Hi everyone,
I don't want to panic everybody and
I have no idea if this already been
related here but this morning
I've scanned my Hd with Mc Afee virus scan and a virus
has been detected in 1st page directory:

C:\Program Files\1st page 2000\IScripts\Buttons\six buttons from hell.izs

the virus info is: name: "JS/Winbomb" type "static"

anyway Mcafee deleted it and I didn't used any button.

I've use 1st page 2000 and i'm very happy of it, it's a great tool for html newbie like me, just want to know what is that "six buttons from hell.izs"!!!
thanks

It had been mentioned before,
http://developers.evrsoft.com/forum/showthread.php?s=&threadid=122&highlight=virus
HTH:D

I am not sure if Norton is finding things that don't exist, or whether there really is a virus in the above mentioned file provided with 1stPage2000. However, I just thought you guys might want to check your installations for JS.WindowBomb.

Norton discovered it with the latest definitions.

Other than that, great program. Will there be php syntax highlighting in v.3? That would make life nicer :-)

Regards,

Rob S.

....the third one,see this
http://developers.evrsoft.com/forum/showthread.php?s=&threadid=122&highlight=virus

It's just me or the link is broken?

sorry,it's ok now.

Oops....

Sorry, I reckoned on checking if anyone had already reported this. Obviously didn't look hard enough!!! :o

I think those files were infected by another virus on your system. Do the buttons still function? If they don't then you know that a different virus is responsible for attacking them.

Nevermind. I am stupid. I read the linked post.

I had the same thing happen on my corporate machine
today, 9.20.2002 However, I have had 1stPage on my
machine for at least of couple of months and haven't touched
that file 'Six buttons from hell.izs'. My machine uses Norton
AntiVirus. I would suspect that there really wasn't a virus in
this file, but that Virus definitions got updated and that it is
a false positive. But, since it is my work machine I'm not taking any chances and won't worry about losing the file. My info
from Norton was:
Scan type: Scheduled Scan
Event: Virus Found!
Virus name: JS.WindowBomb
File: C:\My Installs\1stPage\IScripts\Buttons\Six buttons from hell.izs
Location: Quarantine
Computer: -------------
User: ----------
Action taken: Clean failed : Quarantine succeeded :
Date found: Thu Sep 19 21:45:30 2002

Anyone else?

Hi, I just thought that I would add my two pence worth regarding this. I have also recently updated my Norton Antivirus 2002 definitions and found that when I did a full system backup Norton brought up a alert which said that the file
C:\Program Files\Evrsoft\1st Page 2...\Six buttons from hell.izs
is infected by the JS.WindowBomb virus.

I did a search and found the following web page:
http://mtdoug.sd61.bc.ca/it/it.php3 which suggests that the file should just be deleted.

I have done this on my system but I'm still not sure whether the file is infected or not. I suspect it might be because the allocated file size is different from the actual file size.

Does this mean that EVR Soft is providing viruses in their free downloads, or does it mean that Norton Antivirus is signalling a false positive? I don't know the answer to that. Norton does not have any more information, strangely enough.

Marcus

I think it's included as a tool... THink man think!!!! I hate it on the user end, but it could teach browsers to respect us...

My Norton anti-virus reported the following virus in yout 1st Page Dowlaod:



The file C:\Program Files\Evrsoft\1st Page 2000\IScripts\Buttons\Six buttons from hell.izs is infected with the JS.WindowBomb virus.

It was unable to fix the file or quarantine it. The file had to be deleted.:eek: :mad: :(

I also just found this same virus today in the same file. I have had 1stPage 2K installed for a while and today was the first day my antivirus program discovered the virus.

I would like to know why it wasn't discovered before. I have told many other users about 1stpage 2k and don't want to have to apologize for causing them to download a virus.

Indeed, I recently installed Norton Antivirus 2002. The first time i scanned, it found the so called virus. I've used 1st Page for years, and never did it find any virus at all...

So i turned off the virus-scanner, restored the file and opened it in Notepad, just to be safe. That way i could see for myself that there wasn't any real thread in it. In the file you will find:

a) Some memory-exhausting programs (some of which are really stupid, and normally will function only on really old computers)
b) Some loops that just will try to freeze the program (ie. IExplorer or Netscape)
c) Some endless recursive algorithms (ie the same as the previous one)...

Well, nothing to worry about ... However, it might be usefull to delete the file, as Norton and mcAfee will keep on trying to delete it...

I personally think this was an interesting test for the virus-scanners. Norton found and deleted it immediately when I tried to open it.
Nevertheless, as the virus in this file mainly was a memory-leak, I don't get why these virus-scanners don't find the numerous memoryleaks in other "clean" software (i'm not going to give names :p )

A hint to Evrsoft: you've created an excellent product, but try not to add such "virus-like" tools to the project ;)
Thus, to end:

1stPage is a great HTML-editor and is not, repeat not, infected by a REAL virus.

If you like to get some more info about that "virus", let me know.

I did some more investigating as well and actually came across a number of web sites using WindowBomb in some form or other (searched on Yahoo). It's frustrating in that now with the virus programs catching this type of behavior, individuals are more likely to turn off JavaScript support in their web browsers, disabling all of the good functionality of JavaScript in web pages!

And you're right about that!
The more complicated the virusscanners become, the more paranoid they tend to get :)

However, i think it's nowadays not possible anymore to surf WITHOUT a virus-scan-like program (with this i not necessarily mean real virus-scanners, just proggies that shut-off unauthorized traffic from and to websites, ie firewalls, and banner-killers...)

An example to make illustrate this:
when you're surfing you download tons of data to your HDD. These can be *.html, *.js, *.txt or whatever. You won't notice it.
A few months ago, i was "walking through the jungle" of my Temporary Internet Files and i found something disturbing. A *.reg renamed to a *.txt. When i examined the HTML code of the page that downloaded the file, i found that that file had been imported in my registry WITHOUT my authorization. They simply used a parameter and some lines of JavaScript.

I think it's quite clear (now) that JavaScript can be easily abused by some sick mind :) ...

In my opinion, the best solution is that the browsers take action. You should be able to really disable some JavaScript functions (like writing, deleting, ... to HDD and registry, (simultaneous) popping up banners/windows which can take you to the most unwanted places ;) , ...). That way you can choose whether you want to take the risk or not.

But maybe this'll make surfing less fun for us and the internet less attractive to those who make money out of it...

Just my thoughts,
Evarest

Deployment of this free product is scheduled for Monday to 400 PC's at the highschool where I am the computer technician. :mouthopen: I cannot deploy this product with a "trojan" in it for two reasons:

1. I have 1900 student users, a handful of which would LOVE to get a hold of something to break the network or at least a PC.

2. When the automatic virusscanners start screaming bloody murder over this, I'll have 100+ teachers and administrators up my a$$, :bangbang: most of which cannot say computer let alone spell HTML! One of these nimrods actually has the power to fire me or at the minimum make my business life a living he__.

So what's EVRSOFT's response to this issue? Do they work on weekends?

My Norton just picked it up yesterday... And I've had Norton and 1st Page on my computer for over a year. Weird. Like someone said, maybe they just included it in those virus definitions. Anyway, if I was a developer, I would consider it a bug and get rid of it for the next version of 1st page.

I did read Evarest's post. I understand that it's not malignant. It's the potential that worries me. Additionally, the deployment is an automatic update initialized through Novell Zenworks. I've already set up the snapshot and set it to deploy when users log in starting 6:00am ET. Now I have to scramble to set a script that will delete a file that could be potentially harmful. This is double work that I must do because, IMHO, someone on the development team at EVRSOFT thought it would be "cute"; not a good business practice. Time management is of paramount importance since I am the only one responsible for all 400 computers in our building. My first job is that they all run tomorrow. I hope EVRSOFT does not include anything like that in their next release. Additionally, anyone who knows about the 90/10 principal will agree that it's the 10 that is the most relatively lethal.

I'm not mad, just a little nervous about what's to come. My projection is that nothing will happen and I will get the file before anyone notices. I just loathe doing work that could have been prevented back in the development room. I still think the product is marvelous and consider this a minor irritant.

Have a great day! Personally I'm gonna tinker with it!:crazy:

The download for this software contains the JS.WindowsBomb virus. My Norton Antivirus detected it during installation. McAfee does not have this virus definition yet. Go to http://www.symantecs.com/ to run online virus scan there.

And you're right about that. It's not a very good idea to put something that might be considered as a virus/trojan whatever in a project.

However, the version of 1stPage i downloaded, and now was found to contain a "virus", is, as Linda mentioned, at least a couple of months (i think even a year) old.
Another example of the fact that virus-scanners have become more strict in defining a virus...

But of course, this won't solve your problem at all :)
Maybe you should consider just to remove the file on one PC, compress the entire directory and then put it on the other PCs. I don't think 1stPage need to install any dll's to System nor need to update the registry...

HTH
Evarest

It's not a very good idea to put something that might be considered as a virus/trojan whatever in a project.
Agree with that. Even if it's not a virus/trojan maybe people uninstall or something else if they discover that the program folder contains a virus/trojan.

I don't think it installed anything in the registry or system either. This issue is already elimintaed, with a simple file delete. Thanks again.

Hi all.

Further to the virus report. I too found JS.bomb recently. Details below.

This must be a new virus signature. My program files directory is scanned regularly. Check your Program Files folder. Apparently viruses can lie undetected for years before avirus signature detects the virus (yes, at least a year).

* I think eversoft ought to email subscribers with a warning about this file.

-----------
Scan type: Scheduled Scan
Event: Virus Found!
Virus name: JS.WindowBomb
File: C:\Program Files\Evrsoft\1st Page 2000\IScripts\Buttons\Six buttons from hell.izs
Location: Quarantine
Action taken: Clean failed : Quarantine succeeded :
Date found: Wed Sep 25 04:17:52 2002

I use 1st Page for almost 2 years and on the same date as reported in postings above my Norton Antivirus also has found the same virus in the same location.

Too bad we didn't get any notice about it...

Norton Corporate edition informed me that I have an infected file durning the installation. Six buttond from Hell.izs is infected with the JS.WindowBomb Virus. Norton was unable to clean so it Quarantined the file. I do not know how this will effect the performace or reliability of this product. I am quite disapointed that this product is being distributed with a virus. You people at Evrsoft need to get your S**T together on this. Glad it was free because I would have paid for this without question and gotten a virus for my money. Still an excellent product and will continue to use and recommend.

The JS.WindowBom virus is definately in 1stPage itself. I didn't have it before installing... and now I do.

CNet no longer is allowing downloads of 1stPage - is it because of the "virus"? I thought that this was where I downloaded it from a few weeks ago.

I found this forum when the coporate virus checker found this "virus" last weekend in the file that was on the shared drive for almost 2 years.

I've been doing some research on this problem. Here's what I have found:

1) This is NOT a virus. It is classified as a Trojan Horse. It will not propagate by itself.

2) I have 1st Page 2000 loaded on my wife's laptop. The file is there. I scanned the disk with the latest Mcafee Virus Checker last night. It does not catch it. I also have it on my laptop.

3) I looked at the code via Notepad. The comment at the very top says "Clicking on any of these buttons will really cause you pain..."

4) This code will not run by itself. YOU have to invoke it.

5) The code does not do permenant damage to your computer. At worst you have to reboot to stop it from eating up all your memory.

6) It seems they were included as examples. In hindsight that was probably a mistake.

7) If you still have this file on your disk, just delete it. It is not a necessary part of the program

Hello every one

i have a bit of a problem and i was woundering if some one can help me with this? i just scanned for virus's and can accross
one from haveing first page2000, by eversoft! it's called
Q.JS.WINDOWBOMB, FILE NAME IS , SIX BUTTON FROM HELL.IZS
ANY ONE GET THIS BEFORE,BECAUSE I HAD TO QUARANTINE IT,AND I CANT SEBMIT THIS TO NORTON ANTI VIRUS FOR EVAL....



THANKS
DANIEL

ok so then this eats up memory!...why would eversoft ever allow
such a thing on 1 of there programs! i cant repair it so would it be safe to just deleate it all to gether?

i hope so.....

Daniel

Yes, you can delete it. Look at my point #7.

It's not a virus. It seems it was put there as an example of what can be done with Javascript .

Hindsight is always 20/20.

ok thank you, for helping me with that i was not to sure if i could get ride of that with out causeing harm to the system, any way thanks again


Daniel

OK, people,
me too, I use 1st Page for almost 2 years (very good program!!) and the McAfee Viruscan found the same virus/troian.
OK, I understand, it is not terrible, I delete it and the program run the same.

But there is an other question:

==> From 5-6 months the 1stPage 2000 it is in conflict with the antivirus. <==

The Viruscan antivirus run always; when the 1stPage start, it is very slow to run, and the PC also go slow.
I try in 15 PC (Win 95/98) and it is the same.
It is logical that I CAN'T STOP THE ANTIVIRUS!

Nobody tell me about?

Man comeon, i've had it before, just hold Alt-f4 if you ever get it. It's a pain in the ass though. bt in *one* of the other thread*s* i stated that it could be a asset to those wanting the public to take them seriously. USE it, don't abuse it :smack: :shoot: :*D: :cheers:

I and 3 others have had this same virus! It does cause some problems and the past post link that another party posted concerning it, is invalid it says. Can you repost that please??

Did you read the first two posts in this thread at all?

Repeating...

It is NOT a virus. It is not harmfull unless you invoke it and even then it is not distructive. It can be deleted.

Ken

Well, the same here, I am a great fan of 1stPage and uses it for a year already. I also run Norton Antivirus every week and it never caught something in 1stPage until now! The strangest is, that this file was already there or came on my PC this week.......I noticed it because my PC was running out of memory.

Reading the posts on this forum gives me a little disstress....happily it is not an agressive virus, not a virus at all and it must be invoked...but then still I am questioning why my PC was running out of memory by itself!?

Others experiences like this?

Greetings,

Doix

The file- G:\Program Files\Evrsoft\1st Page 2000 2.0\IScripts\Buttons\Six buttons from hell.izs is infected with the JS.WindowBomb virus

I can not even use Internet Explorer.
I can not use some Java's on Netscape or it shuts it the computer down!
This is a true virus!

It is encrypted in one of the Java scripts, that I had not used. It was triggered by something, probable the date?

Characteristics:
Memory Resident
Size Stealth
Full Stealth
Triggered Event
Encrypting
Polymorphic



What I would like to know is, will this virus be taken out of this great program so others do not go thur this? :(

Originally posted by Josh
....the third one,see this
http://developers.evrsoft.com/forum/showthread.php?s=&threadid=122&highlight=virus

Your link does not work! But your virus does!

Maybe dbindel moved it,it worked before,ask him
BTW what do you mean "my virus works".:confused:

:cool:

I installed 1st page today and was surprised by the fact that NAV found a virus during the installation of the program. I did a little research and found out that the js.trojan.windowbomb is basically a popup generator. Which is one of the most annoying situations to have to deal with while surfing the net. It frustrating and tiresome to have to close a bunch of pop ups only to have two more open up when you close one. These types of scripts are what give scripts a bad rap. I understand that it is not malicious and that it helps web developers generate income but it definately needs to be tempered with common sense. A script like this one is more like vandalism in the guise of advertising. Some people may think its fun and games but your computer is locked up because pop ups have filled up the memory and the processor is so busy processing these little "windows to the pits of hell" that you can not do any thing else it is not funny.

It appears to me that 1st page was including this little gem as a tool not a virus. But it one of the most God awful tools on the internet. And I hope the developers of this software thinks twice about including it in future versions of the software. People are plenty capable of coming up ways to annoy each other they don't need assistance.

:smoke2:

Jhereg's answer makes the most sense by way of an explanation to this surprize (six buttons from hell). The first time I encountered it was this past week. I had to delete the entire program from my computer, which is too bad because I think 1st Page is "da bomb".

So, is Evrsoft going to clean out six_buttons, or are they going to say,"forget it, we will wait until XP's release and not waste our time fixing an old problem"?

I just finished installing 1st Page 2000, and I got the virus warning as well.

My Norton anti-virus found an instance of jr.trojan.windowbomb in the installation package. The file name containing the trojan was identified as \Six Buttons from Hell.izs.

Norton Anti-virus successfully quarrantined the file.:mad:

You can safetely delete that file, it's just a script you can insert from iScripts.

It's not a virus, it's just an evil JS, END OF TOPIC!

*locked*