Shoutbox

So, after (unfortunately) upgrade windows live to the newest version, I realized there were a bunch of new features, including this... facebook/twitter stuff on it.
After a short while of being open, my anti-virus pops up saying its found something.
After some testing, it ONLY happens when live is running

"Object: pid=Messenger_IMSCB2_234x60_MMM[1].htm
Detection: HTML/Infected.WebPage.Gen"

I was skeptical at first, thinking it might be a false positive but after sending the file to "Avira" they have confirmed that it is in fact Malware.

"We received the following archive files:
File ID      Filename     Size (Byte)     Result
25956855      4944058e.qua     7.2 KB     OK

A listing of files contained inside archives alongside their results can be found below:
File ID      Filename     Size (Byte)     Result
25956856      4944058e.vir      6.71 KB      MALWARE


Please find a detailed report concerning each individual sample below:
Filename     Result
4944058e.vir      MALWARE

The file '4944058e.vir' has been determined to be 'MALWARE'. Our analysts named the threat HEUR/HTML.Malware. This file is detected by a special detection routine from the engine module. "


Now, I can only assume that this is from something that someone might have posted on that stupid wall I never use, but I'd like to know if this is already a known issue or not.

I highly doubt it's a file from Windows Live Messenger.

Does your anti-virus tell you the location that this file was found?

It could be an infected Messenger add-on which only got detected after the WLM 2011 install.

Your thread on Avrira Support Forum will be of more help, as it's a specific antivirus-related problem.

Get a better anti-virus would be my suggestion.

I find my anti-virus works just fine.

Though you might be right with the addon part, I did use a winamp addon so it would display songs from said program, never had anything pop up before.

and I can only assume it is found in temp files considering its a "webpage" file.

I'll try essentials, didn't like it in the past but I'll see if that will detect it at all when it comes back up.

quote:

---

Originally posted by Noodlestein
I was skeptical at first, thinking it might be a false positive but after sending the file to "Avira" they have confirmed that it is in fact Malware

---

To the best of their knowledge. HEUR/HTML.Malware means that the detection is a best guess, because they can't file it under anything specific. For all you know it's a bit of harmless javascript Avira doesn't like the look of. It's the first AV detection we've heard of, let alone first with that AV client. Until there are more complaints/questions from users with different AV clients, you'll have to assume it's something else on your PC, whether or not it's specific to only when WLM2011 is installed.

quote:

---

Originally posted by Noodlestein
"Object: pid=Messenger_IMSCB2_234x60_MMM[1].htm
Detection: HTML/Infected.WebPage.Gen"

---

quote:

---

Originally posted by Chris4
I highly doubt it's a file from Windows Live Messenger.

---

It sounds like one of the ads in Messenger (234x60 is a common banner size). It wouldn't be the first time a malicious banner gets into Messenger's ad network.

It could be a false positive, but hard to say without more information. If it happens again, see if there is an option to quarantine it or some other way to save the supposed infected file.

quote:

---

Originally posted by Noodlestein
I find my anti-virus works just fine.

Though you might be right with the addon part, I did use a winamp addon so it would display songs from said program, never had anything pop up before.

and I can only assume it is found in temp files considering its a "webpage" file.

I'll try essentials, didn't like it in the past but I'll see if that will detect it at all when it comes back up.

---

Sorry to briefly change the subject, but what addon are you using exactly for winamp (also to show song info)?.

quote:

---

Originally posted by Menthix

quote:

---

Originally posted by Noodlestein
"Object: pid=Messenger_IMSCB2_234x60_MMM[1].htm
Detection: HTML/Infected.WebPage.Gen"

---

quote:

---

Originally posted by Chris4
I highly doubt it's a file from Windows Live Messenger.

---

It sounds like one of the ads in Messenger (234x60 is a common banner size). It wouldn't be the first time a malicious banner gets into Messenger's ad network.

It could be a false positive, but hard to say without more information. If it happens again, see if there is an option to quarantine it or some other way to save the supposed infected file.

---

It happens probably once an hour, and it quarentens the file, I have probably 20 or so now, I've sent one in the Avira, it wasn't called HUER/HTML before I had sent mine in and then they named it that.
On my thread on their forum I've PM'd some guy to have him recheck it because it does seem rather odd.

@Blogg
I honestly don't remember, it was so long ago when I got it and I dont recall how to find out what addons are installed.

quote:

---

Originally posted by Spunky

quote:

---

Originally posted by Noodlestein
I was skeptical at first, thinking it might be a false positive but after sending the file to "Avira" they have confirmed that it is in fact Malware

---

To the best of their knowledge. HEUR/HTML.Malware means that the detection is a best guess, because they can't file it under anything specific. For all you know it's a bit of harmless javascript Avira doesn't like the look of. It's the first AV detection we've heard of, let alone first with that AV client. Until there are more complaints/questions from users with different AV clients, you'll have to assume it's something else on your PC, whether or not it's specific to only when WLM2011 is installed.

---

Makes sense, I guess I'll just bear with it, or turn Avira off while I have MSN going so I dont have to deal with the warning.
I haven't encountered any adverse effects from it yet (Though Avira is quick to pick up on it when it pops back up).. Could let it hang around a bit and see if it does anything else. -shrug-

why not just send the offending file to virustotal.com?

quote:

---

Originally posted by andyo
why not just send the offending file to virustotal.com?

---

no need
The was categorized as a false positive.

See
http://forum.avira.com/wbb/index.php?page=Thread&threadID=122726