Virus on (user's) avatar from stencyl.com. [ANSWERED, NOT A VIRUS]

RibShark

  • Posts: 15
Sometimes when browsing stencyl, I get a virus warning claiming a script is embedded in the image  http://static.stencyl.com/avatars/35301.png. So, what is with this?

« Last Edit: April 06, 2012, 01:09:49 am by Jon »

Jon

  • *
  • Posts: 17533
Not sure about the details, but that particular user (I think, not 100% sure) has given us, Abigayl and some educators some minor trouble over improper language fairly recently. Joe last contacted the user, so I'll defer the final action to him.

As for embedded scripts, sometimes people embed scripts in images to track for advertising purposes.

captaincomic

  • *
  • Posts: 6108
The file is not a PNG. VirusTotal and a similar service identified it as "JavaSetup6u30.exe"  ??? but didn't report any threat.

Tygerzin

  • Posts: 23
I realize this is an old post, but I've been getting the message. "Web Attack: Suspicious Executable Image Download."

Since Reuben is listed as a follower of Jon and some other likely to visit users, can we have the avatar removed or replaced with a generic one?  Even if it is safe, having a security message popup regularly degrades the forum experience and probably doesn't help with sales.

Tygerzin

  • Posts: 23
Took a closer look at the avatar and it looks like it may have already been replaced a number of months ago with the generic avatar. 
Reported it as a false positive to Symantec...
https://submit.symantec.com/false_positive/

Jon

  • *
  • Posts: 17533
I took a second look at the avatar in question and have found that there is some *other* EXE in its place. It's not apparent from the profile because the site is smart enough to auto-replace a non-image with a generic placeholder, but if you visit the file directly, it is an EXE of some kind.

I've removed the "image" and have destroyed the user's account. They probably didn't do this out of malice (more out of ignorance), but I'm not going to take any chances.

« Last Edit: November 25, 2013, 11:42:44 pm by Jon »