Does Internet Explorer 7 REALLY have a VBS:zulu virus embedded in it?

Does Internet Explorer 7 REALLY have a VBS:zulu virus embedded in it?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Anti-Virus Software    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Does Internet Explorer 7 REALLY have a VBS:zulu virus embedded in it? Aluxe 10-20-2006
Posted by Aluxe on October 20, 2006, 12:10 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Can anyone confirm this finding that the new Internet Explorer 7reputedly
has a VBS:zulu virus embedded in the Microsoft download?

Do this now to check:
- Go to http://www.theregister.co.uk/2006/10/19/ie7_release/
- Click on the link titled "download"
This resolves to:
http://www.microsoft.com/windows/ie/default.mspx
- Immediately I get from Avast the message that the VBS:zulu virus was
downloaded (even though I didn't download anything yet).

The Avast 4.7 Home Edition log file says:
(dat file dated 10/19/2006 0642-3)

10/19/2006 8:55:19 PM        SYSTEM        312        Sign of "VBS:Zulu" has been found in
"http://rad.microsoft.com/ADSAdClient31.dll?GetAd=&PG=CMSIE3&SC=F3&AP=1164"
file.

Is this a real virus?
Or is Avast just unfamiliar with the new Internet Explorer from Microsoft?

Posted by Virus Guy on October 20, 2006, 1:41 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Aluxe wrote:

> Can anyone confirm this finding that the new Internet Explorer
> 7 reputedly has a VBS:zulu virus embedded in the Microsoft
> download?
>
> Sign of "VBS:Zulu" has been found in
> "http://rad.microsoft.com/ADSAdClient31.dll?GetAd=&PG=CMSIE3&SC=F3&AP=1164"

I think this was covered here back a few weeks.

ADSAdClient31.dll is "the ad server for Messenger. Where the ads at
the bottom of the contact list come from".

I'm not able to bring up a file-save dialog box where I can download
this file for VT submission.

One attempt resulted in this:

--------------

<script type="text/javascript">//
<![CDATA[document.write('<iframe
src="http://view.atdmt.com/MRT/iview/mcrsswxp0070001348mrt/direct/01?click="
frameborder="0" scrolling="no" marginheight="0" marginwidth="0"
topmargin="0" leftmargin="0" allowtransparency="true" width="120"
height="240"><scr'+'ipt language="JavaScript"
type="text/javascr'+'ipt">document.write(\'<a
href="http://clk.atdmt.com/MRT/go/mcrsswxp0070001348mrt/direct/01/"
target="_blank"><img
src="http://view.atdmt.com/MRT/view/mcrsswxp0070001348mrt/direct/01/"
/></a>\'); </scr'+'ipt></iframe>');//]]>

</script>

--------------

The domain "atdmt.com" is owned by aQuantive Inc. (Seattle).

If you've ever seen "Avenue A" tracking cookies - they belong to
aQuantive.

Posted by Peter van der Goes on October 20, 2006, 9:52 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> Can anyone confirm this finding that the new Internet Explorer 7reputedly
> has a VBS:zulu virus embedded in the Microsoft download?
>
> Do this now to check:
> - Go to http://www.theregister.co.uk/2006/10/19/ie7_release/
> - Click on the link titled "download"
> This resolves to:
> http://www.microsoft.com/windows/ie/default.mspx
> - Immediately I get from Avast the message that the VBS:zulu virus was
> downloaded (even though I didn't download anything yet).
>
> The Avast 4.7 Home Edition log file says:
> (dat file dated 10/19/2006 0642-3)
>
> 10/19/2006 8:55:19 PM SYSTEM 312 Sign of "VBS:Zulu" has been found in
> "http://rad.microsoft.com/ADSAdClient31.dll?GetAd=&PG=CMSIE3&SC=F3&AP=1164"
> file.
>
> Is this a real virus?
> Or is Avast just unfamiliar with the new Internet Explorer from Microsoft?

Nothing going on here, using AVG. I've downloaded and installed IE7 on two
computers here then performed a complete AVG scan on each, plus Spybot S&D,
Adaware, Super AntiSpyware and Gmer rootkit detector.

All negative and all is well.



Posted by Peter van der Goes on October 20, 2006, 10:21 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> Can anyone confirm this finding that the new Internet Explorer 7reputedly
> has a VBS:zulu virus embedded in the Microsoft download?
>
> Do this now to check:
> - Go to http://www.theregister.co.uk/2006/10/19/ie7_release/
> - Click on the link titled "download"
> This resolves to:
> http://www.microsoft.com/windows/ie/default.mspx
> - Immediately I get from Avast the message that the VBS:zulu virus was
> downloaded (even though I didn't download anything yet).
>
> The Avast 4.7 Home Edition log file says:
> (dat file dated 10/19/2006 0642-3)
>
> 10/19/2006 8:55:19 PM SYSTEM 312 Sign of "VBS:Zulu" has been found in
> "http://rad.microsoft.com/ADSAdClient31.dll?GetAd=&PG=CMSIE3&SC=F3&AP=1164"
> file.
>
> Is this a real virus?
> Or is Avast just unfamiliar with the new Internet Explorer from Microsoft?

Nothing going on here, using AVG. I've downloaded and installed IE7 on two
computers here then performed a complete AVG scan on each, plus Spybot S&D,
Adaware, Super AntiSpyware and Gmer rootkit detector.

All negative and all is well.



Posted by jen on October 20, 2006, 12:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
>> Can anyone confirm this finding that the new Internet Explorer
>> 7reputedly
>> has a VBS:zulu virus embedded in the Microsoft download?
>>
>> Do this now to check:
>> - Go to http://www.theregister.co.uk/2006/10/19/ie7_release/
>> - Click on the link titled "download"
>> This resolves to:
>> http://www.microsoft.com/windows/ie/default.mspx
>> - Immediately I get from Avast the message that the VBS:zulu virus
>> was
>> downloaded (even though I didn't download anything yet).
>>
>> The Avast 4.7 Home Edition log file says:
>> (dat file dated 10/19/2006 0642-3)
>>
>> 10/19/2006 8:55:19 PM SYSTEM 312 Sign of "VBS:Zulu" has been found in
>> "http://rad.microsoft.com/ADSAdClient31.dll?GetAd=&PG=CMSIE3&SC=F3&AP=1164"
>> file.
>>
>> Is this a real virus?
>> Or is Avast just unfamiliar with the new Internet Explorer from
>> Microsoft?

Avast false positive... There is a new update today to correct it.

-jen



Similar ThreadsPosted
virus which always pops up internet explorer window March 24, 2007, 1:46 pm
Internet Explorer Popups September 4, 2005, 7:03 pm
Internet Explorer acting like a server April 20, 2007, 4:46 pm
Problem with accessing BTY after re-installing McAfee SecurityCenter using Internet Explorer August 31, 2006, 6:08 am
Internet Explorer Window Loading Race Condition Address Bar Spoofing April 22, 2006, 10:15 am
Slacker Virus in PowerPoint files (embedded Excel objects) July 20, 2008, 1:39 pm
Talk about text files and embedded malware... May 27, 2008, 11:24 am
Any real case of picture files embedded with trojan? September 23, 2005, 1:17 am
Explorer.exe CPU usage September 2, 2006, 9:23 am
Font size of X in right corner of explorer? February 25, 2006, 1:24 am

The site map in XML format XML site map

Contact Us | Privacy Policy