VBS:Zulu at MicroSoft.Com??

Hello,

Today I was browsing the net for some themes for Windows XP. I went to Google and did a search for " “windows xp” skins ".

One of the results was “Windows XP Themes, Skins, and Screensavers” and the URL was:

http://www.microsoft.com/windowsxp/downloads/desktop/default.mspx

As soon as I clicked on the link… my webshield went off. I was really surprised since I do a ~lot~ of surfing and this was the FIRST time it’s gone off. The alert said:

Sign of “VBS:Zulu” has been found in “http://rad.microsoft.com/ADSAdClient31.dll?GetAd=&PG=CMSDLO&SC=F3&AP=1164

So… I clicked “Abort Connection”, which I ~assume~ is what I’m supposed to do. So, I guess no harm done… correct?

But I just find it strange that out of all the websites I visit daily… I encounter something like this on a ~MicroSoft~ site.

If you aborted connection, nothing should have been downloaded.

Interesting that there is another thread with reporting this detection. I don’t know how you would check it on an online scanner as it shouldn’t be on your computor( no file to submit ). There was a new vps today, so maybe it is pcking it up as a false positve.

Also see this link http://forum.avast.com/index.php?topic=24059.0 same problem with MS pages and very likely to be a false positive. It would appear to be importing ads into the original page (see images on the above link) and that might be what avast is getting hot and bothered about.

You might want to break the links so they aren’t active in the same way as the other topic.

Posted by me and others 5 days ago. :cry:

http://forum.avast.com/index.php?topic=23939.0

Regards
hlecter

I’ve got the same message with the last VPS.
But Dr. Web says the site is clean and, in fact, I think it is…

Avast still finds it in this web page:
http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.mspx

Might need a few refreshes, but there you get an ‘Abort Connection’ with that nice fire brigade alarm, hehe.

Jarmo

EDIT
We should maybe use this web page instead eicar.org to know our antivirus is protecting us :stuck_out_tongue:

This is very strange and annoying in my point of view.
Abort connection is not woking at the first time as it should.
Clicking the buttom, the connection seems not being aborted as the whole webpage is being loaded.
What’s happening with WebShield? Seems not working as it should :stuck_out_tongue: :stuck_out_tongue:

Web shield only blocks the insertion of the script that imports the advert not the whole page. There is a script on the pages for webtrends.com and this is what is being blocked. See the images I have posted in the other topic http://forum.avast.com/index.php?topic=24059.0.

Over the last week or so I have been reading so much about this false positive on Microsoft pages. There are at least 3 different threads here, possibly 4. I saw a few threads on this over at DSL Reports forum as well.

What I’m wondering is…
…why no comment from Alwil team?

Me too :cry:

Me too. :slight_smile:

Many users get upset, and perhaps not even understand what happened.

We cant expect users to come here to find out about this.

hello to all :slight_smile:
A few hours ago I was receiving the same warning, now all the pages are loading correctly without any warning ???
any comments ::slight_smile:
there was no VPS update recently, so then MS fixed something ::slight_smile:

I went there now with Opera 9.02… NO warnings after several reloads :slight_smile:

I went there with IE6… WARNING without reloading at all :frowning:

Indeed funny with “zulu” come and go. ;D

I had a Zulu warning at a Microsoft website two days ago. I was a little surprised.