Norton say my Website has a Virus?

Norton Security | Norton Internet Security
1

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

2

Some users on my website www.Chess.com are saying there is a virus on the site. Two people are reporting this. But everyone else agrees that it is 100% clean. The two people reporting this are using Norton. Everyone else running other AV and Firewall says it's clean. I keep telling them that they are either totally infected or something is wrong with Norton. Which is it? (Here is the thread:

http://www.chess.com/forum/view/help-support/site-is-bugged-with-trojans )

 

Here are some reports:

 

#1

Risk Name: HTTP Quicktime RTSP URI BO

Risk Level: High

Traffic Description: TCP, 51030

#2

Risk Name: Portscan

Risk Level: Medium

Attacking Computer: 192.108.0.1,53

Traffic Description: UDP,53

#3

Risk Name: Bloodhound.Exploit.196

Risk Type: Heuristic Virus

Risk Level: High

File Name: c:\users\zack\appdata\local\temp\acr88c6.tmp

#4

Risk Name: Trojan Virus

Risk Level: High

Definitions Version: 2008.10.11.003

 

Here are some screenshots:

[removed - screenshots below] - but we don't even use Apple Quicktime on the site AT ALL.

[removed - screenshots below] - what is this bloodhound exploit? a false-positive?

[removed - screenshots below]

[removed - screenshots below]

- we don't use anything related to Yahoo Webcam Uploader

 

Thoughts? Help? Are these people just badly infected? Or is Norton also giving false-positives? If so, what can I do about it?

 

Thank you and $25 via PayPal to anyone who can answer these questions with authority (especially around false-positives).

 

Erik

Chess.com

 

 

Message Edited by Tony_Weiss on 10-13-2008 04:04 PM
3

I am also using Firefox since I do not believe in IE.

4

I am using IE7 and I have no problems with the site with NIS2009 active and also Norton SafeWeb (which reports the site as safe).  Maybe the two people reporting the problem are fooling around or maybe that have out-of-date AV programs or maybe they have an infection on their own computer or maybe their is a bot going around that tells me your site is infected when it is really their computer.

 

But ... there is a vulnerability in older versions of Acrobat Flash and Macromedia that may be triggering this.  If your site has any sort of visual display and these posters have set their Flash player as the default for all streaming video, then their players would be invoked and that might be the problem.  The warning would not be about the site by itself, but the use of this vulnerable software on the site.  I assume the chessboards require some kind of player to show the moves, so that might be the trigger.  If it is out-of-date Acrobat or Macromedia, they can update both quickly and easily on Adobe.com.  If they are using Firefox, they should use Firefox to get to Adobe.com and they will get the correct add-on that way.

 

Good luck

Message Edited by mijcar on 10-12-2008 06:42 PM
5

Very true mijcar. There have been updates to Adoble flasher player for security reasons. BTW its no longer Macromedia.

6

Thank you all! I knew it was user error, but it helps to confirm with others using Norton. I have no idea what is wrong with their setups, but I guess a handful of people out of tens of thousands of daily visitors isn’t too bad.

7

Do please encourge those with a problem with Norton to come here for help! They may even be entitled to a free update to the new 2009 versions.

8

Are those screen shots of your pc? If they are why are you running Avira and NIS 2009 together.

9

check this out: [screenshot removed]

 

there is something trying to load into their browser!? where would that be coming from?? (look at the bottom-left of their screen in the status bar - an IP address and an exploits directory!

 

thoughts?

 

 

[edit: removed tinyURL link per the Participation Guidelines and Terms of Service.]

Message Edited by Tony_Weiss on 10-13-2008 04:10 PM
1 Like
10

Are theses screen shots from your pc? You cannot run 2 av’s. It can give you errors like what you see and false positive. Does this onl;y happen with IE?

Message Edited by Dieselman743 on 10-12-2008 06:26 PM

11

I am the one having all the problems. I'm using NIS2008, I was told to update AntiVir by the users of Chess.com because Norton apparently isn't good enough.

 

I was having the problem before I downloaded AntiVir.

Here are some more pics

 [links removed]

 

[edit: removed tinyURL links per the Participation Guidelines and Terms of Service. Please see this thread for information on attaching images to posts]

 

 

Message Edited by Tony_Weiss on 10-13-2008 04:12 PM
12

I went ahead and created an account. Still no problems with your site and NIS 2009.

13

<< I was told to update AntiVir by the users of Chess.com because Norton apparently isn't good enough. >>

 

Don't believe everything you are told ..... except here <g>

14

I don’t get the alerts all the time. It’s rather random. What I do  is click back and forth from “home”, “endless quiz”, etc. until it happens. My feeling is there is a ad that loads on the site trying to infect.

15

[link removed]

 

In this pic I managed to catch a link in the status bar trying to load. Norton will pop up saying bloodhound exploit blocked, trojan blocked. I recently deleted and upgraded all Adobe programs and you can see in the pic (although shadowed) “website wants to open web content using this program on your computer”

 

I’ve never had this problem anywhere else online, so why just chess.com?

 

 

[edit: removed tinyURL links per the Participation Guidelines and Terms of Service. Please see this thread for information on attaching images to posts]

 

Message Edited by Tony_Weiss on 10-13-2008 04:13 PM
16

Dear skaar. You CANNOT run 2 anti viruses. Either use Avira or Norton. If you want to stick with NIS 2008 then its best to upgrade to NIS 2009 for free. Till you remove Avira or upgrade to NIS 2009 there isnt much we can help you with.

1 Like
17

Where can I upgrade to 2009 for free?

18

I don’t want it if it removes my remaining days I have left on my sub.

19

Right here. But uninstall Avira and NIS 2008 first. Your key will still be good for NIS 2009. Be sure you have your key avaible to re enter it in.

 

http://www.symantec.com/home_homeoffice/support/special/upgrade2007/vista/select_product.jsp?site=nuc

 

https://licensing.symantec.com/acctmgmt/index.jsp
Message Edited by Dieselman743 on 10-12-2008 07:09 PM
Message Edited by Dieselman743 on 10-12-2008 07:11 PM
20

Okay. Now what?