Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mcafee And Blackice Acting Wierd


  • Please log in to reply
2 replies to this topic

#1 thrillhouse

thrillhouse

  • Members
  • 1,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Va
  • Local time:10:12 AM

Posted 19 March 2007 - 01:26 PM

I frequent Impreza.net to keep in touch with my subaru club. I went there today and Black Ice said

Microsoft Internet Explorer version 6.0 is vulnerable to a buffer overflow in mshtml.dll. By creating a malicious Web page containing a large number of script action handlers in a single HTML tag, a remote attacker could overflow a buffer and cause Internet Explorer to crash or possibly execute arbitrary code on a victim's system, once the malicious page is opened.

Note: This vulnerability also affects Mozilla Firefox, and possibly other vendor Web browsers.


I use firefox and don't think the subaru site is malicious.

Mcafee has buffer overflow protection regardless, so I open Macafee and the buffer over flow protection is turned off for some reason. I turn it on and then upgrade to the newest version of ad-aware and get the newest updates and scan and I got nothing.

I open up Mcafee On-Access scan statistics and it said it found 2 things, but didn't clean or delete them. I check in the quarantine folder, nothing there. I do a virus scan with Mcafee, it finds nothing, but still says in the stats that it found two things today.

:thumbsup:

Tried running a number of scans in safe mode, Mcafee, Spybot, Ad-Aware, nada. Is the alert from blackice about the Subaru site related to the two phantom virii and if so am I infected? I could use some expertise. If you guys think I should post an hjt log then can someone let me know and will a mod please move my post to the hjt part of the site?

--

Cliff notes: I might have two virii but cant find them and my firewall is telling me a trustworthy website is attacking me.

BC AdBot (Login to Remove)

 


m

#2 ejames82

ejames82

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Location:oswego, ny
  • Local time:09:12 AM

Posted 19 March 2007 - 07:05 PM

if this is the same company that builds subaru cars, then i would not think they would be infecting peoples computers. they are a reputable car manufacturer, as all the japanese manufacturers are.

#3 thrillhouse

thrillhouse
  • Topic Starter

  • Members
  • 1,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Va
  • Local time:10:12 AM

Posted 20 March 2007 - 03:02 PM

It's not officially connected to subaru of america, its a message board site like this one but for subarus, but it has been around for 9 years or something and I don't think it's malicious.

Ever since I turned buffer protection on in mcafee it has stayed on and it restarts the statistic thing when you turn the computer on and off and I haven't picked up any more virii, but blackice still thinks the site is bad, specifically its image host. Must be some coding error or something, computer is running fine, I'm not too worried about it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users