's the first AV detection we've heard of, let alone first with that AV client. Until there are more complaints/questions from users with different AV clients, you'll have to assume it's something else on your PC, whether or not it's specific to only when WLM2011 is installed.

Makes sense, I guess I'll just bear with it, or turn Avira off while I have MSN going so I dont have to deal with the warning.
I haven't encountered any adverse effects from it yet (Though Avira is quick to pick up on it when it pops back up).. Could let it hang around a bit and see if it does anything else. -shrug-
RE: Flaw in the new "social" part of live? by andyo on 12-02-2010 at 10:38 PM

why not just send the offending file to virustotal.com?


RE: Flaw in the new "social" part of live? by CookieRevised on 01-04-2011 at 07:24 AM

quote:
Originally posted by andyo
why not just send the offending file to virustotal.com?
no need
The was categorized as a false positive.

See
http://forum.avira.com/wbb/index.php?page=Thread&threadID=122726