"Over the years, I don't believe Ed and I have ever disagreed on much."

Can't recall anything at all, Ren. And we go back to 1999 (VDr).

Yes, the warnings were clear for all to see, and caraloca has nothing to apologise for. But there's a strange human compulsion to click on something you've been warned not to click. I couldn't End Task on 32 open IE windows (i.e. 32 instances of IE listed in Task Manager), or right click on the toolbar to close. Even the Start button was inoperative, hence the hard reboot.

I wasn't trying to make an issue of this. Just reporting observations.

EDIT: Just thought this was a good place to put in a plug for my fav. The new AdShield beta passes ALL tests that I have found so far. And of course, it still plays nicely with Prox too.

--

--------
"Spyware/Adware is NOT freeware, it costs all of us dearly." VOP
I am no longer an 'official' member of the SSD team because Lavasoft states that any agent(even volunteer) has a conflict of interest if they are free to voice their own opinion about LS products or ethics. They will not censor me, try as they will.

Quote

---

I couldn't End Task on 32 open IE windows (i.e. 32 instances of IE listed in Task Manager), or right click on the toolbar to close. Even the Start button was inoperative, hence the hard reboot.

Just reporting observations.

---

Guys, this is why I think it's important to look these things over.

While I haven't looked at the code. I am familair with what it was suppose to do. Which is how it acts here.

I don't think one should be seeing new windows or instances. Or probably more accurately. The position shift should appear to be the one window moving.

It sounds like there is a problem, on one end or the other, with the window closing.

Evidently, it's happening on a few different machines.

IOW's some are seeing what appear to be pop-ups, rather than a browser shift.

LurkHere

--

--------
"Spyware/Adware is NOT freeware, it costs all of us dearly." VOP
I am no longer an 'official' member of the SSD team because Lavasoft states that any agent(even volunteer) has a conflict of interest if they are free to voice their own opinion about LS products or ethics. They will not censor me, try as they will.

Inasmuchas I am apparently one of the "uneducated and clueless", I was a bit disturbed when NAV repeatedly halted my machine as the prank site repeatedly tried to do whatever it does. Anyway since NAV and the prank were fighting each other faster than my human mind and human fingers could react, all I could do to escape was to hit my reset button, which was followed by a scan disc before rebooting. A full system scan by NAV subsequently detected a "trojan horse virus" in my ContentIE5 folder. If not for that, manually closing a few dozen pop ups, or whatever might have happened if not for NAV, would not have disturbed me. I have a collection of every prank program written by the rjlsoftware people and the lizardworks people as well as a a few from other sources, some quite mean. With all that I have found and tried up until now there was no damage done, and even with the "mean" ones the biggest challenge sometimes is to figure out how to close them. This one is the first one however that NAV detected as malicious. Symantec's stated philosophy is to not detect prank or joke programs. The following is from Symantec:

This is a joke program. It is not a virus, worm, or Trojan, and it is not detected as such. By design, Symantec Security Response does not provide virus definitions to detect joke programs. Such programs are not malicious, and detecting them only leads to unnecessary virus alerts which could cause you to believe that you have run or received a dangerous program when you have not.

On the other hand, when I have done online scans at Housecall by comparison, half my inventory of prank programs is detected as trojans.

I don't consider NAV to be a poorly written AV, to the contrary I have found it to be very reliable and if this instance was a "false positive", then it is the first one that I have seen in four years of using NAV.

" (The reason flash is a natural format for this sort of thing is that it runs independently of most other browser function calls.)"

To the "uneducated and clueless" such as myself, this sounds like a potential vulnerability if an online flash cartoon can drop a new and previously unknown trojan into unsuspecting user's temp folders.

Perhaps NAV's heuristic detection detected this because it looks too much like a known trojan, I don't really know.

"There does seem to be some random redirect going on. I wonder if the ref to offiz.bei.t-online.de in the source has anything to do with it? I'm curious enough to run a capture later...be interesting to check out the TCP flow. "

If there is more going on than there first appears to the educated and clueful, then maybe NAV is ahead of the curve. Anyway it did me no real damage other than whatever risk there might be in doing, what is it called?, a hard boot? Also I would rather be safe than sorry, so I'm glad to have a practical demonstration of of NAV's ability to stop potentially malicious content while browsing. Up until now, the only alerts I have experience from NAV were infected attachements in emails from people even more "uneducated and clueless" than I.

Mowergun

--

--------
"Spyware/Adware is NOT freeware, it costs all of us dearly." VOP
I am no longer an 'official' member of the SSD team because Lavasoft states that any agent(even volunteer) has a conflict of interest if they are free to voice their own opinion about LS products or ethics. They will not censor me, try as they will.

Date: 4/2/03, Time: 5:19:14, M on OEMCOMPUTER
The file
C:\WINDOWS\Temporary Internet Files\Content.IE5\KD2Z0L6N\open<1>.htm
is infected with the Trojan Horse virus.
Unable to repair this file.

Date: 4/2/03, Time: 5:19:16, M on OEMCOMPUTER
The file
C:\WINDOWS\Temporary Internet Files\Content.IE5\KD2Z0L6N\open<1>.htm
is infected with the Trojan Horse virus.
Unable to repair this file.

Date: 4/2/03, Time: 5:19:16, M on OEMCOMPUTER
The file
C:\WINDOWS\Temporary Internet Files\Content.IE5\KD2Z0L6N\open<1>.htm
is infected with the Trojan Horse virus.
Unable to quarantine this file.

Date: 4/2/03, Time: 5:19:16, M on OEMCOMPUTER
The file
C:\WINDOWS\Temporary Internet Files\Content.IE5\KD2Z0L6N\open<1>.htm
is infected with the Trojan Horse virus.
Unable to quarantine this file.

Date: 4/2/03, Time: 5:26:50, M on OEMCOMPUTER
The file
C:\WINDOWS\Temporary Internet Files\Content.IE5\KD2Z0L6N\open<1>.htm
was infected with the Trojan Horse virus.
The file was deleted.

If I had to bet for the coffee, this looks all the world like a Symantec False Positive.

I agree that FP's are better than missing bad things altogether.

The code from open.htm that I have seen, doesn't have any trojan. It is a browser shift routine.

And appearently some browsers are having trouble with this part of the script:

function fOff(){
flagrun = 0;
}

function playBall(){
xPos += xOff;
yPos += yOff;
if (xPos > screen.width-175){
newXlt();
}

So rather than turning old window off, it stays open as the shift repeats. Or at least that's what I'm assuming by reading the comments. I have not been able to reproduce the failiure here.
_____

Yes, Flash can be used for various things.

With it's power and efficiency, have contributed to it's popularity. I don't think folks should plan on seeing fewer instances anythime soon.

There's a tiny one in the lower portion of the left hand column at NiceFiles .

There's more than meets the eye, with that one as well.

Sherry "uneducated and uninformed" Lynn

Sherry Lynn