VBS\Psyme VirusSDcan Alert! (McAfee)

  • Resolved YogieAnamCara

    (@yogieanamcara)


    13 years, 4 months ago

    Hello,

    usually I work on my multisite WP installation (backend) at home on my iMac via Safari, FF etc.

    Recently I worked on a PC with FF 3.6.18 (also tried IE 7.0.5730.13IS) installed and got a message from McAfee that a script has been stopped due to a VBS\Psyme trojan detection in load-script.php.

    I downloaded all my files from the web to a local folder on that PC and did a scan to it, but there was no detection of any trojan etc. made. I also scanned the entire PC without any find.

    I also deleted all cached files on both browser and McAfee kept warning when I login to my backend of WP 3.2.

    Any idea? Is it just the outdated browser configuration on that PC (sorry I’m not allowed to upgrade to the most recent browsers on that machine to test it myself)? Or is there still a chance that there is a trojan virus?

    Many thanks for your help and advice.

    Cheers
    Yogie

Viewing 3 replies - 16 through 18 (of 18 total)

  • And yes, problem solved after inactivating EXEC-PHP.

    I have informed the EXEC-PHP author about this.
    https://bluesome.net/post/2005/08/18/50/#response-50

    But then, knowing this, should the plugin not be put in HOLD on the WP-site ?!

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    I dropped a note to plugins[at]www.ads-software.com about this one. I don’t actually see anything in the plugin (it’s not been touched in 15 months) to cause this, especially now.

    I’m pretty sure it’s a false positive, but I’m not a PHP security expert. I did download the files and run them through my psycho virus scanner and came up clean.

    How did you come to the conclusion that there would be any connection between EXEC-PHP and this virus ??

    Like I posted above, I rolled back my database using snapshots from PHPMyAdmin until I found the last good configuration and then compared to the one right after it. The only thing I could see that had changed was EXEC-PHP being added. I updated the database to the current day and disabled EXEC-PHP and the problem went away.

    I don’t have McAfee on the computer I develop on, so the problem was there for a couple months without me noticing. When my boss logged in to the back end on her computer with McAfee, then I heard about the issue. I was pretty worried at first, but learned that the VBS\Psyme virus has been in the wild for several years, which made me think it unlikely that we were looking at a real, unpathched vulnerability.

    WordPress should definitely pull the plug-in until it is updated or until McAfee stops misidentifying this “virus.”

Viewing 3 replies - 16 through 18 (of 18 total)
  • The topic ‘VBS\Psyme VirusSDcan Alert! (McAfee)’ is closed to new replies.