-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
So I go to download IE7 ...
- Thread starter Markbnj
- Start date
Can't say I've heard of it. How many viruses come out each year though?
I think the story is probably a bit more complicated than: "MS gave me a virus." 😛
I'm not really following what is meant by "revealing which part of the IE download site was causing the problem." The only thing I see in thtat screenshot is a 404 in the banner ad on the left. That banner ad is a .jpg file from msn.com, that gets pulled down via rad.microsoft.com/ADSAdClient32.dll. The adclient is not a virus nor is the .jpg obviously.
Given that this VBS.Zulu Virus/Worm is detected by many AV vendors if there was a problem you would see rampant alerts all over the internet as IE7 was downloaded. I guess my conclussion is that the MS site is most likely fine and something is happening locally. That may or may not be a scary thing!
I think the story is probably a bit more complicated than: "MS gave me a virus." 😛
I'm not really following what is meant by "revealing which part of the IE download site was causing the problem." The only thing I see in thtat screenshot is a 404 in the banner ad on the left. That banner ad is a .jpg file from msn.com, that gets pulled down via rad.microsoft.com/ADSAdClient32.dll. The adclient is not a virus nor is the .jpg obviously.
Given that this VBS.Zulu Virus/Worm is detected by many AV vendors if there was a problem you would see rampant alerts all over the internet as IE7 was downloaded. I guess my conclussion is that the MS site is most likely fine and something is happening locally. That may or may not be a scary thing!
Well, I'm not really thinking "MS gave me a virus." I'm thinking it's a bogus alert, but since Avast is pretty popular it's still funny. The problem is not local to my system. Avast is not complaining about other sites. As for "revealing which part of the site" caused the problem, I simply mean that the area of the site where you see the 404 is the connection that Avast blocked.
Exactly. Unfortunate slogan placement. 🙂
Exactly. Unfortunate slogan placement. 🙂
The fact others aren't seeing it is a bit spooky (for you).
Netmon/Ethereal trace it. You should see a GET request followed by a 200 OK & Continuation packets. Verify you truly are seeing that ADSAdClient32.dll come by in the source, then verify you see a GET request and response to the rad.microsoft.com site after that.
Hopefully it's just some quirk or minor glitch in the AV defs or something. 🙁 Quirk or not, I wouldn't completely ignore it.
Netmon/Ethereal trace it. You should see a GET request followed by a 200 OK & Continuation packets. Verify you truly are seeing that ADSAdClient32.dll come by in the source, then verify you see a GET request and response to the rad.microsoft.com site after that.
Hopefully it's just some quirk or minor glitch in the AV defs or something. 🙁 Quirk or not, I wouldn't completely ignore it.
Bob Anderson
Member
Yes, Avast 4.7 told me the same thing. It is a false positive, of course.
-Bob
-Bob
I don't know whether others are seeing it, or not. The DLL looks to be their ad rotation engine. My copy of Avast updated it's database two or three days ago, so maybe something came over with that and is getting triggered. Could also be that the ad rotator is returning something that is confusing the av. I just tried again, and got the warning again. Whatever it is, it's between Microsoft and Avast as far as I can see.
Here is the content the rotator is sending back that is triggering Avast:
HTTP/1.1 200 OK
Date: Thu, 19 Oct 2006 17:08:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="CAO DSP COR CUR CONo ADMa DEVa TAIa TELo PSAa PSDa OUR SAMi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE" policyref="http://privacy.msn.com/w3c/p3p.xml"
Content-Type: text/html; Charset=utf-8
Content-Length: 513
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
<script type="text/javascript">
//<![CDATA[
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 120, 240);}
document.write('<a href="http://g.msn.com/0AD0000T/624920.1??PID...1066521&AN=553650452&PG=CMSIE3" target="_blank"><img******="http://ads1.msn.com/ads/1/0000000001_000000000000000084701.jpg" width="120" height="240" alt="Find ideas and help from people like you" border="0" /></a>');
document.close();
//]]>
</script>
Edit: I agree with Bob that it's a false positive. Just humorous is all.
Here is the content the rotator is sending back that is triggering Avast:
HTTP/1.1 200 OK
Date: Thu, 19 Oct 2006 17:08:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="CAO DSP COR CUR CONo ADMa DEVa TAIa TELo PSAa PSDa OUR SAMi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE" policyref="http://privacy.msn.com/w3c/p3p.xml"
Content-Type: text/html; Charset=utf-8
Content-Length: 513
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
<script type="text/javascript">
//<![CDATA[
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 120, 240);}
document.write('<a href="http://g.msn.com/0AD0000T/624920.1??PID...1066521&AN=553650452&PG=CMSIE3" target="_blank"><img******="http://ads1.msn.com/ads/1/0000000001_000000000000000084701.jpg" width="120" height="240" alt="Find ideas and help from people like you" border="0" /></a>');
document.close();
//]]>
</script>
Edit: I agree with Bob that it's a false positive. Just humorous is all.
Lemon law
Lifer
Possible new piece of information.
Because I use avast also and had zero problem downloading and installing the ie7 update last night---no virus warning---no klaxon siren.--I was puzzled by this post.
But I have some avast automatic update problems on my computer---which is a client computer on a network---and I have to manually update--which works just fine.
Last update of avast I did was like Tuesday the 17'th---and at the keyboard of another computer running avast with automatic updates working--I noted an avast automatic update
at around 8:00AM this morning.---while I had installed ie7 on my computer---I had not on that computer---so I used a zip drive to transfer the file over from my computer--to that computer--and installed a copy of ie7 on that with no avast warnings.---and I also took the time to manually update avast on my computer.
Then I read Markbnj's post---reaction one was to test his slash dot link---and as soon as I landed on the page---I got the same avast alert--with Klaxon horn.
Next I went to the site I downloaded ie7 from last night---and got the same---avast alert and Klaxon horn.
So the avast files triggering this are very recent updates---not more than a few days old---I imagine they will tumble to this false positive---and am running the avast scanner now to see if this supposed virus actually is detected on my system.---will post back when the scan finishes
Because I use avast also and had zero problem downloading and installing the ie7 update last night---no virus warning---no klaxon siren.--I was puzzled by this post.
But I have some avast automatic update problems on my computer---which is a client computer on a network---and I have to manually update--which works just fine.
Last update of avast I did was like Tuesday the 17'th---and at the keyboard of another computer running avast with automatic updates working--I noted an avast automatic update
at around 8:00AM this morning.---while I had installed ie7 on my computer---I had not on that computer---so I used a zip drive to transfer the file over from my computer--to that computer--and installed a copy of ie7 on that with no avast warnings.---and I also took the time to manually update avast on my computer.
Then I read Markbnj's post---reaction one was to test his slash dot link---and as soon as I landed on the page---I got the same avast alert--with Klaxon horn.
Next I went to the site I downloaded ie7 from last night---and got the same---avast alert and Klaxon horn.
So the avast files triggering this are very recent updates---not more than a few days old---I imagine they will tumble to this false positive---and am running the avast scanner now to see if this supposed virus actually is detected on my system.---will post back when the scan finishes
I think you're dead on, Lemon. I got an update on the morning of the 17th, I believe, and suspect that is the one that contains a def that triggers this. I don't suspect any actual virus, and since I aborted the connection all three times I tested it I haven't run a scan, but maybe I should for safety's sake. I have a pretty much squeaky clean system. If you look at the content I posted above, it is just a link to an image ad on msn. However it is a script-driven link, and anything that dumps javascript into the page has one strike against it in my book.
A bunch of people over at dslreports discussing the link, with a number of reports of alerts from Avast! on the same ad content:
http://www.dslreports.com/forum/remark,17120147~days=9999
http://www.dslreports.com/forum/remark,17120147~days=9999
ForumMaster
Diamond Member
i guess it's trying to give you a fair warning, no?
Yeah. I'm sure there were some not-too-delighted guys in the IE7 team too. Especially since this was supposed to be "sit back and watch everyone enjoy your new toy day".
Thanks for posting about the problem, providing the details, and following up. There may have been someone else working on this in parallel, but from what I can tell in the emails flying by your post may have driven this to get fixed!
😀
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
-
-
