Re: Documents in I.E. History
From: terry (terry_at_discussions.microsoft.com)
Date: 11/30/04
- Next message: Eric Lawrence [MSFT]: "Re: cache is pissing me off"
- Previous message: Patrick Fu: "Print result is too BIG"
- In reply to: Jan Il: "Re: Documents in I.E. History"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 29 Nov 2004 17:55:04 -0800
Re: Documents in I.E. history...First thanks Jan, your information gave me a
direction to pursue.. The problem still exists however,but I feel more secure
having seemingly ascertained that my computer is not infested with malware..
My actions were as follows:
Went to http://mvps.org/winhelp2002/unwanted.htm followed the suggestions
and changed my security settings..
Yesterday I downloaded and ran Adware SE, Spybot-search & destroy,
SpySubtract which includeds CWShredder and HiJackThis.. Ran each program 3
times along with my resident program SpyDoctor..
Adware SE, found 4 dialers which I removed ( comment when I originally
obtained SpyDoctor it removed dialers, adware, etc. But as I recall did not
clean anything from the registry the dialers which Adware SE cleaned were in
the registry) Spybot-search & destroy found DSO Exploit, 5 entries, however
despite saying otherwise the program could not repair or delete this threat,
which is a hole in IE..
Today I used my computer normally connected to the internt for approx. 7 to
8hrs. Everything ran slow.. I believe this was a result of changing the
security settings.. I use two programs over the internet which utilize java
applets and I had trouble with the screen freezing and IE not responding and
would have to shut down the program and restart it.. As I have said I hope
this was a result of changing the security settings..
At days end I ran Spybot-search & destroy, again it identified DSO Exploit
nothing else.. I ran Adware SE it found nothing critical and 30 negligible.
The negligible being Norton, SpyDoctor, Windows, Symantec, Paint, Windows
Media Player, essentially all the programs on my computer.. I ran SpySubtract
with CWShredder it found nothing however used its feature to delete tracks
and history and cleared 2.43MB from IE cache, 28 url's from IE history and
123 bytes from windows temp files.. Ran HiJackThis the log seems harmless..
Ran SpyDoctor result no threats, but I know it spent all day rejecting
cookies and adware, thats why the other programs found nothing.. I tried to
download SysClean the main program would download but could not find the
correct pattern file therefore it would not run..
In the end I feel more secure.. But when I log in on a secure site my
account number is still posted to IE history.. And its never consistent today
it showed one of my secure site account numbers, yesterday it was showing my
e-mail address, but not the secure site accnt# . Otherdays it will show
another secure user name I use for another account.. And it still places
Documents which have nothing to do with the internet in Internet Explorer
History...
Would someone type a note in Microsoft Notes save it and tell me if it does
or doesn't ends up in your IE history? If it does not I would appreciate
any further assistance to try and eliminate my secure site names or account
numbers from being posted to the IE history.. Also if I post my HiJack log
to their support forum am I showing the vulnerabilty of my computer??
Thanks again Jan
"Jan Il" wrote:
> Hi terry :-)
>
> You may have a hijacker, malware, spyware or parasites on your system
> causing this problem. Thus, in addition to running your updated anti-virus
> program, you should do the following to be sure none of these are present on
> your system. Although you may have already run one or more of the programs,
> please do so again according to the instructions below. Some variants of
> malware can replicate themselves over and over if not removed properly.
> Please follow all instructions carefully to be sure your system is
> thoroughly cleaned:
>
> Dealing with Unwanted Spyware and Parasites:
> http://mvps.org/winhelp2002/unwanted.htm
> Be sure to run CWShredder, Ad-aware and Spybot.
> If these steps do not resolve your problem, please post back to this thread
> with the details and any error messages.
> (or Spybot - Search and Destroy DSO Exploit Fix 1.3.1 TX)
> http://www.majorgeeks.com/download4392.html
> Also be sure to use the HijackThis. Please do not post your log to this
> newsgroup, but to the HiJackThis Support Forum
> http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
> or the Aumha HiJackThis forums
> http://forum.aumha.org/viewforum.php?f=30
> to allow the experts there to evaluate your log and advise you of the
> necessary steps to clean your system.
>
> Also this program searches for hidden .dlls that recreate the malware.
>
> About Buster:
> http://www.majorgeeks.com/download4289.html
>
>
> CAUTION!!!!! Before you try to remove spyware using any of the programs
> below, download a copy of LSPFIX from any of the following sites:
> http://www.cexx.org/lspfix.htm
> http://www.spychecker.com/program/winsockxpfix.html
> (if your OS is Win2k or XP) The process of removing certain malware may kill
> your internet connection. If this should occur, this program, LSPFIX, will
> enable you to regain your connection.
>
> Also, get a copy of WINSOCKXPFIX available at:
> http://www.spychecker.com/program/winsockxpfix.html
> and
> WinsockXP Fix- WinXP
> http://www.spychecker.com/program/winsockxpfix.html
> Also, with instructions, at
> http://www.iup.edu/house/resnet/winfix.shtm
> also
> From LavaSoft- all versions of Windows-
> http://digital-solutions.co.uk/lavasoft/whndnfix.zip
> also ....
> (NOTE: It is reported that in XP SP2, the command netsh winsock reset
> will fix this problem without the need for these programs.)
>
> or ........
>
> Winsock Fix Utility
> http://www.dfwonline.net/files/WinsockFix.zip
>
> Also.........
>
> Courtesy of Jim Byrd -
>
> Download Sysclean.com, from Trend Micro, here:
> http://www.trendmicro.com/download/dcs.asp along with the latest pattern
> file, here:
> http://www.trendmicro.com/download/pattern.asp
> Be sure to read the "How-to" info here:
> http://www.trendmicro.com/ftp/products/tsc/readme.txt
> You might also want to get Art's updater, SYS-UP.Zip, here for future
> updating of these: http://home.epix.net/~artnpeg/.
> (If you download and use the updater from the beginning, it will
> automatically handle downloading the other files. Place them in a dedicated
> folder after appropriate unzipping, and then run. This scan may take a long
> time, as Sysclean is VERY extensive and thorough
>
> and......
>
> NOTE: If you can not download these programs from the Internet, if your PC
> has CD read capabilities, go to another computer with CD-ROM burning
> capabilities. Create a folder on the hard drive of the other computer called
> HOLD, download the programs to that folder, then burn that folder to a CD.
> Copy the HOLD folder to your HD and then install the programs from there
> and run them. After you have IE access again, update all programs where
> possible to get the latest definitions and run them again in Safe Mode to be
> sure there are no lingering items on the system.
>
> also...........
>
> Additional information on how to protect your PC:
> The Parasite Fight http://www.aumha.org/a/quickfix.htm
> More security tips at http://www.aumha.org/a/parasite.htm
> Bugs, Glitches & Stuffups: http://www.mvps.org/inetexplorer/Darnit.htm
>
> If these steps do not resolve your problem, please post back to this thread
> with the details and any error messages.
>
> Hope this helps
>
> Jan :)
> Smiles are meant to be shared,
> that's why they're so contagious.
>
> Please reply to the newsgroup so others may benefit.
> Replies are posted only to the newsgroup for the benefit or other readers.
>
> How to make a good newsgroup post:
> http://www.dts-l.org/goodpost.htm
>
>
> "
> > Recently I have notice that files from my programs which have nothing to
> do
> > with the internet show up in I.E. history when I open them.. It does not
> > matter whether I.E. is open or whether I am connected to the internet. For
> > example if I write a letter in Lotus or Microsoft solely for printer
> output
> > this file shows up on the I.E. history..
> > Also when using the internet connected to secure sites I.E. creates a page
> > with my private account numbers.. I have auto fill and most every thing
> that
> > can be turn off, is turn off..
> > Is this normal? I am beginning to be more concerned with security and find
> > it odd that my browser can collect non internet files and run the programs
> to
> > open these files..
>
>
>
- Next message: Eric Lawrence [MSFT]: "Re: cache is pissing me off"
- Previous message: Patrick Fu: "Print result is too BIG"
- In reply to: Jan Il: "Re: Documents in I.E. History"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
