I just ran Symantec Anti-Virus and it's flagging literally every since HTML, PHP, ASP/ASPX file on my computer as a virus. That's nearly 600 files on my laptop.
Can this be? How can a text file (html/php/etc..) be a virus.
Asked
Active
Viewed 492 times
-1
-
Hmm. How can a PHP program be a virus? Let me see... – Ernie Aug 11 '09 at 21:35
-
A server I run got nailed by a worm a month ago that wrote some code into every HTML file it could find (including some php, etc). That code was some nasty Javascript. It was easy to clean up, but took some time. Maybe you've been visited by the waste-some-time-cleaning-up-iframes fairy as well? – Bill Weiss Sep 18 '09 at 20:46
2 Answers
2
First: Don't assume its wrong until you have actually checked**[1]** some of those files and confirmed they are false positives. It is possible that some malware compromised your machine and is trying to use HTML files as a vector to the next infection.
The next step will depend on what you find.
.
[1] Ways you could check if the files are false positives or not:
Look at the source in your favorite text editor ... is there anything bad added?
or
If HTML isn't your strong point copy/paste the following into a file and save as something.html:
<html><head>
<script>alert('hi');</script>
<style>h1 { color: red; }</style>
</head><body>
<h1>HTML FILE</h1>
<iframe src="http://google.com"/>
</body></html>
The above is completely non-malicious but uses a couple different HTML elements that could be triggering a false positive. Now scan this new file and see if it is also flagged as bad. If it is flagged as bad, edit it again and check that the file has not been changed (malware could have changed it). If the file is not changed, but symantec still thinks its bad, then there is something wrong with your anti-virus.
ehempel
- 143
- 4
0
It's probably finding Javascript or something like that that it suspects is malicious. What are your scan settings?
squillman
- 37,883
- 12
- 92
- 146