Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...malware detect in dotnetnuke.zipmalware detect in dotnetnuke.zip
Previous
 
Next
New Post
2/18/2009 1:38 PM
 
james

www.microtecsoftware.net
Joined: 6/1/2007
Posts: 21

hi @ all,

we detect with the software of PC Doctor a malware in the dotnetnuke.zip file. The Route is :

Providers\HTMLEditorProviders\Fck\App_LocalResources\fckimagegallery.aspx.es-BO.res

We are still looking forward for answers from the dotnetnuke team what happen with this malware detection.
File Name detection of the malware :HiddenFiles

Details about the search:

Spyware Research > Infections > Hidden Files

Details of the selected infection are shown below. This infection can be detected and cleaned using Spyware Doctor.

Nombre: Hidden Files
Nivel de la amenaza: High
Descripción:  
Removal: This infection can be removed using Spyware Doctor.
 

 

A continuación se muestra la información de la infección seleccionada. Se mostrará al menos uno o más de los siguientes campos:

  • Nombre: el nombre de la infección específica, como se presenta en la base de datos.
  • También conocido como: otros nombres por los que puede que esta infección se conozca.
  • Tipo: la categoría a la cual la infección pertenece. Vea el Glosario para más información de los tipos de Infección.
  • Variante: la familia de infecciones a las cuales esta infección pertenece.
  • Por: el distribuidor de esta infección.
  • Riesgo: el nivel de riesgo asignado a esta infección.
  • Descripción: una descripción más detallada de la infección. Si la información está disponible, los aspectos técnicos y los síntomas de esta infección se describen aquí.
 
New Post
2/18/2009 2:40 PM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676

Hello,

i'm not sure what you mean by "We are still looking forward for answers from the dotnetnuke team what happen with this malware detection." - I'm one of a team of people who monitor the security@dotnetnuke.com alias and we have not received any emails asking about this

I can see a number of problems with what you describe - first of the all the file type is .resx which is a storage format for strings and objects such as images - it is not an executable format (such as exe) or an interpretable one such as (aspx/vbs etc.) that could form a virus. Secondly,the actual file you indicate is simply a bolivian spanish translation of the fck functions, dotnetnuke simply uses entries in it to replace text . Looking at the copy I have (you didn't identify the version that you're seeing that problem with so i checked a few . ) it contains no serialized objects, and consists of 12 translated entries for fields such as the text on an upload button, a message that there is no available space etc.

As to your problem itself, I can see a few possibilites

  • the file extension is .res and not .resx - this is different from the version we deploy, but I could conceive of a case where someone renamed it incorrectly. .res files are executable delphi files so this might cause an issue (http://www.fileinfo.net/extension/res)
  • the tool you're using has simply shown a "false positive" where it's flagged something in error - much like if you send a joke about viagra to a friend it may be flagged as spam mail
  • the tool you're using is faking a result, so you get concerned and buy the tool - doing a quick search http://www.google.co.uk/search?hl=en&q=Spyware+Doctor+scam&meta= , throws up a lot of results that would support this theory

If you're concerned I'd recommend you open the file in notepad and examine it's contents, as well as right click on it and get whatever antivirus program you use to scan it.

Cathal

 

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
2/18/2009 4:37 PM
 
james

www.microtecsoftware.net
Joined: 6/1/2007
Posts: 21

hi,
// u wrote
the file extension is .res and not .resx - this is different from the version we deploy, but I could conceive of a case where someone renamed it incorrectly. .res files are executable delphi files so this might cause an issue (http://www.fileinfo.net/extension/res)
//

and u give yourself the answer. It' is a .res file that what is what i've write in this post. So, how it's possible, in an original package from this download site is an .res extension file like this one. This whas my question not less not more. U have write a lot, but at the end you tell me nothing. Even you tell me from where this file is coming. It is in the Original Package, so! I'm not angry, i will only know what happen in this case of issues. I dont check the file, i delete them inmediately and i think so the file is in the package for visual studio.
 
New Post
2/18/2009 6:31 PM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676

please tell me what package you are using, both version and type so I can check i.e. 4.9.2_install . We do not have any .res files in our source code repostory and I cannot find any in the 6-7 packages I checked. Did you install any additional modules, or update versions of the fckeditor ie. did you download the beta version from Locopon's site?

Cathal

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
2/18/2009 6:55 PM
 
es mamlin


Joined: 3/28/2006
Posts: 733

cathal connolly wrote
 

...As to your problem itself, I can see a few possibilites

Cathal-
Good call on the possibility of "Spyware Doctor" being a fake scanner, but the program is, in fact, legit (though its effectiveness and stability may be questionable).  See CNN's (CNET) take on two versions of Spyware Doctor: 
 
   http://www.cnn.com/2007/TECH/ptech/03/29/spyware.doctor/index.html

 
-mamlin

esmamlin atxgeek.me
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...malware detect in dotnetnuke.zipmalware detect in dotnetnuke.zip


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out