If you are getting a virus message on WUWT…

I’ve had several people write to me that they are getting reports that WUWT is “infected” with a virus. The common thread to the reports is AVG software, which seems to think some image thumbnails have a virus:

I’ve taken this seriously, and run checks, and I’m happy to report this is a false alarm. WUWT gets a clean bill of health via several online tests:

I used to use AVG antivirus, but became frustrated with it for several reasons, not the least of which is sluggish performance.

Now in all my machines, I use AVAST, which is leaner, highly configurable, and hasn’t given me a single false alarm yet.

Free version here: http://www.avast.com/free-antivirus-download

Tip: if you download and install Avast, use the “custom install” to avoid installing components you might not want, such as the toolbar, which they use to monetize the free version. Other than that, it is a great free resource.

Advertisements

  Subscribe  
newest oldest most voted
Notify of

We’ve had the same experience with one of our websites, with no virus found and no reports of infections.

Mike Bromley the Canucklehead

Thanks! My screen lit up like Times Square!

Ray

I tried both AVAST and AVG but now switched to Microsoft Security Essentials because it doesn’t take much resources. It hasn’t detected any threats on WUWT either.

PaulH

I’m not sure what is going on with AVG these days. It seems they recently had to pull a “useless” anti-virus app from the Windows Phone Marketplace. According to this article, the app also tried to gather some private info from the phone:
http://arstechnica.com/microsoft/news/2011/09/privacy-violating-useless-avg-anti-virus-app-pulled-from-windows-phone-marketplace.ars
Ah well, I use Eset security and it found no problems with the WUWT web site.

john

I noticed that Master Resource website is down this morning as is the Institute for Energy Research. Solargate , Windgate and Loangate are very problematic so my guess is Cass Sunstein and his Al-colytes are busy covering O’s a$$ as well as others.

I’ve been using AVG for several years and have never had a virus warning here.

A couple people reported on Tips & Notes that the ENSO meter displayed from my Comcast site, http://home.comcast.net/~ewerme/wuwt/elninometer-current.gif is a threat. (Okay, it is a threat, but not to your computer!)
I saved one of the notes at http://wattsupwiththat.com/2011/09/08/a-note-regarding-the-noaa-enso-meter/ . The contents of the file are a faithful copy of the images from NOAA. No reason to expect problems with them. The “home.comcast.net” or “~USER” part may be enough for a paranoid virus checker to get annoyed.
Perhaps everyone should grumble at the AV manufacturers. Or change. Or both.
BTW, that image may change soon to include a datestamp.

john @ September 17, 2011 at 8:22 am
I love “Al-colytes”, for all of its obvious implications. 🙂

Annabelle

I recently uninstalled AVG after it slowed my computer down to a crawl. Not worth having.

I like F-PROT–in addition to no false positives, it also has never misssed a true positive (false negative),

Sam Hall

I have used the pay version of AVG for years and it works fine for me.

Phineas Fahrquar says:
September 17, 2011 at 8:26 am
I’ve been using AVG for several years and have never had a virus warning here.

Same here. I also haven’t had it slow my computer to a crawl. Something else going on there.

SCJim

Norton 360 user here and never had a alarm on your site

John David Galt

The fact that AVG detects a threat when other products don’t tells me that the threat is probably real and those other products aren’t doing their job.
For those like myself who use Mozilla, I suggest installing the RequestPolicy add-on, so that you can tell the browser (for example) to refuse to load images from intelliweather.net.

Bruce Cobb

We’ve been perfectly happy with AVG, having used it for about 3 years. The only thing we had to do was to clear the cache, as the box kept coming up with info about the “threat”, and that it had been contained. It’s never happened before, so I assume it’s just a freak occurrence.

John David Galt says: September 17, 2011 at 9:45 am
The fact that AVG detects a threat when other products don’t tells me that the threat is probably real and those other products aren’t doing their job.

Or that AVG isn’t working. I stopped using AVG for a couple of reasons, one being the sluggish response caused by it being a massive resource hog which other people have mentioned. The other reason was that it suddenly began “detecting” viruses in existing, years-old, unmodified files. But only sometimes; other times it would happily scan past those same files with no alerts. The half dozen or so other AV programs I tested against the problem never alerted on those old, unmodified files at all.
So after years of AVG being my AV software of choice… I dumped it and switched.

Ian W

The alarm is being caused by some value(s) in the intelliweather thumbnails in the sidebar that seem to match a virus signature. As these are all jpg it seems unlikely that they would be infected but running tests on WUWT site may not show the problem as these are pulled in by live links to intelliweather.

Anthony, I believe that someone has reported to AVG that your intelliweather jpg images are being used to track usage of the site. This is probably a sign of malicious action like we’ve seen in the past elsewhere.

Richard M

I assumed it wasn’t a real problem since it comes from an image file.
“c:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RNUM1ETX\tempcity_nat_120x90[2].jpg”;”Found Luhe.HTML.Framer.A”;””

I’m going to admit something here in public that very few people would admit; I do not run _any_ sort of active virus software … none, zip, zero, nada (exc maybe Windows firewall: does that count?).
NEVER (knock on wood) had a problem either.
I do drop by the Trendmicro.com website for a ‘scan’ every so often though … and have never found anything during a scan …
.

Annie

I’ve recently given up on AVG and now use Avast! Our main problem is very slow broadband as we are at the end of the ‘phone line. Mains power fluctuates too.

No Anti-Virus program should be reporting false-positives on a website like this. Nor should any home user have to pay for a reliable anti-virus program, use Microsoft Security Essentials instead,
http://www.microsoft.com/en-us/security_essentials/default.aspx

Do not worry or switch, says I.
AVG is just detecting some tracking activity.

A. C. Osborn

Thanks, that worked for me also.

dave ward

Another ex AVG and now Avast! user. AVG made a friends old PC desperately slow, and at times virtually unusable. M/S Security Essentials was much better, but it would often refuse to start properly, so I put Avast! on instead, and it now runs fine. One important point many folks miss is never to rely on the Windows un-install utility – ALWAYS download and employ the A/V providers specific tool, or else you will leave behind lots of files and registry entries which often give problems with the new software.
“The fact that AVG detects a threat when other products don’t tells me that the threat is probably real and those other products aren’t doing their job.”
Not necessarily – haven’t you heard of “False Positives”? Most A/V products are responsible at one time or another. Occasionally this will cause major problems by quarantining an essential system file. The fact that Anthony ran the file past Virus Total is pretty clear proof that there is nothing to worry about. If that test came back with many warnings, it would be a different matter…

“_Jim says:
September 17, 2011 at 10:54 am
I’m going to admit something here in public that very few people would admit; I do not run _any_ sort of active virus software … none, zip, zero, nada (exc maybe Windows firewall: does that count?).
NEVER (knock on wood) had a problem either.”
Kind of the same for me !!!
I do use Malware Bytes for weekly scans

mpaul

I visited WUWT at 12:10 PST and got the AVG warning. This is the first time I’ve seen it on this site.

Robinson

If you use AVG, or any other virus scanner, and you aren’t on a corporate network (i.e. this is home use), uninstall it and download and install MSE (Microsoft Security Essentials). It is FREE as in BEER. It’s as good as, if not better at detecting viruses than most of the others. It’s minimal and does’t hog resources on your system, even with on-access scanning switched on. It doesn’t harass you for free-version upgrades. It doesn’t promise you free use and then hit you with a fee 12 month later. It’s hands-down the best value free anti-virus for Windows out there.
Viruses on Windows are bad for business for Microsoft. Viruses on Windows are good for business for all of the other anti-virus suppliers.
Dislaimer: no, I am not a Microsoft employee and if you do by some miracle get a virus even with MSE, I said it was a virus scanner, not God.

Last week my ESET-NOD32 was popping up virus warnings, so I informed WUWT. It continued for a day or two but has since ceased. Screenshot of warning message:
http://www.markbuckles.com/images/wuwt.png

Michael in Sydney

Using AVG and I’m getting the warning as well. First time was yesterday.

Dr K.A. Rodgers

I have never used AVG but did use Avast for several years. Switched to it after major hassles with Norton.
Had to give Avast up some months back when it started to mess with Outlook Express. I have since switched to Avira with no problems.
I was one of several users so affected. All are now Avira users. So far so good.

Grandpa Boris

All anti-virus and anti-malware programs will occasionally show false positives. The variety of data AV programs have to scan is enormous and it’s a near certainty that some innocuous image will match a signature of a known malware.
What matters is how responsive your AV vendor is, how upfront they are about the issues in their code, and how quickly they fix the false positive issues.
I had used Grisoft’s AVG for many years. About a year ago Grisoft’s quality took a huge step in the wrong direction. Auto-updates were failing, the number of false positives was rising, and Grisoft was stonewalling or were outright rude when their users complained.
That’s when I switched to Avast!. As Anthony said, it’s less intrusive, far more controllable, has a much better user interface, and the company making it seems like much more pleasant and customer-friendly bunch of people.
Avast isn’t trouble-free. I’ve had it throw false-positives and had to endure hours of boot-time rescans because Avast was insisting that it found infection it couldn’t remove while Windows were running (all false alarms). Never the less, it’s better than any other AV products I’ve used over the last few years (AVG, Symantec’s Norton consumer AV, Symantec’s corporate AV, Trend Micro, Macafee)

hotlink

I stopped using AVG months ago when I started getting false hits on a variety of sites. Best of luck to AVG users.

Ian H

If Windows is insecure then switch to something secure. Don’t muck about with unstable kludgy antivirus applications trying to patch the leaks. Install a linux distro like ubuntu and stop worrying already.
[ … windows free since 2009 … will NEVER go back. ]

Steve

I’m also using ESET NOD32, and got exactly the same results as “Mark and two Cats” (9/17, 1:52pm). I sent a note, and the problem has now gone away, it seems. It wasn’t just AVG …

No viri in the wild for the Macintosh OS X, either. . .
/Mr Lynn

Ian H says September 17, 2011 at 4:11 pm
If Windows is insecure then …

Just a few years back it was sufficient enough to run a good firewall (like ZoneAlarm, which I did under Win98SE since it didn’t have one) and be mindful of e-mail attachments and surfing less-than-honorable websites – I frequent the better known websites, websites with ‘legacy’ and history behind them, not the fly-by-night gamer or hacker websites … so where is it these ppl pick up these viruses?
Recall, from above, I am a self-admitted non-user of active Virus software. If ANYBODY should catch these things will-nilly it would be me …
Hiccup.
.

woz

Just slightly OT, a week or so ago when I tried to open WUWT I got a BAD_POOL_HEADER warning with a BSOD, followed quickly by a complete shutdown. (I run Windows and IE.) I’ve never seen that before.
Rebooting all went well. I worked through the advice and tried the fixes, including a complete Registry check and clean. But as soon as I clicked on WUWT it happened again. This continued several times – but only ever when clicking on WUWT. Other programs and sites gave no difficulties.
Then for no obvious reason, it came good and so far hasn’t recurred (touch wood).
I’m not usually a conspiracy theorist – but at one stage I was wondering whether evil enemies had somehow compromised WUWT! Given the topic, thought I’d share this against someone else’s experience!

Some notes on viruses
1. Viruses have, in the past, been transmitted by image files (thumbnails are just small images).
– You craft a malformed image file that will cause a buffer overflow (or similar bug) in the web browser
– This can cause a bit of the image to be executed like a program
– You embed malicious code in the image which is then executed.
2. Detecting viruses mostly involves pattern matching — looking in a file for patterns of bits that resemble a known virus.
3. Sometimes a (perfectly normal) image can coincidentally contain bits that just happen to look a bit like a virus. That causes a false positive in antivirus programs.
In conclusion, if an antivirus program detects a problem in an image file, don’t assume it is a false positive. (Not saying anybody did that, just making a general point).
If it is a false positive, it is not necessarily an indictment on the antivirus program, though it might be.

I use Avast and have never had any virus warnings on WUWT and it uses lots less resource than AVG.

sHx

I used AVG for nearly five years and never had a problem until today. Yep, the same false warning that Anthony is blogging about.
I just made the switch to Avast… for the moment. I’ll test it for a few weeks to see how it goes.
An IT friend strongly recommended Microsoft’s anti-virus program some months back on the grounds that there would be less conflict with Microsoft operating systems, but I don’t really want to prop up a monopoly any more than I have to.

Pablo

Seems to me that this site typically attracts technically-inclined folks, which is why I check the site out daily and read a ton of comments. I’ve been running Ubuntu Linux since 2004, version 4.10 Warty Warthog, which was very, uhm, interesting to say the least. It was good enough for me to do what I needed to do, for free, virus free. Perhaps not trouble-free at that point, but it has gotten so much better now that it has replaced all operating systems at home for myself as well as my wife. She likes it so much she even had to find linux t-shirts to wear and show off. She’s a bit of a geek like me. Anyways, for those of you who say that it would be too tough to do away with windows, there is a solution. I’ve installed VirtualBox in my Ubuntu laptop, and inside VirtualBox, I’ve installed two versions of windows, windows xp and windows 7. This is also how I beta test new versions of Ubuntu before I jump into an upgrade. With VirtualBox, I can run all the virtual machines at the same time and effortlessly switch between any of them by using the Ubuntu workspaces, which are like additional desktop screens. The VirtualBox virtual machines can access all of the hardware I need, printers, scanners, digital cameras, and any other gadget, including old serial port connections to some ancient switches we still use at work. I do all my surfing with an Ubuntu virtual machine, which I can always rebuild from a snapshot with a couple of clicks. I can try to mess it up as much as I can, and it still comes back just as it was before the snapshot. It works like a charm.
This setup has done very well for me and for my wife, who has several old applications that only run on windows, and now she can make full use of her laptops without worrying about viruses or windows bsods. Anyways, that’s a suggestion that could work for a lot of folks if they only just gave it a try. Anyone can download an Ubuntu live CD / DVD that can run right off the optical device without even accessing your hard drive at all.
And if that is too much, you could also download and install VirtualBox for free on your Windows computer and in there, create a virtual machine with Ubuntu in it and use that to surf the web safely. There hasn’t been any application or hardware I have not been able to use, and I’m a system administrator with years of experience, taking care of several datacenters and having many years of rebuilding infected client systems and servers. Believe me, I don’t ever recommend windows to any of my clients if they ask. I’ve always steered them to mac or linux, with virtual box as a binkie if they need it.
Thanks for letting me post this and for reading it, and I hope I wasn’t as preachy as other Linux advocates can be! I do know how hard it can seem to move away from windows, but it is doable.
have fun!

petermue

No virus alert with Kaspersky Internet Security also.
After running AVG for several month, this program seems to be a bit oversensitive.
When AVG alerts became more frequent (even for simple text files) and stressed me out, I changed to Kaspersky and I’m deeply contented now.

Pablo says September 17, 2011 at 7:26 pm
I’ve installed VirtualBox in my Ubuntu laptop, and inside VirtualBox, I’ve installed two versions of windows, windows xp and windows 7.

Just wondering, how well does something useful like Sony Vegas Pro 10 (kick-butt video editing software) do under ‘virtual box’?
How about handing a couple of webcams for live streaming?
What’s the ’emulation penalty’ for translating those system calls and that multimedia handing into internal Linux compatible ‘calls’ and I/O?
Word-processing and spreadsheets are one thing, multimedia can be another (e.g. LabVIEW and the vision processing toolkit) …
.

Ian H says:
September 17, 2011 at 4:11 pm
If Windows is insecure then switch to something secure. Don’t muck about with unstable kludgy antivirus applications trying to patch the leaks. Install a linux distro like ubuntu and stop worrying already.

If my CG rendering apps ran under Linux I’d be happy to give it a try. Such statements as the above assume an awful lot about how one uses their computer.

Still no AVG warning when browsing WUWT for me. Maybe it’s got to do with the OS/Browser combo? I’m using Vista 64 and Firefox 6.02

Poptech

Ian H says, “If Windows is insecure then switch to something secure. Don’t muck about with unstable kludgy antivirus applications trying to patch the leaks. Install a linux distro like ubuntu and stop worrying already.”
So long as you are using Windows XP or higher (XP is supported with security updates by Microsoft until 2014), have automatic updates enabled (which mean windows will be fully patched) and the Windows Firewall enabled you will not have many external security problems (if any). Not to mention most people have routers which have their own firewall. The bulk of security issues comes from things like email attachments and other things people manually install. For these you need an anti-virus program and Microsoft Security Essentials is highly recommended.
Unless you are very competent with computers and can solve technical issues on your own I do not recommend using Linux. Not to mention it is a myth about Linux security,
There has been over 2000 vulnerabilities that has affected popular distros like Ubuntu,
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ubuntu

Luke

Sometimes the attack vector is the ads being piped into the site. If they rotate then you may be clean on refresh and dirty the next.

AlanG

I’ve used McAffee for years with no problems. It includes SiteAdvisor which warns about dodgy sites when doing searches in Google. It’s not free though.

Richard111

My browser was hanging and Microsoft advised removing the AVG online “safe view” feature which I have done. No hangs so far.