« magnetic | Main | not reading any more emails today, thankyouverymuch »

grr

Once again, ASV has been hit with some kind of virus. I'm not seeing it but I got a few emails and comments about it. I have no idea how it got on here or how to get it off. If anyone has any ideas on this, that would be great. Otherwise I'm going to have to shut the site down until I can figure out what's going on.

One email says his virus detector picked up Bloodhound.Exploit.6.

Bloodhound.Exploit.6 is a heuristic detection for exploits of a Microsoft Internet Explorer vulnerability. This vulnerability was discovered in February 2004.

The vulnerability results from the incorrect handling of HTML files embedded in CHM files. (CHM is the Microsoft-compiled HTML help format.)

Maybe I'm not seeing it because I don't use IE. Also, if you're using Linux or a Mac you won't see it.

I don't know what a CHM file is, so I've never used one or knowingly used one here. I wouldn't even know where to begin to look in my folders to see where it might be. I do understand that whatever this bug is, it has something to do with Outlook Express, which I stopped using about a month ago. Interestingly enough, when I tried to download and install the patch MS offered, it kept telling me that I don't have OE on my computer. Ok, whatever. I'm at a loss here.

TrackBack

Listed below are links to weblogs that reference grr:

» Bloodhound.Exploit.6 virus attack from sisu
This Norton AntiVirus alert just popped up on the screen. [Read More]

Comments

Hi,
If the website ASV has been infected, it has nothing to do with your home computer. The virus you mention starts at a website. If someone has compromised your website, you have to talk to the webmaster.
If it's your home computer, go to http://housecall.trendmicro.com (type it in, so you'll know I'm not sending you some where malicious) and run their web virus remover.
Good luck!
Knox

Egad. A virus alert window popped up just as I was downloading your site. Name of virus: Bloodhound.Exploit.6 Will check back here later to see if any of your fans know what to do. Did you try Knox's suggestion, and did it work?

I use Mozilla Firefox, so I'm not seeing any problems.

I do have something going on with OE though, but it's because of SBC updates - they are blocking the server that handles my email (I can receive email at the address but can't send any) and the fix they've sent me doesn't do diddly. So I'm back to using yahoo email - blech.

Good luck with the fix...for anyone experiencing problems with IE, I heartily recommend Firefox.

Contact whoever is hosting ASV.net and complain to them that they are not keeping up with security. (I am assuming a patch exists to fix this, but who knows.)

Mozilla all the way. Haven't moved to Firefox yet.

I don't think this is a problem on HM's end. I think it's a problem with people using a browser that has known security holes.

The only people getting any kind of pop up or virus notice are those using IE.

Well well well...whaddya know...this is something that you'll have to get your host involved in. You could go through every moveable type file trying to find the problem but you owe it to the host to let them know they have a problem.

For your readers, you might wanna put something at the top of your blog in clear language, "DO NOT VIEW THIS SITE WITH IE!" and provide a link to Firefox.

sigh...how many more hacks before people realize IE is the worst virus Microsoft ever developed???

That's interesting...I just viewed the page with IE and it came up just fine...no warnings whatever. I'm running McAfee Viruscan v4.5.1 SP1 with 4.4.00 Engine and 4.0.4451 dats. For those of you who continue to have troubles make sure your machine is fully patched by going to windowsupdate.microsoft.com(must use IE for this).

Michele -

It's probably still a good idea to let them know what's going on. You are just one spoke in their wheel...this may be evidence of a larger problem for them.

I'm inclined to agree that this is a problem with particular browsers but it doesn't hurt to be sure. It's just a note to HM right? They may point and laugh hysterically...but at least then you KNOW what's going on rather than guessing. ;)

I used to create custom CHMs; they are simply the familiar MS Help files, which are built on an HTML platform.

Wayne, I notified them. They said it won't affect other sites. They're looking into it.

I read something on CNET a while back that indicates that third party code you use in your template might be the culprit.

http://news.com.com/Spyware+infiltrates+blogs/2100-7349_3-5587710.html

I'm glad I have a Mac. Had one for the past 3 years, and I haven't had a virus since.

Were you on the Triton server? Same thing happened to me