Re: Jan II: might be fixed! [WAS: Can't type in IE 6 or OE on Win XP Home PC}
From: PA Bear (PABear_at_mvps.org)
Date: 07/27/04
- Previous message: janet: "Re: Url"
- In reply to: Tony: "Re: Jan II: might be fixed! [WAS: Can't type in IE 6 or OE on Win XP Home PC}"
- Next in thread: Tony: "Re: Jan II: might be fixed! [WAS: Can't type in IE 6 or OE on Win XP Home PC}"
- Reply: Tony: "Re: Jan II: might be fixed! [WAS: Can't type in IE 6 or OE on Win XP Home PC}"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 27 Jul 2004 04:14:38 -0400
Please:
- confirm that you've sought updates for Ad-aware and Spybot before
using them each time;
- confirm you are running Spybot v1.3;
- confirm that you've reconfigured Ad-aware per
http://aumha.org/forum/viewtopic.php?t=5877;
- confirm that you've run both Ad-aware and Spybot in Safe Mode after
first having enabled "Show Hidden Files";
- confirm that you've updated virus definitions (manually, if
necessary), enabled "Show Hidden Files" and ran a full system scan with your
AV app;
- confirm that you've run at least two (2) of the free online scans
found listed at http://aumha.org/secure.php#freeav (NB: one of them *must*
be Panda's!)
- post the URL for the forum thread where you posted your HijackThis log
(and if they didn't have you enable "Show Hidden Files" and run HT in Safe
Mode, do so and post back to the thread. (You may reference this IE6
Browser thread and my post.)
[Is this it?... http://forums.spywareinfo.com/index.php?showtopic=8784 ]
>> Do you or did you have any ["free" toolbars] installed?
>>
> [At] one time yes.
What was it?
> Spybot found ...5 DSO Exploits
Assuming your homepage and default Search choices are what you want them to
be and are working properly, you may consider these DSO exploits a known and
much-discussed bug. You may configure Spybot to ignore them in further
scans.
> ...I have my full [AV scan] set to once per week
That scenario is simply insufficient anymore, Tony. Configure your AV to
seek definitions at least once a day (Some IT pros have chosen hourly!), at
a time when the machine is booted up and connected to the 'net. Then
configure it to run a full system scan about five minutes or so after
seeking and installing updates, also daily.
> In all the time I've been looking here (and other IE
> newsgroups) I've only seen my exact problem posted three times
Tony, I've read, re-read, reviewed and re-reviewed [Quiet, Jan! <wink>] all
of your posts in the original thread (http://snipurl.com/81fo) and here.
You have never stated "your exact problem" in either thread. You only made
a "Me, too" reply to OP Steve's post. Please do not consider this an attack
on you. The fact that you didn't clearly state *your* problem (and what
you'd done so far to solve it) is what caused me to "lurk in the background"
for the past month. I suspect others who may have been able to help also
chose to ignore this thread (and the original) for the very same reason
(though Jan's done an admirable job so far and kudos to her for jumping into
the fray).
> I would appreciate getting some insight as to why you are so sure it's
> malware of some kind...
The inablity to type in IE text boxes (and in OE) was one of the very first
"hijackings" we saw, dating back to December 2002 IIRC. It was caused
(then) by a still-nasty, still around POS called Xupiter. There are so many
new types of hijackware, new variants of known ones, and exploits used to
install them, that we simply cannot keep up with them all (which is prolly
the intent of the a**holes who're writing and foisting this stuff on mostly
unsuspecting users).
I respectfully suggest you (1) enable "Show Hidden Files" (and leave it that
way), (2) update virus definitions and run a full system scan in Safe Mode,
(3) update & run Ad-aware and Spybot (in that order and per all of the
above) once again, then (4) update and run HijackThis again (in Safe Mode),
saving your log.
Then go to http://forums.aumha.org and Register. Sign in and post your new
log to a new thread in http://forum.aumha.org/viewforum.php?f=30. Some of
the best hijackware mavens are working there, including MVPs Mike Burgess
(WinHelp2002 in http://forums.spywareinfo.com/index.php?showtopic=8784),
Siljaline, and the inimitable TonyKlein. Again, you may reference this
thread in your post.
Please do *not* insert your replies inline, it's simply too confusing.
Please do not change the subject of a thread; doing so disassociates your
post and replies to it from the original thread.
Please include all of the previous message in your replies.
-- HTH - Please Reply to This Thread ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE), AH-VSOP AumHa Forums http://forum.aumha.org Protect Your PC http://www.microsoft.com/security/protect Tony wrote: > As there are many points here, I will respond with inserted comments... > > "PA Bear" <PABear@mvps.org> wrote in message > news:%23FPTwRucEHA.3476@tk2msftngp13.phx.gbl... >> Hi, Tony. I've been following this thread since it began earlier this >> month. Reinstalling IE won't make a bit of difference if malware is >> still present on your machine (and your problem is 99.9% certain to be >> malware-related, a recent CoolWebSearch variant, most likely). >> >> IE Tools>Internet Options>General>Accessibility> Is anything enabled >> here? Did you enable it? > > No and no. > >> IE Tools>Internet Options>Advanced>Browsing>Enable third party browser >> extentions (unchecked?) >> > Unchecked. > >> Do you or did you have any P2P file sharing apps installed? How about >> "free" toolbars? >> > No and at one time yes. Many months ago I had some add-on toolbar show up, > but I got rid of it with the combination of tools listed here (I also > checked the Registry to make sure it was removed from the usual keys like > Run and Run Once). Had not shown up since. > >> You piggy-backed onto a thread begun by another poster to which a >> talented MVP (Doug Varnau), familiar with hijackware, had responded. >> Did you see his post? You appear to have take only a few of his >> thorough and explicit suggestions. >> > While I only generically indicated what I did here, I did in fact follow > all of his suggestions. > >>> ...I have been >>> through the entire mantra that the experts here suggest: AdAware, >>> Spybot, CWShredder, Virus Scan, Hijack This, etc. Not one thing was >>> found. I even did the mshtmler.dll replacement. I was left twisting >>> in the wind. Apparently there's not a lot to suggest beyond the usual >>> things that seem to appear in this ng. >> >> Did you seek updates for CWShredder, Ad-aware and Spybot v1.3 before >> using them each & every time (even "right of the box" new), and run them >> in that exact order? Have you updated and run them since 03 July-04? >> Have you enabled 'Show Hidden Files' before running them? Have you >> scanned with these tools in Safe Mode? Has Ad-aware been reconfigured >> for a full custom scan per http://aumha.org/forum/viewtopic.php?t=5877? > > Yes. > > CWShredder just run. Came up completely clean. > > Adaware just run. 14 tracking cookies (all of which I recognize) and 5 > redirected hosts file entries, which other sites indicate is sometimes > incorrectly identified by Adaware. BTW, I am using the hosts file from > http://www.mvps.org/winhelp2002/ > > Spybot found the same tracking cookies as Adaware, and also 5 DSO > Exploits, of the form > > DSO Exploit: Data source object exploit (Registry change, fixed) > HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > As you can see from this example I fixed them. > >> Have you posted your HijackThis log to an appropriate forum for >> interpretation by the pros? HijackThis doesn't fix anything on its own >> and there's a fairly steep learning curve associated with knowing what >> the good and bad guys are. (If you have posted your log somewhere, >> please provide a link to the thread/forum.) >> > Yes. Nothing found. > >> Are your anti-virus application's definitions updated daily, followed by >> a full system scan (also daily)? AFAIK, you haven't yet run a full >> system scan in Safe Mode (see >> http://aumha.org/forum/viewtopic.php?t=5878). > > Yes. Although I have my full scal set to once per week (hasn't found > anything in a long, long time). > >> Furthermore, you're missing several critical security updates at Windows >> Update (though I wouldn't install updates until you get this malware >> problem sorted). >> > Yes, I know. I wanted to resolve this problem before doing this. > > I would appreciate getting some insight as to why you are so sure it's > malware of some kind. The posts on this NG which tend to be traced back to > xxx-ware all seem to be things that many people are posting about (which > makes sense). In all the time I've been looking here (and other IE > newsgroups) I've only seen my exact problem posted three times... twice by > me! Given that my indicated actions have made this problem go away (and > not come back even without any further CW / Ad / Spy etc efforts until I > just ran them again), why do you not conclude that in fact there may have > been a combination of settings that may have been responsible for this? > (I'm not poking you with a stick, I'd like to know)
- Previous message: janet: "Re: Url"
- In reply to: Tony: "Re: Jan II: might be fixed! [WAS: Can't type in IE 6 or OE on Win XP Home PC}"
- Next in thread: Tony: "Re: Jan II: might be fixed! [WAS: Can't type in IE 6 or OE on Win XP Home PC}"
- Reply: Tony: "Re: Jan II: might be fixed! [WAS: Can't type in IE 6 or OE on Win XP Home PC}"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
