Support » Fixing WordPress » JS/MS06-014!exploit detected in ui.core.js

  • ruslany

    (@ruslany)


    I have upgraded my antivirus and it started detecting an expoit when WordPress 2.7 Dashboard UI is loaded in IE7. The antivirus reports the following:

    The JS/MS06-014!exploit was detected in C:\USERS\RUSLAN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\I3WM9LC7\UI.CORE[1].JS.
    Machine: RUSLAN, User: Ruslan\Ruslan.
    File Status: Infected

    Also IE reports two page loading errors:

    Line: 2
    Char: 246
    Error: ‘ui.mouse’ is null or not an object

    Line: 51
    Char: 4
    Error: Object doesn’t support this property or method

    Is this a known issue? Is there really an exploit in the js files or WordPress 2.7?

Viewing 9 replies - 1 through 9 (of 9 total)
  • heisted

    (@heisted)


    You aren’t alone, this also is happening to me — just today!

    ruslany

    (@ruslany)


    Yes, this happened to me today as well after signatures on my antivirus got updated. It worked fine before.

    Is there any known workaround/fix for this?

    Moderator Samuel Wood (Otto)

    (@otto42)


    Probably a false positive. Some antivirus products are way too overprotective.

    I just checked, and ui.core is identical to the one provided by jquery. No threat there.

    We had a similar problem before with some antivirus products and jquery, as I recall. False alarm there too, the vendor updated their signatures within a day or two.

    jaffa1

    (@jaffa1)


    Got the same when I visited my own blog and just wasted almost 3 hours running various anit viru/malware scans to get rid of the ‘problem’.
    I’m using CA (aka Vet) Antivirus.

    cnymike

    (@cnymike)


    I just got this from CA Security Suite. The problem is that the real-time virus protection -deleted- the file ui.core.js

    Do I simply replace that file and I’m good to go again? And if I replace it, I wonder how to have CA ignore it, since it was a real-time event.

    cnymike

    (@cnymike)


    I was able to go into CS Anti-Virus and under Options for the Real-Time Scanner, I excluded ui.core.js.

    As soon as I extracted the zip of WordPress 2.7, CS identified and immediately deleted another file, ui.tabs.js

    This is troubling.

    ruslany

    (@ruslany)


    My antivirus signature got updated again after one day and now it does not report this exploit. I guess it was a false positive.

    heisted

    (@heisted)


    Same here, after figuring out a workaround last night, the signature file for my CA eTrust AV was updated again this AM and the [apparent] false positive is no longer an issue.

    Forget about the antivirus WP plugin, it’s bad. Wait until there’s a proper one.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘JS/MS06-014!exploit detected in ui.core.js’ is closed to new replies.