Beware of microsoft.com

  • Thread starter Thread starter Jon
  • Start date Start date
J

Jon

Just got a virus alert while surfing on microsoft.com - on the following
link (given in 2 halves on separate lines), contained in a microsoft.com
page

http://rad.microsoft.com/
ADSAdClient31.dll?GetAd=&PG=CMSDLQ&SC=F3&AP=1164

(you can form the full link by adding the second line to the end of the
first if you so choose )

DO SO AT YOUR OWN RISK AND NOT UNLESS YOU ARE WELL PROTECTED

Virus / Worm was identified as vbs:zulu by avast.

Seems like I'm not the first either
http://www.google.co.uk/search?as_q...as_dt=i&as_sitesearch=&as_rights=&safe=active
 
From: "Jon" <[email protected]>

| Just got a virus alert while surfing on microsoft.com - on the following
| link (given in 2 halves on separate lines), contained in a microsoft.com
| page
|
| http://rad.microsoft.com/
| ADSAdClient31.dll?GetAd=&PG=CMSDLQ&SC=F3&AP=1164
|
| (you can form the full link by adding the second line to the end of the
| first if you so choose )
|
| DO SO AT YOUR OWN RISK AND NOT UNLESS YOU ARE WELL PROTECTED
|
| Virus / Worm was identified as vbs:zulu by avast.
|
| Seems like I'm not the first either
|
http://www.google.co.uk/search?as_q...as_dt=i&as_sitesearch=&as_rights=&safe=active
|

I don't see ANY malicious activity at the page cited. The VBS/Zulu has been around for years
and is recognized my McAfee. McAfee does not see anything when I access the web page
either. Information I see on this goes back to 8/24.

It is an OLD Avast False Positive with a bunch of people jumping all over it !

Here you are telling all to "Beware of Microsodt.Com" without even verifying the situation
or even the facts.
 
It cannot be denied that "David H. Lipman said:
From: "Jon" <[email protected]>

| Just got a virus alert while surfing on microsoft.com - on the following
| link (given in 2 halves on separate lines), contained in a microsoft.com
| page
|
| http://rad.microsoft.com/
| ADSAdClient31.dll?GetAd=&PG=CMSDLQ&SC=F3&AP=1164
|
| (you can form the full link by adding the second line to the end of the
| first if you so choose )
|
| DO SO AT YOUR OWN RISK AND NOT UNLESS YOU ARE WELL PROTECTED
|
| Virus / Worm was identified as vbs:zulu by avast.
|
| Seems like I'm not the first either
|
http://www.google.co.uk/search?as_q...as_dt=i&as_sitesearch=&as_rights=&safe=active
|

I don't see ANY malicious activity at the page cited. The VBS/Zulu has
been around for years
and is recognized my McAfee. McAfee does not see anything when I access
the web page
either. Information I see on this goes back to 8/24.

It is an OLD Avast False Positive with a bunch of people jumping all over
it !

Here you are telling all to "Beware of Microsodt.Com" without even
verifying the situation
or even the facts.
Click to expand...

Click refresh a couple of times on the same link, if you're not getting an
alert (it's a rotating ad of some sort, that only intermittently gives the
alert)

If it's a well-known false positive then fair enough - I wasn't aware of it.
 
From: "Jon" <[email protected]>


| Click refresh a couple of times on the same link, if you're not getting an
| alert (it's a rotating ad of some sort, that only intermittently gives the
| alert)
|
| If it's a well-known false positive then fair enough - I wasn't aware of it.
|

I have tested the URL numerous times.

If you weren't aware of it then you just learned a lesson about spreading unsubstantiated
rumours.
 
It may be of interest to note that "David H. Lipman"
From: "Jon" <[email protected]>
Click to expand...
I have tested the URL numerous times.

If you weren't aware of it then you just learned a lesson about spreading
unsubstantiated
rumours.
Click to expand...

No, not really. We only have your word for it thus far that it is in fact a
false positive.
I may look into it in a bit more detail later, to see what exactly is
triggering the alert.

Jon
 
Jon said:
Just got a virus alert while surfing on microsoft.com - on the
following link (given in 2 halves on separate lines), contained in a
microsoft.com page

http://rad.microsoft.com/
ADSAdClient31.dll?GetAd=&PG=CMSDLQ&SC=F3&AP=1164

(you can form the full link by adding the second line to the end of the
first if you so choose )

DO SO AT YOUR OWN RISK AND NOT UNLESS YOU ARE WELL PROTECTED

Virus / Worm was identified as vbs:zulu by avast.
Click to expand...

No problem here, no matter what browser (latest AVAST! Update 0640-0,
latest Engine 4.7.892). Your subject line is just nonsense.
 
From: "Jon" <[email protected]>


| No, not really. We only have your word for it thus far that it is in fact a
| false positive.
| I may look into it in a bit more detail later, to see what exactly is
| triggering the alert.
|
| Jon

True, my word. But at least I have done/been doing my homework without posting a subject
such as "Beware of microsoft.com". LOL

I have also notified my contacts at ALWIL.
 
From: "Detlev Dreyer" <[email protected]>


|
| No problem here, no matter what browser (latest AVAST! Update 0640-0,
| latest Engine 4.7.892). Your subject line is just nonsense.
|

Do a little Googling and you find the subject matter goes back to late August.

However, I am trying to extract information from a someone who posted "...been getting a
warning from my anti-virus software when visiting the microsoft web pages."

All I have been able to get out of this poster was that is was Avast even though I
specifically asked for the suspect URL.
 
I have also notified my contacts at ALWIL.
Click to expand...

Ok, good move. Hopefully they'll update their program as a result, if it's a
false positive as you suggest. Thanks for your input.

Jon
 
Jon said:
Just got a virus alert while surfing on microsoft.com - on the following
link (given in 2 halves on separate lines), contained in a microsoft.com
page

http://rad.microsoft.com/
ADSAdClient31.dll?GetAd=&PG=CMSDLQ&SC=F3&AP=1164

(you can form the full link by adding the second line to the end of the
first if you so choose )

DO SO AT YOUR OWN RISK AND NOT UNLESS YOU ARE WELL PROTECTED

Virus / Worm was identified as vbs:zulu by avast.

Seems like I'm not the first either
http://www.google.co.uk/search?as_q...as_dt=i&as_sitesearch=&as_rights=&safe=active
Click to expand...
They have computers, and they may have other weapons of mass destruction.
Click to expand...
I just went to the site. All I got was a window in the upper right corner
of the screen with rotating advertisement . No virus alert of any kind.
Using Grisoft AVG Free Edition with latest update.

Cajunswabbie
U.S.N, Retired
 
I was more than a little surprised to hear the following from "Cajunswabbie"
I just went to the site. All I got was a window in the upper right corner
of the screen with rotating advertisement . No virus alert of any kind.
Using Grisoft AVG Free Edition with latest update.

Cajunswabbie
U.S.N, Retired
Click to expand...

Ok, thanks. Well that is reassuring and suggests that David was right in
that it is a false positive, if both McCaffee and AVG fail to pick it up.

Click refresh on the page 3-4 times to make sure, though, since it is a
rotating advert, returning a different ad each time - only one triggers the
alert.

I would be interested to know if anyone else gets the alert with Avast,
though - otherwise the problem is probably my end.

Jon
 
Just tried a fresh install of Avast (accepting all the defaults, and
updating it fully) on a completely different machine, and got exactly the
same alert. So the problem does appear to be peculiar to Avast.
 
Jon said:
Just tried a fresh install of Avast (accepting all the defaults, and
updating it fully) on a completely different machine, and got exactly
the same alert.
Click to expand...

On this machine, the web site and the ads appear in German. Again, no
AVAST! alerts at all (Web protection enabled). No matter how often the
site has been refreshed.
So the problem does appear to be peculiar to Avast.
Click to expand...

If this is the case, the false positive depends on the browser's
preferred language setting apparently.
 
It is no coincidence that "Detlev Dreyer said:
On this machine, the web site and the ads appear in German. Again, no
AVAST! alerts at all (Web protection enabled). No matter how often the
site has been refreshed.


If this is the case, the false positive depends on the browser's
preferred language setting apparently.
Click to expand...


Interesting.. that would make sense since the particular adverts that you
see are probably geared towards your particular location.

Anyhow ran some further tests and it looks like there are no significant
system (file or registry) changes made after visiting the link on an
unprotected machine, so I'll give microsoft.com the all clear for now,
which I'm sure it will be greatly relieved to know :-) Thanks for your
input.

Jon
 
Jon said:
Just got a virus alert while surfing on microsoft.com - on the following
link (given in 2 halves on separate lines), contained in a microsoft.com
page
Click to expand...

Please don't post virus warnings, leave such matters to the professionals
who work on countering malware this for a living. More likely than not,
you're dealing with some spy-ware creating spurious pop-ups or faulty
anti-virus software.
 
From: "Detlev Dreyer" >

|
| No problem here, no matter what browser (latest AVAST! Update 0640-0,
| latest Engine 4.7.892). Your subject line is just nonsense.
|

Do a little Googling and you find the subject matter goes back to late
August.

However, I am trying to extract information from a someone who posted
"...been getting a
warning from my anti-virus software when visiting the microsoft web
pages."

All I have been able to get out of this poster was that is was Avast even
though I
specifically asked for the suspect URL.
Click to expand...

I get a warning from Avast for VBS:Zulu when viewing that page on this file:
http://rad.microsoft.com/ADSAdClient31.dll?GetAd=&PG=CMSDLQ&SC=F3&AP=1164

This i in IE7 on Vista, Avast version 4.7.892, VPS file 0640-0
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Does Internet Explorer 7 REALLY have a VBS:zulu virus embedded in it? 4

Back
Top