Re: oe6 reading mail showing as html raw source?
From: PA Bear (PABear_at_mvps.org)
Date: 08/20/04
- Next message: Jim Pickering: "Re: Msimn.exe Has Generated Errors and Will Be Closed by Windows - Knowledge base no help!!!"
- Previous message: PA Bear: "Re: oe6 reading mail showing as html raw source?"
- In reply to: Bill Kearney: "Re: oe6 reading mail showing as html raw source?"
- Next in thread: Bill Kearney: "Re: oe6 reading mail showing as html raw source?"
- Reply: Bill Kearney: "Re: oe6 reading mail showing as html raw source?"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 20 Aug 2004 14:04:34 -0400
Are you running Ad-aware SE? Spybot v1.3? Do you seek updates for each
tool before you use it, every time? Both have new updates: Ad-aware on 16
Aug-04 and Spybot today (20 Aug-04).
Have you re-configured Ad-aware for a full scan as per
http://aumha.org/forum/viewtopic.php?t=5877?
Did you run all of the tools in Safe Mode, with 'Show Hidden Files' enabled,
and in this order?...
CWShredder, Ad-aware, Spybot, HijackThis
Have you posted your HT log to a recommended forum and gotten the 'all
clear' from an expert there?
Bill Kearney wrote:
> ...If I can just 'untangle'
> what OE6 has gotten screwed up I'd be happy.
Judging from everything you've posted here, Bill, I have little doubt that
the Windows Profile is damaged, not OE or any identities, and, barring
anything you've not yet revealed here, the damage has most likely been
caused by malware. While you may be quite an experienced computer user, if
that experience does not include interpreting hundreds of HijackThis logs
accurately you cannot state with any certainty that the Profile is
malware-free without getting the 'all clear' from one of the pros who post
to HT log-specific forums. See "our" sub-thread here.
~~~~~~~~~~~
Bill, you post using a Hotmail address. None of this is occurring in
messages received by an MSN/Hotmail account, correct?
Have you considered creating a new Profile/Log-on, moving the old Profile's
data to it and then deleting the latter?
Did you upgrade to WinXP (?) from an earlier Windows version? Which one?
-- ~PA Bear Bill Kearney wrote: > Nothing enabled (or recently changed) in Accessibility. > > 3rd party extensions not enabled. Enabling didn't change anything (the > problem persists) > > I run ad-aware, spybot and avg... I'm behind a firewall and I'm not one > to run things indiscriminantly. > > CWShredder shows nothing amiss > Nor does HijackThis. > Ad-aware as well (beyond the usual tracking cookies) > Spybot didn't either. > Stinger found nothing. > > I'm left within thinking that whatever OE is using to display the > messages is being disrupted. It's almost as is the message form's text > control is pulling the data through an HTML converter TWICE. > > FWIW, I've got Sysinternal's Process Explorer loaded for looking at what > dlls MSIMN is using and what versions of each. > > Humor me. In the problem Profile: > > IE Tools>Internet Options>General>Accessibility> Is any entry enabled > here? Did you enable it? > > IE Tools>Internet Options>Advanced>Browsing>Enable third-party browser > extensions > Enabled? Any difference in behaviour if you disable it? > > The Windows Profile in question may be infected with malware/hijackware. > Check this Profile for "hijackware": > > Help with Hijackware > http://aumha.org/a/parasite.htm > http://aumha.org/a/quickfix.htm > http://mvps.org/winhelp2002/unwanted.htm > http://inetexplorer.mvps.org/Darnit.htm > > CoolWebSearch Chronicles > http://www.spywareinfo.com/~merijn/cwschronicles.html > > Run these tools in the following order with nothing else running in > background: > > 1. CWShredder (fix all found) > > 2. Ad-Aware (fix all found) > > 3. Spybot (RTFM but generally fix everything in red) > > Important: You *must* seek updates for Ad-Aware, Spybot, etc., before each > and every use, even "right out of the box". But even they can't catch > everything, 24/7. When all else fails, HijackThis > (http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred > tool to use. It will help you to both identify and remove any > hijackware/spyware. **Post your files to http://forums.spywareinfo.com/ > or http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not > here.** > > [Alternate download pages for many of the above tools may be found at > http://aumha.org/a/parasite.htm.] > > Also: > > 1. Download and run Stinger (http://vil.nai.com/vil/stinger/); then... > > 2. Update your virus definitions, enable Show Hidden Files > (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339) > and then run a full system scan in Safe Mode > (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406) > with nothing else running in background. Note the files identified and > removed then find the corresponding page for the file at your AV maker's > online support pages (e.g., > http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html) > and follow all Removal steps. > > WinXP Only (WinME similar): If this scan finds anything, create a new > Restore Point then Disk Cleanup > More options > Delete all but the most > recent Restore Point. > > So How Did I Get Infected Anyway? > http://boards.cexx.org/viewtopic.php?t=957
- Next message: Jim Pickering: "Re: Msimn.exe Has Generated Errors and Will Be Closed by Windows - Knowledge base no help!!!"
- Previous message: PA Bear: "Re: oe6 reading mail showing as html raw source?"
- In reply to: Bill Kearney: "Re: oe6 reading mail showing as html raw source?"
- Next in thread: Bill Kearney: "Re: oe6 reading mail showing as html raw source?"
- Reply: Bill Kearney: "Re: oe6 reading mail showing as html raw source?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
