| Author |
Message |
gbhughs
Regular
Joined: Sep 11, 2004
Posts: 84
|
 Posted:
Fri Sep 10, 2004 11:35 pm |
|
I recently installed sentinel, and since I have installed it my members are writing me and telling me they are receiving a virus alert when the visit the site now.
I am running (phpnuke) v.7.2 and I am wondering if sentinel is causing this or if I need to look at something else.
All that have wrote to me and told me of this problem are using norton. I even had one member write to me and tell me that after they visited the site explorer crashed on them.
Here is the link to the virus notice they are getting.......
http://securityresponse.symantec.com/avcenter/venc/data/mhtmlredir.exploit.html
If it is coming from sentinel what can I do to fix this so it doesnt scare my members??
Oh yeah here is the link to the site so you can check it out......
http://www.real-home-employment.com/community/index.php
I have proably done something wrong and am just overlooking it.
Thanks for your help in advance.
Gary |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Fri Sep 10, 2004 11:43 pm |
|
Where did you download NukeSentinel from? If there was a virus in the downloads from our sites we would have heard about it before now. |
| |
|
|
|
|
gbhughs
|
| Posted:
Fri Sep 10, 2004 11:47 pm |
|
It looks like I have downloaded it from nukescripts.com?????
Could be wrong, what would you suggest I do??
Start Over and download the version from here?? |
| |
|
|
|
|
Raven
|
| Posted:
Fri Sep 10, 2004 11:49 pm |
|
They're both the same. I just tried that link and there was no problem. I have no idea what would be causing the false positive. |
| |
|
|
|
|
gbhughs
|
| Posted:
Fri Sep 10, 2004 11:51 pm |
|
You know I havent gotten it either, but a few of my members and admin's have wrote to me and told me that they are getting a mhtmlredir.exploit virus warning......... |
| |
|
|
|
|
Raven
|
| Posted:
Fri Sep 10, 2004 11:54 pm |
|
It's a buggy Norton, imo. The fact that non-Norton users are not receiving it would sustantiate it. I use Mcafee Enterprise at work and vCom here at home and if it had a virus then it would be caught. |
Last edited by Raven on Fri Sep 10, 2004 11:55 pm; edited 1 time in total |
|
|
|
|
gbhughs
|
| Posted:
Fri Sep 10, 2004 11:55 pm |
|
Just kinda worries me cause I have noticed a drop in new members and I thought this may be one of the reasons it has dropped. (scares em) 
Any ideas on where it could be coming from or why norton would be picking it up as a problem??
I know its a shot in the dark for you, but I'm running out of ideas..... |
| |
|
|
|
|
Raven
|
| Posted:
Sat Sep 11, 2004 12:00 am |
|
You might try sending Norton the source to your page and asking them where the virus is. |
| |
|
|
|
|
Raven
|
| Posted:
Sat Sep 11, 2004 12:02 am |
|
Also, ask your users that are seeing this if they get it 100% of the time. If not, then it could be coming from the ads on your site, possibly. If you comment out the include lines in mainfile.php, does it stop? Also, are you using v2.0.2? |
| |
|
|
|
|
Raven
|
| Posted:
Sat Sep 11, 2004 12:04 am |
|
One more thing that makes this even more puzzling. NukeSentinel does NOT add any html to your page. I see no way that NukeSentinel could be doing this. |
| |
|
|
|
|
gbhughs
|
| Posted:
Sat Sep 11, 2004 12:07 am |
|
Yes I am using v2.0.2
No I havent tried commenting out the includes lines in the mainfile.php.......So I guess I will try that first.
Will this cause any issues by eliminating those lines?? |
| |
|
|
|
|
Raven
|
| Posted:
Sat Sep 11, 2004 12:10 am |
|
Sentinel will not be active, obviously. Contact one of your users who has the issue to see if he gets it 100% of the time when you have the code active and then what happens when you deactivate it. As I said, NukeSentinel does NOT add any html to your web page so I doubt that it is the cause. |
| |
|
|
|
|
gbhughs
|
| Posted:
Sat Sep 11, 2004 12:10 am |
|
That is a good point........
You stated that maybe the ads could be doing this, but they havent changed recently so I cant see this just coming up.
However would the install of sentinel effect my googletap in any way?? |
| |
|
|
|
|
gbhughs
|
| Posted:
Sat Sep 11, 2004 12:12 am |
|
I have talked to a few of my members and yes they get it 100% of the time.
One of my admin's also gets it 100% of the time. |
| |
|
|
|
|
Raven
|
| Posted:
Sat Sep 11, 2004 12:12 am |
|
Since NukeSentinel does not add any html it will not affect GT. |
| |
|
|
|
|
gbhughs
|
| Posted:
Sat Sep 11, 2004 12:16 am |
|
Well thanks Raven, looks like it is back to the drawing board.
I will get with my admin that is having this problem and see if when I comment out the lines in the mainfile.php if she still gets the warning.
If not I will be back to let you know that it doesnt and we can go from there.
Thanks again
Gary |
| |
|
|
|
|
BobMarion
Former Admin in Good Standing
Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)
|
| Posted:
Sat Sep 11, 2004 12:19 am |
|
Gary,
Did you add GanjaUK's PC Killer templates? If so those would be the reason for the virus warnings. |
_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! |
|
 
|
|
BobMarion
|
| Posted:
Sat Sep 11, 2004 12:22 am |
|
Another question, where is your site located so I could visit it and see if I get the virus warning and what virus it is claiming your site is infected with? |
| |
|
|
|
|
Raven
|
| Posted:
Sat Sep 11, 2004 12:22 am |
|
Those templates are not loaded into the web page, though. They would only get called if an exploit was detected. Gary, have your admin or another user come to my site and see if they get the same warning. |
| |
|
|
|
|
gbhughs
|
| Posted:
Sat Sep 11, 2004 12:23 am |
|
Bob
No I did not.
The last and only thing I did before this was add sentinel.
Makes me wonder if I am having a problem with the alexa or google feeds on the site.
The only other thing I could think of would be the header maybe is causing this.
But I havent changed anything recently..... |
| |
|
|
|
|
gbhughs
|
| Posted:
Sat Sep 11, 2004 12:24 am |
|
Will do Raven, probably wont be until tomorrow AM though. |
| |
|
|
|
|
gbhughs
|
| Posted:
Sat Sep 11, 2004 12:29 am |
|
|
|
|
|
BobMarion
|
| Posted:
Sat Sep 11, 2004 12:31 am |
|
Gary,
First I use Norton's and FireFox so I did not get the warning until I tried going to your site in IE, then the warning poped up. It's located in the frame.htm file on your site or the site of one of your ads.
I'm online right now and I would like you to comment out the nukesentinel include line so I can see if the warning comes up when it's disabled. |
| |
|
|
|
|
BobMarion
|
| Posted:
Sat Sep 11, 2004 12:34 am |
|
Gary,
Nevermind disabling NukeSentinel. It's not it creating the virus warning. Somewhere in your site you have a call to http://kothin.com/frame.html and that is what is generating the virus warning. Why that is being pulled into your site I have no idea but it's the root of the warning. |
| |
|
|
|
|
gbhughs
|
| Posted:
Sat Sep 11, 2004 12:35 am |
|
Ok Bob........
Commented out........  |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
