Installing weatherbug

Don't install weatherbug.com.  It contains a HTTP Dragon Toolkit.  kuggdf.com/aukdp/dest.js.  IP is 91.213.217.191

Device\harddiskvolume1\programs files\aws/weatherbug\weatherbug.exe.   HIGH RISK

 

Norton Internet Security 2011 caught it before any damage was done.  Check yourr registry(regedit).

Hello MisterG55

 

I also use WeatherBug. It is the official weather station for Verizon ISP also among other large companies and radio stations and schools and TV stations. It is clean.

Don't install weatherbug.com.  It contains a HTTP Dragon Toolkit.  kuggdf.com/aukdp/dest.js.  IP is 91.213.217.191

Device\harddiskvolume1\programs files\aws/weatherbug\weatherbug.exe.   HIGH RISK

 

Norton Internet Security 2011 caught it before any damage was done.  Check yourr registry(regedit).

Hi! MisterG55,

 

I have been unable to contact the Weatherbug personnel due to the site being busy; however I did have another tech download and install the program and no alerts were given that malware was detected.  The tech also sent the file through VirusTotal and it came up clean there as well.

 

The matter is still being investigated; if a phishing site for Weatherbug has been established then it must be shut down.

 

Tech83 :)

I don't use WeatherBug now but I used to and I agree it is a good program as long as you get it from the official site.

 

The IP address reported by the OP appears to be assigned somewhere to the Africa region.

 

Allen

I can confirm I received the same message from Symantec Endpoint Protection version 11, 11/26/2010 signatures.

Hi! 1611kjb,

 

Welcome to the Norton Community!! :)

 

And Greetings to All others,

 

According to what I have been informed of; the program Weatherbug is not in any way a malicious one.  If your Norton product is detecting malware in the file download then it is quite possible it did not come from the official site for the software.  I would recommend that if you have the file on your computer that is causing this report that you submit the file (according to the proper method for your product) for analysis; this will either confirm or deny the malware's existence.

 

However, I have had several colleagues who even sent the file (that they receive from the official Weatherbug website) through VirusTotal and there isn't any malware detected.

 

Which leads me to believe that at this time the official version of the program is clean and that the possibility that a false positive exists within certain security programs.

 

Tech83 :)

Hello

 

Also please be aware that if you have malware on your computer, it can attack any file on your computer and therefore make it seem as if it is the weather bug program that is the cause of the infection when it may have been the victim of the malware.

I appreciate your reply, but I’m not sure I totally understand it. However, I deleted weatherbug from my machine and all files with the word “weatherbug” any where in them (cookies and such), then I ran regedit and removed any mention of weatherbug from the registry. Then I rebooted my machine. I then went to the weatherbug website and downloaded the program. Installed it and ran it. As part of the installation, it asks for your email, name and zip code. It can’t get your weather until you give it a zip code. While still completing that form and before actually getting my weather, Endpoint gave me yet another message. The Client Management Log says: [SID: 23974] HTTP Fragus Toolkit Request 1 detected. Traffic has been blocked from this application: C:\Program Files (x86)\AWS\WeatherBug\Weather.exe The back trace says the remote host IP Address is 195.189.226.193 whose name is 193.226.189.static.server.ua Whois has no information on the address. What does that mean I am supposed to do? Is Symantec detecting the wrong this or is my system somehow corrupted or is the file from Weatherbug reflecting a recent change?

Hello 1611kjb

Welcome to the Community

FWIW ~ NIS11 pops with same HTTP Fragus Toolkit Request 1 detected.  Blocked - NoAction Required.

The Attacking Computer is my router.

Network traffic from myPC matches the signature of a known attack.

Did you download from this WeatherBug page.

WeatherBug uninstall page

http://www.truste.org/pvr.php?page=validate&softwareProgramId=9&sealid=112

IP Checking 195.189.226.193

Hello

 

I have been using WeatherBug for years now and have had no problems with it as far as malware goes. This is the link for Weather Bug.

http://weather.weatherbug.com/desktop-weather.html

  I would suggest that you send in that file to get analyzed by Symantec. It is very possible that it is a false positive.

 

Please use this link if you think that a file is a false positive:
https://submit.symantec.com/dispute/

If there is a possibility that the file might be infected, please submit it to Symantec using this link:


https://submit.symantec.com/websubmit/retail.cgi



Another alternative which is fast you can use Threat Expert:

http://www.threatexpert.com/submit.aspx

(Thanks to Yaso for providing the links)

 

Please come back and let us know how you made out. Thanks.

Intrusion Attempt.jpg

ThreatExpert rejects for size

Submitted SetUp MSI to Symantec

The WeatherBug SetUp MSI scans clean.

Windows Installer triggers the Intrusion Attempt 

My Image appears to be approved in my Gallery

11/28/2010 12:33 PM,High,An intrusion attempt by BJM-PC was blocked.,Blocked,No Action Required,HTTP Fragus Toolkit Request 1,"BJM-PC (XXX.XXX.X.X, 50496)",strgdfdsg.co.cc/ar/show.php?key=9b562fa34ce9c8505cbeab290c0c9f46&u=kavabanga,"195.189.226.193, 80",XXX.XXX.X.X (XXX.XXX.X.X),"TCP, Port 50496",

I got an intrusion warning JUST by visiting the weather bug website:

 

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,Risk Name,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description,Category
11/28/2010 9:23 PM,High,An intrusion attempt by WINDELLSTUDIO15 was blocked.,Blocked,No Action Required,HTTP Fragus Toolkit Request 1,"WINDELLSTUDIO15 (192.168.0.2, 52002)",inesne.com/gaha/show.php?key=be1d0d4932919ad9e7fba8bb64b02797&u=bmw,"inesne.com (91.213.217.38, 80)",192.168.0.2 (192.168.0.2),"TCP, Port 52002",

 

If the below picture is still awaiting approval, click here.

 

intrusion.png

Strange but the weatherbug on the Windows Live gadget section does not prompt Norton to give out warnings (http://gallery.live.com/liveItemDetail.aspx?li=be391b66-3d65-461c-a86b-0b4e9b42deba&bt=1&pl=1)

 

Edit: It seems weatherbug acts the same as Windows default weather gadget, which is simplier and much more compatable with Windows and NIS :smileytongue:

 

P.S. Like my new avatar? :smileyhappy:

Norton has blocked the 2 sites for a reason and it's correct.

 

Quads

@ Topic

So is this Topic related to this Topic

 

Weatherbug the app is safe or ?

Weatherbug the install is not safe or ?

 

Its partially related. The bleepus warning is thrown up by Norton because of a malicious ad or something on the website is matching the signature. Plus, I have tried the Windows live gallery version and it seems pretty safe. Also, if you have vista or 7, the weather gadget perform the same job as the weatherbug, but alas it does not warn you of severe weather.

I have tried 3 sites Norton blocks I have found so far and Norton is being correct it it's detection.

 

Quads

 


Quads wrote:

I have tried 3 sites Norton blocks I have found so far and Norton is being correct it it's detection.


OK ~ Norton is correct.  Norton is correct in it's detection.  Norton is doing it's job

Adverts are the weak link ?

Thanks for your interest

Cheers

 

 

 

 

I'm not quite sure whether the file is safe or not.  You can upload the setup file to virus total (www.virustotal.com) to see what other AV company says.  I only know that the windows gadget is safe but can't gurantee the safety of the desktop tool.