Have you a FP from this page ?

Wow...NOD32 alerts me but seems like that page is safe.
What about you ?
****://www.bellamyjc.org/fr/iloveyou.html"]http://www.bellamyjc.org/fr/iloveyou.html

 

pas de problem
no problems

 

I also get the warning and the page really seems to be infected. See the scanning result.
Seems NOD32 caught another piece of malware.
Hope ESET will take a look at it soon... sample sent

 

Mack Jones,

Please do not post possible live malware links. BTW, i also got the alert from NOD32.



snowbound

 

Humm...
How can you explain these differences ?
This page contains the code, modified, but some detect it, some don't.
Strange to my (rookie) eyes

 

Sure.
This page doesn't containt a malware I presume.
The author just explains the code and the routines.
Sorry if I'm wrong

 

I checked with the Dr.Web FF plugin but the doc found nothing

Gerard

 

Visited it in Firefox. Got the Nod32 alert as well. Then had what seemed to be a redirect to a page that did not stay up long enough to see what it was, then a page can not be displayed error. I know I`m not going back.

 

The jotti pic's you see is done when I copy some part of this page in a document.
May be the reason DrWeb doesn't alert you...

 

I noticed that too, but is this page really unsafe? As far as I understand the author is examining the loveletter code. The virus itself doesnt run actually and maybe thats why Drweb and others doesnt react?
But if merely printing the code on a web page is malicious then it is good that NOD32 detects it.
Maybe all depends on how different AV´s attack a problem?

 

let's wait for ESET's answer. perhaps it's indeed a FP.

 

In IE one scripts opens up a popup that contains this text:

 

Here is the translation of the previous post)


26/05/2006 VBScript VBS Examples Script EXPORTFAV which exports automatically in a file HTML of all favourites (shortened Internet) 22/05/2006 VBScript VBS Exemples Script RENEWDHCP which causes the renewal of beams DHCP on a local or distant computer. March at April 2006 the site Put “in temporary sleep� following problems of health. 23/01/2006 VBScript VBS Examples Updated of script LOGUSERS (temporary desactivation of a safety Internet To explore preventing its local execution) 19/01/2006 Tools Updated of the bonds of Tweak UI and GadWin Windows Windows2000 Updated of the article the its problem and prolonged deactivation Year 2005 Year 2004 Year 2003 Year 2002 Year 2001

 

The main question isn't "Should an AV detect harmless code ?" ?
The approch is different but the security level is not higher.

 

strange again ESET gives no answer on this issue and NOD32 still flags that webpage as infected.

 

The page contains a script code which is malicious

 

FProt beta doesn't alert on that page. Neither does McAfee corporate beta.

Neither does KAV 2006.

Maybe it is because I don't have QT installed on any machine? And that is required for that page?

 

Do not have Quicktime either. Still got the nod32 alert the last time I went there. Now the page seems to be down.

 

As already quoted:

Cheers

 

I find it rather interesting that F-Prot 3.16 detects this, but F-Prot beta does not. KAV doesn't either, nor does McAfee enterprise beta so I don't think there is anything malicious there. It's a FP for NOD32 that is all.

 

As already stated, it is NOT a FP.

Blackspear.

 

Must be an FP since the latest FProt doesn't detect but the old version does. Plus, if KAV doesn't get it then it is an FP...even if KAV didn't have a signature on July 3, it updates every 5 minutes so it would certainly be detecting it now if it were for real.

 

Well the actual facts are it is NOT a FP according to Eset, as well as Bitdefender and many others also detect it. How many times have you seen multiple AV's detect a FP Just because KAV doesn't detect it doesn't make it a FP, that's ludicrous

Blackspear.

 

Source-code for the "I love you" virus is printed in the web page. In script-form, presented on a web page. Even if the code isn't being executed on the page, it's still there so what do you expect an antivirus to do with it?