Virus scanner detects a threat in one thread

[Prince George]

When I visit the Sturt Highway thread http://www.sensational-adelaide.com/for ... f=9&t=1567, my virus scan is giving me this notification:

The Actns/Swif.T was detected in ...\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\S2309FAL\L[1].SWF.
File Status: File was cured; system cure performed.

I'm typically getting this message twice when I go there - could it be those latest couple of pictures?

[Norman]

the SWF indicates it's a Flash file... so it must be the videos... I don't see how they could be infected though, it's hosted on YouTube.

[Prince George]

I can't find a specific advisory that explains this threat, but the closest may be this one for ActnS/Swif.O. Of course, every different company lists their threats under different names, so there's no easy way to corelate this with any of the other security companies' databases

[Prince George]

Following Norman's suggestion that it could be the videos, I tried going to the Rundle Lantern thread and sure enough when I get to the section with the videos I get the message again. On the other hand, I can go to YouTube without any issues. The videos themselves may be hosted on YouTube, but what about the embedded player? Could it be coming from somewhere else?

[Howie]

I see thing sort of thing quite often in my work. One of the possibilities is that the problem may lie in your virus scanner itself (either too sensitive to flash's getURL() command), or you've been infected by some sort of worm that's rewriting your swf files as you're browsing the net.

Anyhow, if you find out anything else let us know... i'll be watching this thread.

Btw, what version of IE are you running?

[Prince George]

IE8 beta 2 in compatability mode. Virus scanner is CA eTrust. I've seen some email traffic that seems to show that other people have also gotten this message from other sites that I think have embedded youtube videos. I'll keep you posted.

[muzzamo]

IE8 beta 2 in compatability mode. Virus scanner is CA eTrust. I've seen some email traffic that seems to show that other people have also gotten this message from other sites that I think have embedded youtube videos. I'll keep you posted.

Just use firefox. Jeesus.

[Edgar]

IE8 beta 2 in compatability mode. Virus scanner is CA eTrust. I've seen some email traffic that seems to show that other people have also gotten this message from other sites that I think have embedded youtube videos. I'll keep you posted.

Just use firefox. Jeesus.

Each to their own preference muzzamo, there is no need for that last name calling.

Anyway to Prince George, see if you are getting the same report from using Firefox.

I have long ditched Microsoft Internet Explorer, it somehow doesn't quite work in my laptop which is pre-installed with Vista Home Premium. Every time I close the Internet Explorer Browser, it comes up with an error message saying "Internet Explorer Has Stopped Working" - and when I click "Checked Online for Solutions" it just sends the bug to the Microsoft team but nothing has been fixed yet.

[Prince George]

It appears that CA is the culprit - http://www.crunchgear.com/2008/12/02/ac ... tube-vids/ No official word on CA's site, nor on YouTube/Google. Might be time to check for updates - bah, and it's not even Patch Tuesday.

And sufficeth to say - one who lives in Seattle may have a good reason to be running explorer

[monotonehell]

It appears that CA is the culprit - http://www.crunchgear.com/2008/12/02/ac ... tube-vids/ No official word on CA's site, nor on YouTube/Google. Might be time to check for updates - bah, and it's not even Patch Tuesday.

And sufficeth to say - one who lives in Seattle may have a good reason to be running explorer

Just run Linux -- that'll get up their noses.

False positives are becoming more common as the number of viruses to detect increases. The "signature" that the virus checker is looking for is more likely found in another piece of code the bigger the virus checker's "brain file" gets. Firefox is a good option as you can get a flash blocker (I assume you can get one for IE as well) this allows you to only play the flash that you want to see, or trust. It's incredible the number of hidden Flash bugs that websites place on their pages to do evil. Flash is a big security hole, and it's best to refuse it unless you trust it.