The link in the "MTFCA Tour Safety Check Form" thread to "www,windowsstartup,com" will put a virus on your computer. I tried it twice and my virus detector intercepted the same virus both times. Beware.
Be_Zero_Be
I doubt that it is a virus. The "startup inspector" has to look at various parts of Windows to determine what is set for startup. Most anti-virus software will flag that occurrence. The script or program probably isn't signed either. But, I'd rather get a false indication than no indication.
I don't like running some of those programs. I can find out what's going on with Windows utilities.
Ken,
Here is what McAfee has to say on this one. You are right in that McAfee didn't like the script. As you say - better a false alarm then no alarm.
Be_Zero_Be
Virus Profile: JS/Wonka
Risk Assessment
- Home Users: Low-Profiled
- Corporate Users: Low-Profiled
Date Discovered: 9/8/2005
Date Added: 9/8/2005
Origin: N/A
Length: various
Type: Trojan
SubType: Script
DAT Required: 4577
Virus Characteristics
-- Update August 24, 2007 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?new sid=4825
--
-- Update September 28, 2005 --
Several cases have been reported to AVERT as potential incorrect identifications of JS/Wonka, which turned out to be accurate hits. These observations were typically made upon visiting hacked web pages. These hacked pages have an IFRAME inserted that point to an external website containing malware such as Exploit-Codebase, Exploit-ANIFile, W32/Dumaru.gen, and Exploit-MhtRedir.gen.
This is a generic detection for highly obfuscated JavaScript. The signature is based on specfic characteristics of the encryption.
Because this is a generic detection there is no specific description of the activity undertaken by JavaScript detected under this name, however these can include malicious activity such as downloading and executing files.
Please submit samples that you think may be false alarms to virus_research@avertlabs.com.
If you go to the Microsoft site, they recommend various third parties for software of merit. Startup Inspector is one they recommended. I run it with my McAfee with no problems. I verified the link at work before I posted it.
Thomas,
I am very impressed with the forethought and research that was done before posting a link. When MacAfee popped up with the warning, the first thing that popped into my mind was - What about other people that might have clicked on this. I decided to go ahead and stick my neck out and relate my experience with this link. I certainly hope there is no feeling of any kind of finger pointing what-so-ever. Please accept my apology for any negative feeling that may have been taken from my post.
Sincerely,
Bob Cascisa
Startup Control Panel (free, tip jar available) http://www.mlin.net/StartupCPL.shtml can be useful.
You might want to check out a review from your favourite download website and possibly consider companion program StartupMonitor.
Bob,
No offense taken, Sir.