Second Life Forums Archive

Creole Snook

Registered User

Join date: 7 Aug 2007

Posts: 3

08-09-2007 06:12

my antivirus keeps picking up a vhm family worm and a trojan thats it says i located in documents and settings/secondlife folder. ive gotten rid of them before and then they seem to come back. is anyone else finding these and if so how do i kill them lol .
thanks

Thili Playfair

Registered User

Join date: 18 Aug 2004

Posts: 2,417

08-09-2007 06:18

false virus positive , can be on some virus programs, depends on wich you use, kind of early "suspect" alike virus behavior detection ,usually false.

Got the name of it?, prob something c80260ba-41fd-8a46-768a-6bf236360e3a.tmp or the other numbersomething.exe , usually when you update you get a random one there.

Viktoria Dovgal

…

Join date: 29 Jul 2007

Posts: 3,593

08-09-2007 06:24

My gut reaction to seeing something like that in my SL cache would be to think that it is a false positive. But one never knows… If possible, you may want to get in touch with whomever makes your malware scanner. They may be interested in seeing a copy of the file, to a) refine their signatures and avoid false positives or b) confirm that it is really something that you need to take off your system.

Creole Snook

Registered User

Join date: 7 Aug 2007

Posts: 3

08-09-2007 21:00

thanks for the responses! im doing just that

AWM Mars

Scarey Dude :¬)

Join date: 10 Apr 2004

Posts: 3,398

08-10-2007 06:32

It is possible to get a virus just by simply watching media using the standard method of media broadcasting, if the source is infected. Some content comes from peer to peer sources which have been aligned with the spread of viruses. One of the reasons we adopted the Silver Stream Network, and only use secure content.

_____________________

*** Politeness is priceless when received, cost nothing to own or give, yet many cannot afford -

Why do you only see typo's AFTER you have clicked submit? **
http://www.wba-advertising.com
http://www.nex-core-mm.com
http://www.eml-entertainments.com
http://www.v-innovate.com

Danyia Dagostino

Join date: 9 Apr 2007

Posts: 2

08-10-2007 11:17

I have had the same probs with the nassy trojan....my norten antivirus detected it, cleaned it up. All that I can suggest is that you should make double-triple sure that your anti-virus is up to date. The one that I use is normally pretty good at detecting worms, virus' and other misc. bugs and nasties.....

Another suggstion is a spy-ware detector. I run mine daily and it dectects the spyware that is collected via various web sites, which in turn slows down ones sytem AND collects various bugs, not just in SL....

Good Luck, hun

PS...please ignore the typo's lol

Aimee Congrejo

エイミー・コンレジョー

Join date: 14 Apr 2007

Posts: 68

08-10-2007 11:38

From: AWM Mars

It is possible to get a virus just by simply watching media using the standard method of media broadcasting, if the source is infected.

Yes. Google for Quicktime Security. In the past it was possible to make a movie or image that made Quicktime crash in such a way you could make it do things it wasn't supposed to do. =^.^=

Edit: here it is. ^^

From: someone

CVE-ID: CVE-2006-1459, CVE-2006-1460

Available for: Mac OS X v10.3.9 and later, Microsoft Windows XP, Microsoft Windows 2000

Impact: Viewing a maliciously-crafted QuickTime movie may result in an application crash or arbitrary code execution

Description: By carefully crafting a corrupt QuickTime movie, an attacker can trigger an integer overflow or buffer overflow which may result in an application crash or arbitrary code execution with the privileges of the user. This update addresses the issue by performing additional validation of QuickTime movies. Credit to Mike Price of McAfee AVERT Labs for reporting these issues.

_____________________

エイミー・ Neko Wafer Aimee

AWM Mars

Scarey Dude :¬)

Join date: 10 Apr 2004

Posts: 3,398

08-13-2007 02:44

Just to update, if you get a buffer overrun issue, or 'cannot resolve url', 'unknown media format type' with Quicktime, there is a high chance you have been infected by a worm or trojan. You may wish to try your own Virus checker supplier for a solution, or use this 'vcleaner' here [url=http://www.grisoft.com/doc/52/us/crp/0

Before doing so, uninstall QuickTime and clear the SL and IE/Browser caches and cookies. Running the vcleaner in safe mode on each PC on your system, one at a time (all others turnned off) is recommended.

Once done, reinstall QuickTime and make sure the settings in the preferences are set to Safe GDI mode and not the DirectX settings.

_____________________

*** Politeness is priceless when received, cost nothing to own or give, yet many cannot afford -

Why do you only see typo's AFTER you have clicked submit? **
http://www.wba-advertising.com
http://www.nex-core-mm.com
http://www.eml-entertainments.com
http://www.v-innovate.com

Welcome to the Second Life Forums Archive

worms in sl?

worms in sl?
Creole Snook Registered User Join date: 7 Aug 2007 Posts: 3	08-09-2007 06:12 my antivirus keeps picking up a vhm family worm and a trojan thats it says i located in documents and settings/secondlife folder. ive gotten rid of them before and then they seem to come back. is anyone else finding these and if so how do i kill them lol . thanks
Thili Playfair Registered User Join date: 18 Aug 2004 Posts: 2,417	08-09-2007 06:18 false virus positive , can be on some virus programs, depends on wich you use, kind of early "suspect" alike virus behavior detection ,usually false. Got the name of it?, prob something c80260ba-41fd-8a46-768a-6bf236360e3a.tmp or the other numbersomething.exe , usually when you update you get a random one there.
Viktoria Dovgal … Join date: 29 Jul 2007 Posts: 3,593	08-09-2007 06:24 My gut reaction to seeing something like that in my SL cache would be to think that it is a false positive. But one never knows… If possible, you may want to get in touch with whomever makes your malware scanner. They may be interested in seeing a copy of the file, to a) refine their signatures and avoid false positives or b) confirm that it is really something that you need to take off your system.
Creole Snook Registered User Join date: 7 Aug 2007 Posts: 3	08-09-2007 21:00 thanks for the responses! im doing just that
AWM Mars Scarey Dude :¬) Join date: 10 Apr 2004 Posts: 3,398	08-10-2007 06:32 It is possible to get a virus just by simply watching media using the standard method of media broadcasting, if the source is infected. Some content comes from peer to peer sources which have been aligned with the spread of viruses. One of the reasons we adopted the Silver Stream Network, and only use secure content. _____________________ * Politeness is priceless when received, cost nothing to own or give, yet many cannot afford - Why do you only see typo's AFTER you have clicked submit? http://www.wba-advertising.com http://www.nex-core-mm.com http://www.eml-entertainments.com http://www.v-innovate.com
Danyia Dagostino Danyia Dagostino Join date: 9 Apr 2007 Posts: 2	08-10-2007 11:17 I have had the same probs with the nassy trojan....my norten antivirus detected it, cleaned it up. All that I can suggest is that you should make double-triple sure that your anti-virus is up to date. The one that I use is normally pretty good at detecting worms, virus' and other misc. bugs and nasties..... Another suggstion is a spy-ware detector. I run mine daily and it dectects the spyware that is collected via various web sites, which in turn slows down ones sytem AND collects various bugs, not just in SL.... Good Luck, hun PS...please ignore the typo's lol
Aimee Congrejo エイミー・コンレジョー Join date: 14 Apr 2007 Posts: 68	08-10-2007 11:38 From: AWM Mars It is possible to get a virus just by simply watching media using the standard method of media broadcasting, if the source is infected. Yes. Google for Quicktime Security. In the past it was possible to make a movie or image that made Quicktime crash in such a way you could make it do things it wasn't supposed to do. =^.^= Edit: here it is. ^^ From: someone CVE-ID: CVE-2006-1459, CVE-2006-1460 Available for: Mac OS X v10.3.9 and later, Microsoft Windows XP, Microsoft Windows 2000 Impact: Viewing a maliciously-crafted QuickTime movie may result in an application crash or arbitrary code execution Description: By carefully crafting a corrupt QuickTime movie, an attacker can trigger an integer overflow or buffer overflow which may result in an application crash or arbitrary code execution with the privileges of the user. This update addresses the issue by performing additional validation of QuickTime movies. Credit to Mike Price of McAfee AVERT Labs for reporting these issues. _____________________ エイミー・ Neko Wafer Aimee
AWM Mars Scarey Dude :¬) Join date: 10 Apr 2004 Posts: 3,398	08-13-2007 02:44 Just to update, if you get a buffer overrun issue, or 'cannot resolve url', 'unknown media format type' with Quicktime, there is a high chance you have been infected by a worm or trojan. You may wish to try your own Virus checker supplier for a solution, or use this 'vcleaner' here [url=http://www.grisoft.com/doc/52/us/crp/0 Before doing so, uninstall QuickTime and clear the SL and IE/Browser caches and cookies. Running the vcleaner in safe mode on each PC on your system, one at a time (all others turnned off) is recommended. Once done, reinstall QuickTime and make sure the settings in the preferences are set to Safe GDI mode and not the DirectX settings. _____________________ * Politeness is priceless when received, cost nothing to own or give, yet many cannot afford - Why do you only see typo's AFTER you have clicked submit? http://www.wba-advertising.com http://www.nex-core-mm.com http://www.eml-entertainments.com http://www.v-innovate.com