Virus Report from Spell Checker

[Illori]

since smf does not directly have anything to do with your anti-virus program you are best to ask them what is going on. otherwise you need to wait for smf team members to return to this thread and comment on what may be going on. I know you want this solved quickly but bumping it with comments is not helping the developers look into the issue.

[Adish - (F.L.A.M.E.R)]

Try disabling Spell check and renaming the file. It might solve it for a while on your forum.

About this forum, we'll check it out.

[Mr Edd]

I am not bumping this thread I am trying to tell anyone who is interested what is happening.  As I mentioned earlier on I am in constant discussion with Kaspersky support sending the files etc.

I use 6 computers each with a registered version of Kaspersky. and it is happening on all of them. I am typing this on my wife's computer and it is happening on this now. Each time I open SMF on any of these machines I get the messages as posted in the screen shots.

I am very sorry if you find my constant post frustrating but other than Kaspersky who else can I approach about this?

Thanks for your patience.

I have to go to work today so I will not post again until tonight.

Edd

[Aleksi "Lex" Kilpinen]

I use 6 computers each with a registered version of Kaspersky. and it is happening on all of them. I am typing this on my wife's computer and it is happening on this now. Each time I open SMF on any of these machines I get the messages as posted in the screen shots.

This to me would pretty much confirm that it is not your puter messing things, but either something in Kaspersky or something in the script in question, or a combination of them.
Are you using heuristics just like feline is? If so, try turning off heuristic detection (if that's an option in the software, I'm not familiar with Kaspersky) as that is usually the biggest cause for false alarms in any AV software.

[Aleksi "Lex" Kilpinen]

Oh, and if either of you two could post the exact details of what was detected - it could possibly help diagnosing this.

[Mr Edd]

I saw that but to be honest I haven't a clue what that is???

Are you using heuristics just like feline is

Just then when I clicked reply it popped up again.  I am still on my wife's puter but it happens on all of them.  I have three computers in my office plus a laptop, this is my wife's in her office and my daughters laptop.  I bought 6 licences from Kaspersky hence why I have so many I can test from.

I will have to leave for work shortly so I will not be back till tonight.

Thanks for your help.

Edd

[Aleksi "Lex" Kilpinen]

I just got the latest public version of Spellcheck.js and checked it with VirusTotal
(http://en.wikipedia.org/wiki/VirusTotal.com )

With the following results:

File name:  spellcheck.js
Submission date:  2011-04-08 07:15:34 (UTC)
Current status:  finished
Result:  0/ 42 (0.0%)

Included in the test was Kaspersky 7.0.0.125

Now, I have no access to directly download the version on site to check, but I'd believe it's the same....

[Mr Edd]

I seriously don't think there is any issue with SMF spell checker.  I think it is to do with Kaspersky and they are looking into it.

I haven't yet been in my office to see if they have been in contact (only just got in and my tea is ready) about this yet. More later me thinks.  <g>

Edd

[Astra_200]

Exact same thing happened to me at about the same time, both on this and my own forum.

Kaspersky reported - Downloading object containing virus. HEUR Trojan Downloader.Script generic

I downlaoded my own /themes/default/scripts/spellcheck.js and /themes/default/scripts/topic.js files scanned with Kaspersky on my PC and it came back clean.

Cleared my forum and browser cache and have had no error messages since.

[Kindred]

As we have said: I believe that some recent update from Kaspersky is now flagging that file as a false positive.

Unfortunately, Kaspersky is the only one who can fix the problem with their program...

[Mr Edd]

Just reporting that it has stopped now on both my forum and this one. Hasn't done it for about 24 hours I think?.

I sent some files off to Kaspersky but had no reply from them as yet (probably co its the weekend).

If I get any reply from them I will update this thread.

Edd

[Mr Edd]

I have just received the following from Kaspersky...

Hello,
yes, this is good trace log. Thank you!
I've fixed detection, but if it repeats after 24 hours - please, write to us again (with new traces and new copy of detected file in archive with password "infected").
Thank you for your help.
-------------------------------------------
Regards, Ivan *********.
Virus analyst , Kaspersky Lab.

I changed his name to protect the guilty.

I have not had anymore problems now for over 48 hours either here or on my forum.  So looks like it has been fixed when they updated.

Thanks for everyone's help on here.

Edd

[Aleksi "Lex" Kilpinen]

Glad to hear that they fixed it

[Astra_200]

Mr Edd, nice to know Kaspersky are on the case, thanks for your efforts

LexArma, your avatar gives me the creeps, I'm sorry if its a family member portrait

[Astra_200]

It's from a computer game called The Secret of Monkey Island, when the main character is staring at a 'fearsome beast'.

Ah thanks Arantor, thats maybe why its eerily familiar, whatever happened to Guybrush Threepwood anyway??

[Mr Edd]

He He He

Thanks for the memories. I played that game for many happy hours too.

I reckon he is still out there fishing


I have no more problems with pop ups anymore.

Edd

[Aleksi "Lex" Kilpinen]

I've been seeing Guybrush again after so many years lately, it seems he is still the same wanna be pirate he always was