[marcoal]

Hi everyone,
I don't want to panic everybody and
I have no idea if this already been
related here but this morning
I've scanned my Hd with Mc Afee virus scan and a virus
has been detected in 1st page directory:

C:\Program Files\1st page 2000\IScripts\Buttons\six buttons from hell.izs

the virus info is: name: "JS/Winbomb" type "static"

anyway Mcafee deleted it and I didn't used any button.

I've use 1st page 2000 and i'm very happy of it, it's a great tool for html newbie like me, just want to know what is that "six buttons from hell.izs"!!!
thanks

[Josh]

It had been mentioned before,
[url]http://developers.evrsoft.com/forum/showthread.php?s=&threadid=122&highlight=virus[/url]
HTH

[wob]

I am not sure if Norton is finding things that don't exist, or whether there really is a virus in the above mentioned file provided with 1stPage2000. However, I just thought you guys might want to check your installations for JS.WindowBomb.

Norton discovered it with the latest definitions.

Other than that, great program. Will there be php syntax highlighting in v.3? That would make life nicer :-)

Regards,

Rob S.

[Josh]

....the third one,see this
[url]http://developers.evrsoft.com/forum/showthread.php?s=&threadid=122&highlight=virus[/url]

[BoR|S]

It's just me or the link is broken?

[Josh]

sorry,it's ok now.

[wob]

Oops....

Sorry, I reckoned on checking if anyone had already reported this. Obviously didn't look hard enough!!!

[Waves]

I think those files were infected by another virus on your system. Do the buttons still function? If they don't then you know that a different virus is responsible for attacking them.

[Waves]

Nevermind. I am stupid. I read the linked post.

[tust]

I had the same thing happen on my corporate machine
today, 9.20.2002 However, I have had 1stPage on my
machine for at least of couple of months and haven't touched
that file 'Six buttons from hell.izs'. My machine uses Norton
AntiVirus. I would suspect that there really wasn't a virus in
this file, but that Virus definitions got updated and that it is
a false positive. But, since it is my work machine I'm not taking any chances and won't worry about losing the file. My info
from Norton was:
Scan type: Scheduled Scan
Event: Virus Found!
Virus name: JS.WindowBomb
File: C:\My Installs\1stPage\IScripts\Buttons\Six buttons from hell.izs
Location: Quarantine
Computer: -------------
User: ----------
Action taken: Clean failed : Quarantine succeeded :
Date found: Thu Sep 19 21:45:30 2002

Anyone else?

[mlesniak]

Hi, I just thought that I would add my two pence worth regarding this. I have also recently updated my Norton Antivirus 2002 definitions and found that when I did a full system backup Norton brought up a alert which said that the file
C:\Program Files\Evrsoft\1st Page 2...\Six buttons from hell.izs
is infected by the JS.WindowBomb virus.

I did a search and found the following web page:
[url]http://mtdoug.sd61.bc.ca/it/it.php3[/url] which suggests that the file should just be deleted.

I have done this on my system but I'm still not sure whether the file is infected or not. I suspect it might be because the allocated file size is different from the actual file size.

Does this mean that EVR Soft is providing viruses in their free downloads, or does it mean that Norton Antivirus is signalling a false positive? I don't know the answer to that. Norton does not have any more information, strangely enough.

Marcus

[Sky]

I think it's included as a tool... THink man think!!!! I hate it on the user end, but it could teach browsers to respect us...

[Bob Howell]

My Norton anti-virus reported the following virus in yout 1st Page Dowlaod:



The file C:\Program Files\Evrsoft\1st Page 2000\IScripts\Buttons\Six buttons from hell.izs is infected with the JS.WindowBomb virus.

It was unable to fix the file or quarantine it. The file had to be deleted.

[DebbiR]

I also just found this same virus today in the same file. I have had 1stPage 2K installed for a while and today was the first day my antivirus program discovered the virus.

I would like to know why it wasn't discovered before. I have told many other users about 1stpage 2k and don't want to have to apologize for causing them to download a virus.

[Evarest]

Indeed, I recently installed Norton Antivirus 2002. The first time i scanned, it found the so called virus. I've used 1st Page for years, and never did it find any virus at all...

So i turned off the virus-scanner, restored the file and opened it in Notepad, just to be safe. That way i could see for myself that there wasn't any real thread in it. In the file you will find:

a) Some memory-exhausting programs (some of which are really stupid, and normally will function only on really old computers)
b) Some loops that just will try to freeze the program (ie. IExplorer or Netscape)
c) Some endless recursive algorithms (ie the same as the previous one)...

Well, nothing to worry about ... However, it might be usefull to delete the file, as Norton and mcAfee will keep on trying to delete it...

I personally think this was an interesting test for the virus-scanners. Norton found and deleted it immediately when I tried to open it.
Nevertheless, as the virus in this file mainly was a memory-leak, I don't get why these virus-scanners don't find the numerous memoryleaks in other "clean" software (i'm not going to give names )

A hint to Evrsoft: you've created an excellent product, but try not to add such "virus-like" tools to the project
Thus, to end:

1stPage is a great HTML-editor and is not, repeat not, infected by a REAL virus.

If you like to get some more info about that "virus", let me know.

[DebbiR]

I did some more investigating as well and actually came across a number of web sites using WindowBomb in some form or other (searched on Yahoo). It's frustrating in that now with the virus programs catching this type of behavior, individuals are more likely to turn off JavaScript support in their web browsers, disabling all of the good functionality of JavaScript in web pages!

[Evarest]

And you're right about that!
The more complicated the virusscanners become, the more paranoid they tend to get

However, i think it's nowadays not possible anymore to surf WITHOUT a virus-scan-like program (with this i not necessarily mean real virus-scanners, just proggies that shut-off unauthorized traffic from and to websites, ie firewalls, and banner-killers...)

An example to make illustrate this:
when you're surfing you download tons of data to your HDD. These can be *.html, *.js, *.txt or whatever. You won't notice it.
A few months ago, i was "walking through the jungle" of my Temporary Internet Files and i found something disturbing. A *.reg renamed to a *.txt. When i examined the HTML code of the page that downloaded the file, i found that that file had been imported in my registry WITHOUT my authorization. They simply used a parameter and some lines of JavaScript.

I think it's quite clear (now) that JavaScript can be easily abused by some sick mind ...

In my opinion, the best solution is that the browsers take action. You should be able to really disable some JavaScript functions (like writing, deleting, ... to HDD and registry, (simultaneous) popping up banners/windows which can take you to the most unwanted places , ...). That way you can choose whether you want to take the risk or not.

But maybe this'll make surfing less fun for us and the internet less attractive to those who make money out of it...

Just my thoughts,
Evarest

[desktopjockey]

Deployment of this free product is scheduled for Monday to 400 PC's at the highschool where I am the computer technician. :mouthopen: I cannot deploy this product with a "trojan" in it for two reasons:

1. I have 1900 student users, a handful of which would LOVE to get a hold of something to break the network or at least a PC.

2. When the automatic virusscanners start screaming bloody murder over this, I'll have 100+ teachers and administrators up my a$$, most of which cannot say computer let alone spell HTML! One of these nimrods actually has the power to fire me or at the minimum make my business life a living he__.

So what's EVRSOFT's response to this issue? Do they work on weekends?

[Linda]

My Norton just picked it up yesterday... And I've had Norton and 1st Page on my computer for over a year. Weird. Like someone said, maybe they just included it in those virus definitions. Anyway, if I was a developer, I would consider it a bug and get rid of it for the next version of 1st page.

[desktopjockey]

I did read Evarest's post. I understand that it's not malignant. It's the potential that worries me. Additionally, the deployment is an automatic update initialized through Novell Zenworks. I've already set up the snapshot and set it to deploy when users log in starting 6:00am ET. Now I have to scramble to set a script that will delete a file that could be potentially harmful. This is double work that I must do because, IMHO, someone on the development team at EVRSOFT thought it would be "cute"; not a good business practice. Time management is of paramount importance since I am the only one responsible for all 400 computers in our building. My first job is that they all run tomorrow. I hope EVRSOFT does not include anything like that in their next release. Additionally, anyone who knows about the 90/10 principal will agree that it's the 10 that is the most relatively lethal.

I'm not mad, just a little nervous about what's to come. My projection is that nothing will happen and I will get the file before anyone notices. I just loathe doing work that could have been prevented back in the development room. I still think the product is marvelous and consider this a minor irritant.

Have a great day! Personally I'm gonna tinker with it!