This morning when logging onto Ausfish and changing pages my virus alert keeps coming up that it has blocked an attack by the Exploit Website Toolkit 4 as per attached. Has anyone else having these problems or is it only me.

Yep my virus checker is doing the same thing

If you Google it, there is quite a bit of info regarding it.
If you use Internet Explorer for a browser, you should consider changing to another browser, and don't use Norton or Mcfee antivirus as these are over sensitive to some issues. But have a read on Google and make up your own mind and keep your programs updated.

Gon Fishun, I was doing some sensitive work across the internet and only got the alert when I had a free moment and opened Ausfish, as I had little time to work out what the issue was I terminated my other work and have just got back in. I had a look on Google just now and it has left me even more confused, is it the firewall, an ad on Ausfish or over sensitive virus protection, in the background of all the information I still seem to understand that this is malicious software or am I wrong.
I am not IT savvy, I only drive the keybord (I also drive car and have no idea of the workings of it) and when previously advised to change from Norton, McAfee or Internet Explorer etc due to some ongoing issues I sought advice from my nephew who is an IT professional and he advised that changing software was usually the easy way out and never addressed the fundamental problem which varied on a case by case basis. From what I have read I can ignore the alerts as the attack has been blocked but what causes it. My nephew is OS at the moment but I will email him for further details but I would be greatfull if some one could explain this in plain language.

Gon Fishun, I was doing some sensitive work across the internet and only got the alert when I had a free moment and opened Ausfish, as I had little time to work out what the issue was I terminated my other work and have just got back in. I had a look on Google just now and it has left me even more confused, is it the firewall, an ad on Ausfish or over sensitive virus protection, in the background of all the information I still seem to understand that this is malicious software or am I wrong.
I am not IT savvy, I only drive the keybord (I also drive car and have no idea of the workings of it) and when previously advised to change from Norton, McAfee or Internet Explorer etc due to some ongoing issues I sought advice from my nephew who is an IT professional and he advised that changing software was usually the easy way out and never addressed the fundamental problem which varied on a case by case basis. From what I have read I can ignore the alerts as the attack has been blocked but what causes it. My nephew is OS at the moment but I will email him for further details but I would be greatfull if some one could explain this in plain language.


I have AVG and Avast antivirus( paid Versions) on my wifes laptop. She was complaining about ads popping up in facebook and on the web browser( Google). What happened was she had downloaded some software which contained malware. It was called "browse to save ads". If you clicked on it, it took you to another web site. It took a lot of fiddling to get rid of it, But I would guess it came in on the back of a software download and because we don't often read all the hoo ha or the ELUA we allow them in.
There is a small free program called Adblock which i have tried and it worked ok. But I'am not keen on all these little ad ons.
Because we have ticked the "allow box" when downloading, Antivirus programs wont' pick up the malware.
Hope this helps. Cheers.

This was copied from Wikipedia.

Malware, short for malicious (or malevolent) software, is software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software.[1] 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.[2]
Malware includes computer viruses, worms, trojan horses, spyware, adware, and other malicious programs. In law, malware is sometimes known as a computer contaminant, as in the legal codes of several U.S. states.[3][4] Malware is not the same as defective software, which is software that has a legitimate purpose but contains harmful bugs that were not corrected before release. However, some malware is disguised as genuine software, and may come from an official company website. An example of this is software used for harmless purposes that is packed with additional tracking software that gathers marketing statistics.
Malware has caused the rise in use of protective software types such as anti virus, anti-malware, and firewalls. Each of these are commonly used by personal users and corporate networks in order to stop the unauthorized access by other computer users, as well as the automated spread of malicious scripts and software.

I have Avast anti virus -paid version, no problems here.

Dan

Gon Fishing, I haven't downloded any new software for nearly a year and what I have read so far on google doesn't make me feel any better about this new attack. strangely enough this evening I am not getting any alerts so I am tota lly confused now.

edit: oops, it's back

Yeah its doing it for me too, I have paid norton and use IE

Yeah its doing it for me too, I have paid norton and use IE

It's quite possible for it to come through with Adobe flash player updates, java , etc. Norton will recognize it and block it. Make sure your Operating systems, browser, antivirus are up to date or get your IT mates to do it. Check if you have a malware program you can run to clean it up. the free program Malwarebytes used to do a good job, you could try that.

Yeah its doing it for me too, I have paid norton and use IE

I have never liked Norton. To me it was very bossy and took over control of my computer. I'am not a control freak, but i do like to control some things. With Internet Explorer I find it slow and vulnerable to attack. You would be better to use Google Chrome or Firefox. Both are good.
I have used AVG for years but was talking to a ham radio Guru who fiddles in computers and he recommended Avast, so I went with that and it is a good program. I would put Avast first then AVG.

Gon Fishing,
Looking to upgrading soon and will look at other options, I did use Google Chrome when it first came out but it caused me a few problems at the time (it was probably beta V2) so got rid of it, and looking at other forums that have had this problem so far it seems that this bit of malware is attached mostly attached to ads.

Also went back through my records and have found that I was mistaken and had downloaded 2 pieced of software about 6 months ago, Garmin and Homeport which I would presume to be OK.

I am still waiting on my nephew to get back to me however being in a remote area OS he is hard to get hold of.

Looks like it may be from one of the adverts, not Ausfish itself.

I dont see the adds though, so cant confirm.

I think you guys are getting what is called a false positive.

http://www.symantec.com/business/support/index?page=content&id=HOWTO27086

http://www.symantec.com/business/support/index?page=content&id=HOWTO27086

are you using symantec?

MRD, is this attack a "safe behaviour"

MRD, is this attack a "safe behaviour"

What anti virus are you using?

Not sure really are you running as admin constantly or a user?

Its probably nothing but I can't say for sure.

Send the report to Lucky Phil, he can pass it on to server admin.

I mean the site may not be infected, as your computer may already have the malware and this site could have triggered it into some activity that the anti virus noticed.

It may not even be malware, software these days is so sneaky and intrusive it might just be normal inquiries.

At least run a cleaner on your computer.

Dan

Dan, I use Norton running as a user. lucky Phil has seen this post and I suspect it has been raised before and it is not relted to Ausfish site but the ads attached. Interestingly it hasn't reappeared now for today and yesterday afternoon.

I use Avira and haven't had a problem since installing it about three years ago. It was recommended in an extensive report I read on free anti viruses.

It is being looked into.

It seems very few people are having this issue.

LP

Make sure you have your browser updated to the latest version and also install any updates to your operating system. You may also want to look at using any browser other than IE.

Thanks Phill, I always update my OS, and ensure that my AV is also up to date, changing browsers is not what I would consider a solution (also have to spend lots of time retraining the boss as she tends to right everything down otherwise it wont work). The attacks only occurred those first few days and has been absent since. I do have the option for several other AV software which I will consider using now that things have settled and check to see if there is anything on my system.

Dignity, you nephew is spot in that changing software is just a workaround that doesn't resolve an underlying issue.

I have been an IT professional for over 14 years and see this sort of thing all the time. It is a false positive, so nothing to worry about.

You should never run two anti-virus products on the one machine - they will fight with each other in the background and will actually reduce your security.

Avast and AVG are good products. If you don't want to pay for software, go with AVG Free Edition. If you do want to pay for software, my recommendation is Vipre Internet Security or Bitdefender Internet Security. I would steer away from Norton or Trend - they both have a high rate of false positives, but inviting in real infections.

If you think you may have an infection, download Malwarebytes Free (say no to the trial) and run a full scan. Once that is done, download Vipre Rescue and let is run a scan.

http://www.malwarebytes.org/

http://live.vipreantivirus.com/

To be super thorough, you can install and run SpyBot 2 Free Edition (during the installation options, unselect the TeaTimer). You should also run the Immunize in this app - is will stop alot of the 'drive-by' and infections resulting from pop-ups.

http://www.safer-networking.org/mirrors/


All are free and will clean up 99% on anything that is there. If you still have issues after that, you likely have a bad rootkit infection and then you start getting into hefty utilities like ComboFix.

http://www.bleepingcomputer.com/download/combofix/

This will wipe out most rootkits. Beyond that, you are generally into wipe and rebuild territory.

Ben.

morphias,
There is a fair bit to digest (not IT savvy) and I will certainly try the majority of what you suggest as so far I can not get hold of my nephew, he works in some pretty wild countries where comms is almost zilch and as I just recently retired from work I don'y have the organistaion I used to have to support me (ther is an upside to working for a living). My Norton is due to expire in about 3 months time and I had considered changing to somehing like Avast, I am happy to pay as with some of the work I do online I sometime shudder at the thought of some one syphoning off the transactions, I quess I am old school and feel people should be paid for their efforts.

My enterprise system at work is picking it up

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=25701

It is the ads. I remember trapping the code at work when I did get that far. Ads should not be calling potentially maliscious code via adobe routines. The code was trying to access client computer responses. That in itself isn't a huge deal as something like javascript is client side. But having the potential to remote control a computer via these calls is too much and something ads should not do.

I wont change what enterprise security systems I implement at work. If it is a falso positive then the owner of the ad company should contact symantec as it could be counter productive. And before you ask, I tried on different operating systems and browsers and it was the security software which picks this up.

Telling people to change operating systems, browsers and security software for this issue isnt the solution. The underlying issue needs to be solved, and this isnt necessarily the site admin's fault, more the ad company's potentially overactive routines to track client activity.

Raylamp, it is only some pages on this forum that causes the message to appear. If i had some basic IT ability I might be able to work out which ad it is but that is not the case. reading about this issue it has appeared on other forums and they have tracked down the ads and seem to have resolved the issue. From what I can gather I am getting a "false positive" which I have no idea what that means but am assured by many that it is not something to worry about, I still get that annoying message though.

Its Bullshit, ignore Norton and get avast premium or something with some integrity.
Norton is notorious for its blatant marketing, making everyone think they have a virus.
The net these days is unsafe so NEVER keep sensitive information on a computer connected to the internet, because believe me Norton will not find it, because real internet crims already know the insides out of Norton and other anti malware software.

Just look at some of the recent scams done down south on small business, those guys had full firewall and security, but it did not do shit, keep nothing of value or interest on any computer connected to the net.

Dan

no probs here i have kaspersky pure 2.0 (paid version) and use firefox as a browser and had no probes but does not mean i trust any antivirus but have had most antivirus programs over the years as said above by mudriverdan trust no av. but is better to have something than nothing

Actually after thinking about it and seeing some things on here I noticed the other day I got a rather intrusive Facebook message.
So agreeing with RayLamp, it is most probably some kind of advert or toolbar addon.
Your browser is your main interface with the internet and a lot of big companies these days still use software that is quite intrusive, I would not say virus but would probably be working to track you for marketing reasons.
You can now imagine, with media and even recently newspapers going online there is a lot of competition on the internet.

This site is tracked by Facebook and Google, which is nothing really but they hold an interestingly large market and I think you will find that most sites you visit are tracked by Facebook and Google.

There is a FireFox add-on called ''Collusion'' that is interesting to see.

Dan

I use to run my own IT Security business and I can tell you by looking at that picture its to do with a script which would be in the ad scripts.
It was made by a group of blackhat hackers. I would advise you to first clean all your temp internet files, cookies, temp files. I recommend this tool to everyone I give advice to
Toolwiz Care its just a free tool that is a 1 click clean up of your system and has some extra advanced features for Security and cleanup/performance.

The other thing is it effects XML which I would guess the ad's are using xml to load as per the referring you to this site it may be trying to load a hidden backdoor script but
your virus scanner is blocking the attack which is a good thing. This only effects IE as you can see in the picture it's stating that the attack is coming from IEXPLORE.EXE.

So all you need to do to fix the xml is read this and download the fixit tool that Microsoft has made for this xml vulnerability - http://support.microsoft.com/kb/2719615

Hope you find this advice to what you need.. if you need anymore IT Security advice just hit me up :)

I use to run my own IT Security business and I can tell you by looking at that picture its to do with a script which would be in the ad scripts.
It was made by a group of blackhat hackers. I would advise you to first clean all your temp internet files, cookies, temp files. I recommend this tool to everyone I give advice to
Toolwiz Care its just a free tool that is a 1 click clean up of your system and has some extra advanced features for Security and cleanup/performance.

The other thing is it effects XML which I would guess the ad's are using xml to load as per the referring you to this site it may be trying to load a hidden backdoor script but
your virus scanner is blocking the attack which is a good thing. This only effects IE as you can see in the picture it's stating that the attack is coming from IEXPLORE.EXE.

So all you need to do to fix the xml is read this and download the fixit tool that Microsoft has made for this xml vulnerability - http://support.microsoft.com/kb/2719615

Hope you find this advice to what you need.. if you need anymore IT Security advice just hit me up :)

I would have to ask, if this has been around for at least 12 months wouldn't Microsoft have patched it through the automatic updates?

Dan

GreekBoi, I will certainly try your suggestions, thank you for your time and effort. I got a cryptic message from my nephew along similar lines but as he has limited coverage his messages are short hand and as I am of the older generation I struggle with understanding them.

I use to run my own IT Security business and I can tell you by looking at that picture its to do with a script which would be in the ad scripts.
It was made by a group of blackhat hackers. I would advise you to first clean all your temp internet files, cookies, temp files. I recommend this tool to everyone I give advice to
Toolwiz Care its just a free tool that is a 1 click clean up of your system and has some extra advanced features for Security and cleanup/performance.

The other thing is it effects XML which I would guess the ad's are using xml to load as per the referring you to this site it may be trying to load a hidden backdoor script but
your virus scanner is blocking the attack which is a good thing. This only effects IE as you can see in the picture it's stating that the attack is coming from IEXPLORE.EXE.

So all you need to do to fix the xml is read this and download the fixit tool that Microsoft has made for this xml vulnerability - http://support.microsoft.com/kb/2719615

Hope you find this advice to what you need.. if you need anymore IT Security advice just hit me up :)

There is a web site called Windows Secrets. It has been around for a long time . Just recently they had a write up about Java script and how it can affect security in some browsers. It might worth a read .

Looks like it may be from one of the adverts, not Ausfish itself.

I dont see the adds though, so cant confirm.

Andy is correct the code excuted from one of the AD's, it launched a Java script, My AV caught it and I fixed it. The AD's are random and i havent had the issue come back, Likely the add service found it and removed the code.

It is not a false positive, but ingnoring warnings is how you will get caught. Treat all warnings with care and take the time to read them.. research and find a solution.

Regards
HOnda.

Regards
HOnda.

@MudRiverDan (http://www.ausfish.com.au/vforum/member.php?129517-MudRiverDan)
No, Microsoft doesn't include all the smaller patches like this. They may of thought it wasn't a serious security hole.
You will find that they only patch the high risk security holes for the operating system, software like Office. But They hardly patch Internet Explorer unless
it was a security hole within the coding of Internet Explorer which this isn't.

@Gon Fishun (http://www.ausfish.com.au/vforum/member.php?37272-Gon-Fishun)

Thanks but I already know this. Its called Java-run-by which a hacker would create a virus and inject it into a special
formed javascript code. When a victim goes to a website that is directed by the hacker the script will ask the victim to accept a trusted
certificate which in turn will download and execute the virus that was injected into the script.

I hope I'm not talking to much jargon :)