My virus checker reported a Javascript Trojan in:
\Program Files\Evrsoft\1st Page 2000\IScripts\Buttons\Six buttons from hell.izs
This is a javascript that scripts a button in the, otherwise excellent, Evrsoft 1st Page 2000 HTML editor.
Trendmicro's Pc-cillin says: "This JavaScript (JS) Trojan repeatedly opens Windows on an infected system so that it eats up memory and causes the infected system?s browser to crash."
Other people have discovered it too and are talking about it here: Virus - js.windowbomb
Evrsoft 1st Page 2000 HTML editor: this program contains a ready made JavaScript that some virus checkers see as a virus. It's just code that can be used to make 'joke' pages that open multiple windows, etc., and can be removed by deleting the 'Six buttons from hell.izs' file in the buttons folder.
Posted by: Jim at January 7, 2003 08:58 AMgo to this URL to learn more about the problem:
__ || http://www.fretznet.com/no_virus.htm ||__
Thanks for all the comments. I deleted the file as soon as found that it wasn't anything useful but still I find it disturbing that it was included in the package at all. All developers code "joke" programs at some stage, usually the early stage, of their careers but when they get into a commercial piece of software it really is no joke.
From the descriptions, this script seems harmless, but anything that has the potential to make the machine crash could cause a lot unintentional damage. I have cleaned up many crashed and non functional systems over the years and it was not fun...
I hope the person who included that file is wiser now..
Posted by: Stuart Woodward at January 8, 2003 09:49 AMSomeone had recommended 1st Page 2000 and I attempted to download it last night only to discover that most download sites have pulled it from their line-up. I did find a site that still had it. When I installed it, my virus checker found the trojan, but a complete virus scan of my computer subsequently came back clean. But it's odd that Evrsoft's own page doesn't mention the anomaly and that 1st Page isn't downloadable from Evrsoft.
Posted by: bea at January 10, 2003 11:29 AMI must say that 1st Page 2000 is great HTML editor. I hope that no one has been put off giving it a try..
Posted by: Stuart Woodward at January 10, 2003 02:26 PMI've got fed up with the numerous little bugs in 1st Page and have finally given up on it after waiting about two years for the new version.
I now use AceHTML which is also free and every bit as good as 1st Page.
Posted by: simon harding at January 20, 2003 08:13 PMYesterday, at about 11:00am I downloaded First Page editing software for a wab site I'm working on. I installed it and left it alone after that.
Last night I was listening to music on my computer and was doing paperwork about 10 foot from my system for a period of two hours or so. I didn't even have first page running.
At about 11:45pm my system started acting strange, the audio was fading in and out, screen went blank, the system reset itself and I've hadTo those that have responded saying that this is just code for jokes or is harmless. Let me tell you my story about six buttons from hell that was downloaded with first page editing software.
Yesterday morning I downloaded the software for a web site that I'm working on. Things seemed to be problem with it since. At about 2:00am when I finaly was able to get my system limping along after working on it. I looked in my widows device manager and there were only three device drivers listed. The driver for my network card, widows emergency bios driver and the standard windows default monitor.
All motherboard resource drivers were gone, video adapter driver was missing, IDE harddrive and floppy driver was gone, CD-ROM and all others. In other words only the three drivers I mentioned were there. I've never seen anything like it in all my years of computing. I couldn't believe it.
I checked the activity log of my virus software and found at 11:53:50 discovered "Six buttons from hell.izs infected with Js.Trojan.WindowBomb virus. Unable to repair". At 11:54:04 the file was quaratntined.
During the first couple of reboots, reloading drivers and hardware detections windows keeps loading multimple devices. In fact here it is almost 24 hours later the 3nd DMA controller has a unresolved conflict. So does the 2nd keyboard even though it doesn't exist and the 7 CD-ROMs in which my system only has one.
I went to the Mcafee web site to get more information about this windowbomb virus and as it turns out it is notorious for opening a continuous string of web pages from various web sites.
Is it posible that those sites may have viruses as well? Not to mention that this is a trojan and according to Symantec, trojan atacks have been known to broadcast computer files, personal info an passwords to remote sites.
All I was doing was listening to music via a radio station web site while working and the bomb went off. So whoever thinks it's harmless or just something to create web page jokes is an absolute fool.
see even the grammer checker in my word processor became corrupted
Posted by: Mark Darling at February 1, 2003 12:30 PMI need help. For some reason everytime I turn ON my laptop, 1st Page 2000 start to unpacking and install. Asking me if i want to continue installation. Even if I install the application, if I reboot again same thing happens. I don't know what to do cause I cannot see file name when it runs "unpacking" at the beginning cause it goes soooo fast. It is annoying.
Posted by: neema at March 18, 2003 01:36 AMTo Stuart Woodward,
It seems that you have misunderstood what the term "freeware" means. This software is NOT a commercial version. 1stPage 2000 is freeware. Freeware is software for free. Neat how that works. Commercial software is not for free.
Now that we've gone over that, you cannot spit on coders (one of which I am) because they put in a neat little JavaScript function that opens up multiple browser windows. I've seen worse in ACTUAL commercial softwares.
Now, to Mark Darling:
Your system is not being affected by the "Six buttons from Hell" javascript code that was included with the program. The program does not run this script without a) your interaction, b) your placing it into a page, and c) your running the program initially. Your computer system seems to be having hardware issues (i.e. your HDD or your MB is failing), which is not caused by a simple javascript code.
Now, onto all:
This "six buttons from hell" javascript code is only malicious if you place it into a page. you have to place it into the code, and then actually EXECUTE the page, in order for it to do anything. Javascript does not exist until you run it in the browser.
Unbeleiveible,
what these bast*rds put into OFFICIAL version of that "1st (in destroying your web) Page
Loathing, so what I'd advise you to do... Is to go pay for , and leave 1stPage alone. It's funny... I found this site after browsing through several others, clicking on links... It was all too easy. If you are a web developer (and not an end user... you know who you are, or who you should be), you know what 1stPage is. You also know what 1stPage is not. Malicious is one of those things that 1stPage is not. I didn't have to pay for MY copy of 1stPage, so if you did... I fear you must reconsider spending money on the Internet. Do you hear anyone complaining about how WeatherBug does this, or WeatherBug does that? No, because people get it for free, and it serves its purpose (even though it is evil and installs numerous counts of spyware onto your computer-along with many other 'adware' softwares being offered out there). It's free. It's not commercial. There's nothing that you can do about either of those. Give it up. It's an awesome program which costed you no money. Deal with it.
Posted by: Akuta Same at April 12, 2003 09:20 AMJust so you don't think I'm full of it. Here is the exact quote from their website on the, go figure, PRICING page.
"If you are here to purchase 1st Page 2000, please go back. 1st Page is free and requires no licensing fees. If you would like to use 1st Page 2000 for use in educational institutions, corporate enterprises or government houses you are free to do so."
Hence, not commercial.. but freeware.. free for everyone.
Posted by: Akuta Same at April 12, 2003 09:22 AMrofl...
"I now use AceHTML which is also free and every bit as good as 1st Page."
just as bad too :) setup file contains Troj/Delf-EC, backdoor trojan
You know viruses are all over the place and are not just limited to 'freeware' programs. I have found that the program really is good. I own MS FrontPage and actually, I like FirstPage better, as I do not know Frontpage as well...I'm not knocking Frontpage at all and I don't want to give the impression that I am. It's just been easier for me to use FirstPage. Developers have always written in things in freeware versions that would not show up in commercial versions. They are 'games' they use to stump each other...heck, the thing is FREE, your out no money, it isn't written to "destroy" your PC, heck the people who wrote it could be sued till hell freezes over if that was their intent. I've found many a "Commercial" version of programs that can cause SERIOUS damage to your PC as well. I recently purchased a National Brand Network device that had such a poorly written driver that it caused so many problems with my registery that the laptop became unuseable. I lost many programs and had to buy a new laptop while I repaired the damage to the old one. It has taken weeks to try to recover and I'm not there yet...not even all the backups worked as they should have (and I AM NOT a PC fool). The thing to think about here is that if you don't want potential "problems" then don't use "free" stuff, spend the $$$ and buy commercial versions and remember that in the fine print of their agreement, THEY don't let you hold them accountable for all damages associated with the use of their product because of errors in it, because they DO exist. PC software errors will happend but probably less often with "purchased" items so use them if your that worried. You may also find that some of the only programs written, that are relating to answering the questions you have about certian problems or issues, are freeware due to the fact that the market for designing a "purchaseable" product is not large enough to warrant the expense of development for that product. With PC's you take a chance no matter how careful you try to be...that's life. If your that worried about a program, do some studying and learn to write some of these programs yourself...they are not that easy to do somtimes and freeware author's do not get a penny for their efforts. In todays world of terrirosm, you may find that "freeware bombs" are an excellent way to disrupt peoples lives which is what terrorism is all about....let the buyer beware!.
Posted by: Jeff at July 5, 2003 07:51 PMI'm definitely NOT a computer expert. However, after reading the posts on this site I've determined the following: 1) Anti-Virus software [I use McAfee VirusScan.] will detect "Six Buttons from Hell.izs" as a virus and/or trojan. 2) There is NO need to panic! 3) Just delete the file. 4) It will NOT cause problems with a computer unless someone intentionally includes in an executable file. 5) I originally considered deleting/removing/uninstalling the entire Evrsoft folder, but that's not necessary. 6) The offending file (e.g. "Six Buttons..." is located in the following location: Evrsoft/1st Page 2000/IScripts/Buttons. 6) Just delete the .izs file. 7) Problem solved!!
Posted by: Michael G. Crist at July 28, 2003 05:19 AM