Virus Report from Spell Checker

Started by Mr Edd, April 06, 2011, 04:09:30 AM

Previous topic - Next topic

Mr Edd

Sorry not sure where to ask this...

My anti virus software (Kaspersky) on my home computer keeps popping up to tell me there is a Trojan horse virus in the spell checker on the forum.

How serious should I take this please?  Never happened before in over 12 months use, so why should it start now? Is it possible that someone can put a virus on the forum?

I don't use the spell checker on the forum I use the one that comes with Google toolbar so that is another mystery.

Thanks

Edd
I'd be Dyslectic if I could spell ti

Aleksi "Lex" Kilpinen

How did you figure it's the spell checker? I mean, did Kaspersky identify a certain file, and if so which file?
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Mr Edd

Evey time I open a window on the forum Kaspersky pops up with the follow path...

forumname/forum/themes/default/scripts/spellcheck.js


Only started doing it this morning.  Even now as I opened this window to view your response it does it with the same path.

Thanks for your reply.

Edd
I'd be Dyslectic if I could spell ti

Aleksi "Lex" Kilpinen

So, it does the same on both your own forum AND this site?

I'm pretty sure this site should be clean, and we would have a lot more similar reports if it were infected for real.

You can try on your own forum, to replace the reported file with a clean one from the installation package, and see if it still does the same - if it does it's most likely a false positive for some reason.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Mr Edd

Does even with this forum with the path to simple machines website.  So I guess it maybe that Kaspersky is picking something up which needs to be told is actually okay.

Does here even when I refresh this window.

Edd
I'd be Dyslectic if I could spell ti

Aleksi "Lex" Kilpinen

Most probably Kaspersky has updated their virus definitions this morning, and there is an error in there - or it now mistakes the spellcheck.js for some other script for some reason.

I did make a post about this for the team, just so we can look in to this further.

Thanks for letting us know :)
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Mr Edd

Yes it does it here too, even now when I clicked reply.  as you say it must be a false positive. I guess kaspersky has updated and keeps intercepting these scripts.

Thanks for your help.

I will see what I can do at this end and report back later.

Edd
I'd be Dyslectic if I could spell ti

Mr Edd

Sorry for the cross posts but very grateful for the quick assistance.

Thanks

Edd
I'd be Dyslectic if I could spell ti

Aleksi "Lex" Kilpinen

No problem - If we find out something new in relation to this, I'll try to make sure we update this topic as well. :)
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Aleksi "Lex" Kilpinen

If you wish to have Kaspersky look in to this, and speed up the process of verifying it as a false positive,
please report it to Kaspersky at http://support.kaspersky.com/virlab/helpdesk.html
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

feline

I have the error on the files spellchecker.js and script.js ONLY on SimpleMachine.
On my both sites I have no warnings ...
Any thoughts ?

Aleksi "Lex" Kilpinen

No, Nothing comes to mind immediately - unless there's some version mismatch there....
I have made a post about this to the team, but no one else has picked up on this so far....
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Norv

We are looking into this. Do you have heuristic detection turned on, in Kaspersky?
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

feline

Quote from: Norv on April 07, 2011, 09:01:19 AM
We are looking into this. Do you have heuristic detection turned on, in Kaspersky?
Yes. it's Kaspersky Internet Security 2011 ..

Mr Edd

Just thought I would post an update on this...

I have been in touch with Kaspersky and had numerous emails with their support people.

Each time I went to my forum it would appear.  I created an account for them to login which they did but didn't have any reports for them.  What was strange was it stopped happening to me after a while. I have been a little busy since then so tonight I thought I would pop back in here to let you know.

Guess what it started happening again on this site but it no longer happens on my forum.

I have just taken a screen shot so hope it doesn't upset anyone by post a link to here here...



Each time a change a page on here I get the above.

Just to repeat I no longer get it on my forum. I told Kaspersky support I would report back to them if it appeared again, but it hasn't on my forum but has on this one.

Go figure???

Very strange.

Edd
I'd be Dyslectic if I could spell ti

Mr Edd

I thought I might post a clearer image of the message I get from Kaspersky.  But when I open the forum page here I get the message and also when I click the reply button it pops up again.

When I trued a few minutes ago my puter crashed and when it rebooted it said the NTLDR was missing.  I unplugged it for a minute and tried again and now is back up running again so here is the cleared image



I am not sure what is going on and I guess if I keep persevering with this then it may go the same way as my forum and clear itself.

Very strange. as it doesn't happen on my forum now but is still doing it on this one and only with SMF

Edd
I'd be Dyslectic if I could spell ti

feline

Setup your Kaspersky to query on each warnings if you will accept or denied that.
If the alert comes up, accept the warning and all works until you clear your browser cache.

Mr Edd

More strangeness...

I left this window open as I had something to do on the forum.  When I came back I was logged out (the window was still open).  I have just logged back in and now I don't get these messages.

Very strange.

Has someone on the forum logged me out so that I had to log back in again?

Is this what has happened causing the virus messages to stop popping up anymore?

Curiouser and curiouser.

Sorry feline I really didn't understand anything of what you said.

I know I am getting fed up with Kaspersky.

Edd


.
I'd be Dyslectic if I could spell ti

Mr Edd

I don't believe this it has just started again on my forum and on this site too.


I just want it to stop please pretty please.

Edd
I'd be Dyslectic if I could spell ti

Mr Edd

And now when I click the message it makes this machine crash.  Also when I come back to this forum and my forum I am logged off and I have to log back on.  Same with my forum.  And with other forums I use that are not SMF.  Dunno what is happening there???

Interestingly I have tried it on another computer I have with the same Kaspersky anti virus and it is okay, no messages and no crashes.

My guess is it is something to do with this puter.

Any ideas or should I format it and start again?

Edd
I'd be Dyslectic if I could spell ti

Advertisement: