Virus Help - GoFuckYourself.com

JJJ · 10-15-2001, 08:26 AM

I have gotten a few surfer emails regarding "Virus JS Exception Exploit" from galleries on my website. I have checked the galleries the surfers pointed out and cannot find anything.

Anyone have any info on this type of thing.

JJJ

Hot Tropical Babes · 10-15-2001, 08:29 AM

I have found these same galleries while reviewing. I believe it is a counter. Whatever it is, it sets of my antivirus. I will email you with the urls when I come across them again.

ldinternet · 10-15-2001, 08:52 AM

It's is set of by sites that are trying to CHANGE THE HOMEPAGE and/or AUTO-BOOKMARK!

"In many cases, the applet may perform simple actions, such as changing your Internet Explorer home page."

Those bastards...

Download the Microsoft patch from http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/b ulletin/ms00-081.asp

It sets off my anti-virus too.

Here's my log....

Date: 15/10/01, Time: 15:58:56, on R4L1Z3
The file
C:\WINDOWS\Temporary Internet Files\Content.IE5\W6V2BP2J\index[2].htm
is infected with the JS.Exception.Exploit virus.
Unable to repair this file.

Date: 15/10/01, Time: 15:59:06, on R4L1Z3
The file
C:\WINDOWS\Temporary Internet Files\Content.IE5\W6V2BP2J\index[2].htm
is infected with the JS.Exception.Exploit virus.
Unable to quarantine this file.

Date: 15/10/01, Time: 15:59:12, on R4L1Z3
The file
C:\WINDOWS\Temporary Internet Files\Content.IE5\W6V2BP2J\index[2].htm
is infected with the JS.Exception.Exploit virus.
Unable to delete this file.

Date: 15/10/01, Time: 15:59:22, on R4L1Z3
The file
C:\WINDOWS\Temporary Internet Files\Content.IE5\W6V2BP2J\index[2].htm
is infected with the JS.Exception.Exploit virus.
Access to the file was denied.

Virus Name: JS.Exception.Exploit
Aliases:
Infects: N/A
Likelihood: Common
Length: 666 bytes

Memory Resident? No
Size Stealth? No
Full Stealth? No
Triggered Event? No
Encrypting? No
Polymorphic? No

Comments
No additional information

Discovered on: August 16, 2001
Last Updated on: August 29, 2001 at 05:30:24 PM PDT
JS.Exception.Exploit is an exploit which allows unpatched systems to run arbitrary code if a Java applet that was programmed to take advantage of the exploit is allowed to run. In many cases, the applet may perform simple actions, such as changing your Internet Explorer home page. It can also be programmed to run code to perform a mass mailing, as in the case of VBS.Loding.A@mm.

Type: Trojan Horse
Virus Definitions: August 16, 2001
Threat Assessment:
Wild: Low
Damage: Low
Distribution: Low

Number of infections: 0 - 49
Number of sites: 3 - 9
Geographical distribution: Medium
Threat containment: Easy
Removal: Easy

Technical description:

The structure of the code is specific and involves the illegal use of the Applet tag. The exploit was published in at least one security forum. More information about this vulnerability is available at Microsoft's Technet site:
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/b ulletin/ms00-075.asp

Removal instructions:

1. Run LiveUpdate to make sure that you have the most recent virus definitions.
2. Start Norton AntiVirus (NAV), and run a full system scan. Be sure that NAV is configured to scan all files.
3. Delete all files that are detected as JS.Exception.Exploit.

Additional information:
Microsoft has released a patch which closes the security vulnerability exploit. You can download the patch from the following Microsoft site:
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/b ulletin/ms00-081.asp

For a comprehensive list of vulnerabilities, see the following Microsoft Web page:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsoluti ons/security/current.asp

[This message has been edited by ldinternet (edited 10-15-2001).]

Hot Tropical Babes · 10-15-2001, 09:02 AM

Yeah, thats the same one I get.

10-15-2001, 08:26 AM	#1
JJJ Registered User Join Date: Jan 2001 Posts: 97	Virus Help I have gotten a few surfer emails regarding "Virus JS Exception Exploit" from galleries on my website. I have checked the galleries the surfers pointed out and cannot find anything. Anyone have any info on this type of thing. JJJ

10-15-2001, 08:29 AM	#2
Hot Tropical Babes Confirmed User Join Date: Feb 2001 Location: Orlando FL Posts: 3,014	I have found these same galleries while reviewing. I believe it is a counter. Whatever it is, it sets of my antivirus. I will email you with the urls when I come across them again.

10-15-2001, 08:52 AM	#3
ldinternet Confirmed User Join Date: Apr 2001 Posts: 8,245	It's is set of by sites that are trying to CHANGE THE HOMEPAGE and/or AUTO-BOOKMARK! "In many cases, the applet may perform simple actions, such as changing your Internet Explorer home page." Those bastards... Download the Microsoft patch from http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/b ulletin/ms00-081.asp It sets off my anti-virus too. Here's my log.... Date: 15/10/01, Time: 15:58:56, on R4L1Z3 The file C:\WINDOWS\Temporary Internet Files\Content.IE5\W6V2BP2J\index[2].htm is infected with the JS.Exception.Exploit virus. Unable to repair this file. Date: 15/10/01, Time: 15:59:06, on R4L1Z3 The file C:\WINDOWS\Temporary Internet Files\Content.IE5\W6V2BP2J\index[2].htm is infected with the JS.Exception.Exploit virus. Unable to quarantine this file. Date: 15/10/01, Time: 15:59:12, on R4L1Z3 The file C:\WINDOWS\Temporary Internet Files\Content.IE5\W6V2BP2J\index[2].htm is infected with the JS.Exception.Exploit virus. Unable to delete this file. Date: 15/10/01, Time: 15:59:22, on R4L1Z3 The file C:\WINDOWS\Temporary Internet Files\Content.IE5\W6V2BP2J\index[2].htm is infected with the JS.Exception.Exploit virus. Access to the file was denied. Virus Name: JS.Exception.Exploit Aliases: Infects: N/A Likelihood: Common Length: 666 bytes Memory Resident? No Size Stealth? No Full Stealth? No Triggered Event? No Encrypting? No Polymorphic? No Comments No additional information Discovered on: August 16, 2001 Last Updated on: August 29, 2001 at 05:30:24 PM PDT JS.Exception.Exploit is an exploit which allows unpatched systems to run arbitrary code if a Java applet that was programmed to take advantage of the exploit is allowed to run. In many cases, the applet may perform simple actions, such as changing your Internet Explorer home page. It can also be programmed to run code to perform a mass mailing, as in the case of VBS.Loding.A@mm. Type: Trojan Horse Virus Definitions: August 16, 2001 Threat Assessment: Wild: Low Damage: Low Distribution: Low Number of infections: 0 - 49 Number of sites: 3 - 9 Geographical distribution: Medium Threat containment: Easy Removal: Easy Technical description: The structure of the code is specific and involves the illegal use of the Applet tag. The exploit was published in at least one security forum. More information about this vulnerability is available at Microsoft's Technet site: http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/b ulletin/ms00-075.asp Removal instructions: 1. Run LiveUpdate to make sure that you have the most recent virus definitions. 2. Start Norton AntiVirus (NAV), and run a full system scan. Be sure that NAV is configured to scan all files. 3. Delete all files that are detected as JS.Exception.Exploit. Additional information: Microsoft has released a patch which closes the security vulnerability exploit. You can download the patch from the following Microsoft site: http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/b ulletin/ms00-081.asp For a comprehensive list of vulnerabilities, see the following Microsoft Web page: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsoluti ons/security/current.asp [This message has been edited by ldinternet (edited 10-15-2001).]

10-15-2001, 09:02 AM	#4
Hot Tropical Babes Confirmed User Join Date: Feb 2001 Location: Orlando FL Posts: 3,014	Yeah, thats the same one I get.