Hi. Just looking for reassurance. :-\

I was on hXXp://w3.hdtvtest.co.uk and clicked a menu called “Tools”. ScriptShield alerted a threat, said it had blocked the page, and no further action was needed. I shut down IE9 and my router anyway and ran full Avast and MBAM scans. All clear. I then had a look in ScriptShield’s log. It reported that the last script checked was:

w3.hdtvtest.co.uk/news/wp-content/plugins/Saki_Comments_Plugin/js/ajax.js?ver=3.2.1

…but instead of saying something nice like “Threat dealt with” the log reported an error in red ink:

Script: hXXp://huntinginvestserv.info/dain.php?page=286b998bf5d09c8f
Severity: High
Status: Threat: JS:Downloader-gen@bhv[Expl]
Action: Delete
Result: Error: The system cannot find the file specified(2)

ScriptShield.txt says:

“While moving file to chest, error occurred: The filename, directory name, or volume label syntax is incorrect. During the file delete, error occurred: The system cannot find the file specified”.

Surely, if ScriptShield blocked the js and/or page from downloading there wouldn’t be a file to move to the chest and delete? So why report this as an error?

Or should I be worried? ???

Good catch. This is indeed a logical error in the Script Shield’s log file handler. Sometimes, it doesn’t quite make sense to use the same method for all items of the same type (Shields in this case).

In any case, there’s no need to worry. Script Shield indeed blocked the script from executing. It’s just a reporting problem (and we will make sure to fix it for the next program update).

Thanks!
Vlk

Thanks from me to Avast for blocking the wee beastie, whatever it was ;D

@Qibbler,

Please “break” your links in the above posts. Either change “http” to “-hXXp” and/or “www” to “wXw”.

If you can, please use “code” tags instead of “url” tags.

Doing this you are preventing from others to infect themselves (among other additional potential problems).

Thanks.

:-[ :