Re: IE6 infected

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 10/22/04

  • Next message: Mark Gibson: "Re: IE MSN Search being redirected, Help!"
    Date: Fri, 22 Oct 2004 17:40:32 -0400
    
    

    1) Download the following three items...

             Trend Sysclean Package
             http://www.trendmicro.com/download/dcs.asp

             Latest Trend signature files.
             http://www.trendmicro.com/download/pattern.asp

             Adaware SE (personal free version)
             http://www.lavasoftusa.com/

    Create a directory.
    On drive "C:\"
    (e.g., "c:\New Folder")
    or the desktop
    (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

    Download sysclean.com and place it in that directory.
    Dowload the signature files (pattern files) by obtaining the ZIP file.
    For example; lpt210.zip

    Extract the contents of the ZIP file and place the contents in the same directory as
    sysclean.com.

    2) Update Adware with the latest definitions.
    3) If you are using WinME or WinXP, disable System Restore
            http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    4) Reboot your PC into Safe Mode
    5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
            platform and clean/delete any infectors/parasites found.
            (a few cycles may be needed)
    6) Restart your PC and perform a "final" Full Scan of your platform using both the
            Trend Sysclean utility and Adaware
    7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
            System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
    8) Reboot your PC.
    9) If you are using WinME or WinXP, create a new Restore point

    You can also try some of the below online scanners.

    Trend:
    http://housecall.antivirus.com
    http://housecall.trendmicro.com

    F-Secure:
    http://support.f-secure.com/enu/home/ols.shtml

    McAfee:
    http://www.mcafee.com/myapps/mfs/default.asp

    Panda:
    http://www.pandasoftware.com/activescan/

    Kaspersky:
    http://www.kaspersky.com/de/scanforvirus

    Symantec:
    http://security.symantec.com/

    BitDefender
    http://www.bitdefender.com/scan/license.php

    Freedom Online scanner
    http://www.freedom.net/viruscenter/index.html

    * * * Please report your results ! * * *

    Dave

    "Eric" <noaddress@forme.com> wrote in message news:B17ed.56$Nm2.47@newsfe1-win.ntli.net...
    | I use free versions of ZoneAlarm for firewall & AVG 6.0.779 for anti-virus
    | checking. ZoneAlarm is set to automatically check for updates. Updating AVG
    | is usually the first thing I do every time I go online. I also automatically
    | check for & immediately install updates to IE6, Win 98 & other Microsoft
    | products.
    |
    | My PC seems to have some sort of infection. Web pages I view with IE6 appear
    | to have JavaScript inserted. This script is not actually in those web
    | pages & when I use a non-Microsoft browser I can see them as they should be,
    | This problem does not manifest itself when I create a web page myself and
    | examine it on my hard drive. However once that page is placed in my webspace
    | the Javascript problem manifests itself (see example below: first original
    | file, then file with inserted Javascript).
    |
    | I have tried doing a free PestScan offered by ZoneLabs, but it just opens a
    | blank IE window. It doesn't seem to do anything.
    |
    | Some one suggested using "HijackThis" but the blurb for this says its
    | "Intended for advanced users". I don't think I know enough to use it. Can
    | anyone suggest a course of action which doesn't involve spending money on
    | new software or re formatting my disc& re-installing the operating system?
    |
    | ----------------------------------------------------------------------------
    | ---------------------------
    | <?xml version="1.0" encoding="utf-8"?>
    | <?xml-stylesheet type="text/css" href="standard.css" ?>
    |
    | <!DOCTYPE html
    | PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
    | "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    |
    | <html xmlns="http://www.w3.org/1999/xhtml">
    | <head>
    |
    | <title>Testing NTL webspace</title>
    | </head>
    | <body>
    | <div class="footer">
    | <p>
    | <a href="http://validator.w3.org/check?uri=referer"><img
    | src="vxhtml-basic10.png"
    | alt="Valid XHTML Basic 1.0!"
    | height="31"
    | width="88" /></a>
    | Testing!!!!!!!
    | </p>
    | </div>
    |
    | </body>
    | </html>
    |
    | ----------------------------------------------------------------------------
    | ---------------------------
    | <?xml version="1.0" encoding="utf-8"?>
    | <?xml-stylesheet type="text/css" href="standard.css" ?>
    |
    | <!DOCTYPE html
    | PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
    | "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    |
    | <html xmlns="http://www.w3.org/1999/xhtml">
    | <head>
    |
    | <title>Testing NTL webspace</title>
    |
    |
    | <script language='javascript'
    | src='http://127.0.0.1:1025/js.cgi?pcaw&r=21726'></script>
    |
    | </head>
    | <body>
    | <div class="footer">
    | <p>
    | <a href="http://validator.w3.org/check?uri=referer">
    | </a>
    | Testing!!!!!!!
    | </p>
    | </div>
    |
    | </body>
    | </html>
    |
    | <script language='javascript'>postamble();</script>
    |
    |
    |
    |
    |
    |
    |
    |
    |
    |
    |
    | IE6 Infecyed
    |
    |


  • Next message: Mark Gibson: "Re: IE MSN Search being redirected, Help!"

    Relevant Pages

    • Re: IE6 infected
      ... (e.g., "c:\New Folder") ... Download sysclean.com and place it in that directory. ... | to have JavaScript inserted. ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: zipped folder
      ... How do you know it is a zipped folder? ... Why did you download it? ... After downloading, I right clicked the folder, and go to properties at ... The folder is for Javascript Eighth Edition, ...
      (alt.html)
    • Re: zipped folder
      ... How do you know it is a zipped folder? ... Why did you download it? ... I downloaded the folder from: ... The folder is for Javascript Eighth Edition, ...
      (alt.html)
    • Re: js form stripslashes function has errors
      ... <!DOCTYPE html> ... an obvious hooliganism. ... People applying what is called "HTML 5" now to general purpose Web documents ... Prototype.js was written by people who don't know javascript for people ...
      (comp.lang.javascript)
    • IE6 infected
      ... ZoneAlarm is set to automatically check for updates. ... Updating AVG ... the Javascript problem manifests itself (see example below: ... <!DOCTYPE html ...
      (alt.computer.security)