locked
Live OneCare is blocking me from a site I built when using IE but not when using Mozilla. ?? RRS feed

  • Question

  • I built a simple website :

     www.artistryinwoodbyed.com .

    There is nothing malicious about it. In Firefox, I can open it just fine. If I try to open it in IE7, I get a pop-up from Live OneCare saying:

    Windows Live OneCare has found potentially unwanted software. TrojanDownloader:JS/Psyme.gen. Category: Trojan Downloader. Alert Level: Severe. Advice: Remove this software immediately. Desc: This program is dangerous and downloads other programs.

    I haven't put anything dangerous on there.

    I also can't access it to update it when using Expression Web.  Expression won't take my username & password. If I use ftp://www.artistryinwoodbyed.com in IE7, I can see the directories but if I try to click any of them I receive the same Trojan Downloader message.

    This means I can't view or update my site, and that customers using OneCare are getting kicked out of my store.

    Please Help!

    Charis Biesold

     

    Friday, January 30, 2009 10:20 PM

Answers

  •  

    This downloader attempts to specifically exploit an Internet Explorer vulnerability that has reportedly long since been corrected, so the threat level is given as low here: http://onecare.live.com/standard/en-us/virusenc/VirusEncInfo.htm?VirusName=TrojanDownloader:JS/Psyme.gen

     

    I didn’t try accessing this site until last evening, but I don’t get any detection with OneCare and IE7. So unless the issue was resolved in the meantime, this might be an issue only for specific configurations, which would fit my finding for the Quarantine problem with this Trojan, where the Quarantine item was unreadable on one machine, but readable on another. If this issue persists for others, I think the problem should definitely be referred to the Anti-Malware Team for further investigation.

     

    GreginMich  

    Sunday, February 1, 2009 5:25 PM

All replies

  • Hello Charis, I see the same issue using One Care. I went to the site using a different AV product and had no issues. I suggest contacting support for help with this. How to reach support - http://social.microsoft.com/Forums/en-US/onecareinstallandactivate/thread/30400b52-7f26-4ba0-bc18-17e305329d90 
    Jim
    Saturday, January 31, 2009 1:05 AM
    Moderator
  •  

    Maybe just a coincidence, but that's the same downloader that was contained in the “corrupt” quarantine file that caused the quarantine “unknown error” message on my system. I should have mentioned this before, because there might be something wrong with the way that the OneCare anti-malware engine detects or deals with this particular Trojan.

     

    GreginMich

    • Edited by GreginMich Sunday, February 1, 2009 7:15 PM
    Saturday, January 31, 2009 4:57 PM
  • I think this may be a false positive because I can't get a detection at Charis's site on computers using other AV products which should detect its presence since JS/Psyme.gen has been around for a couple of years.
    Jim
    Saturday, January 31, 2009 6:10 PM
    Moderator
  •  

    This downloader attempts to specifically exploit an Internet Explorer vulnerability that has reportedly long since been corrected, so the threat level is given as low here: http://onecare.live.com/standard/en-us/virusenc/VirusEncInfo.htm?VirusName=TrojanDownloader:JS/Psyme.gen

     

    I didn’t try accessing this site until last evening, but I don’t get any detection with OneCare and IE7. So unless the issue was resolved in the meantime, this might be an issue only for specific configurations, which would fit my finding for the Quarantine problem with this Trojan, where the Quarantine item was unreadable on one machine, but readable on another. If this issue persists for others, I think the problem should definitely be referred to the Anti-Malware Team for further investigation.

     

    GreginMich  

    Sunday, February 1, 2009 5:25 PM
  •   

    Follow the instructions in this post, http://social.microsoft.com/Forums/en-US/onecareanti-virus/thread/6a1361cb-ae28-4d0b-94df-ae2ae890de29 , to report a suspected false positive - a threat detected by OneCare in error.
    Reports made via this path get to the antimalware team that handle the definitions for all of the Microsoft security products.

    -steve


    Microsoft MVP Windows Live / Windows Live OneCare Forum Moderator
    Monday, February 2, 2009 4:35 PM
    Moderator