IE is allowing virii/trojans/spyware etc. to install without help

From: ktrainor (anonymous_at_discussions.microsoft.com)
Date: 07/13/04 

Date: Mon, 12 Jul 2004 18:41:20 -0700

At Least u know how to manualy remove these things. when
I open ie it goeas to this search page which has ads for
viagra and everything else. i scaned with adaware, zone
virus, aol spyware, change back my home pasge i even went
in regedit and removed what i felt was everthing . can u
help me it even starts putting stuff in my favorites
>-----Original Message-----
>Just my personal experience...
>
>I'm certainly no PC or internet newbie. And I've been
online before there was even a well-known "internet",
using CompuServ in it's earliest days, and BBS's before
that. I know how to avoide email virii, various scams,
and can spot a virus "hoax" a mile away. I have a home
network, behind a firewall/router, and routinely run
ZoneAlarm, Norton AV, AdAware, SpyBot S&D, and have used
various pop-up blockers, currently relying on the one
built into the Google Toolbar.
>
>In spite of all this, twice within the last month my
system has been compromized by my doing nothing more than
clicking a web link on what appeared to be trustworthy
sites. Just a couple days prior to the SCOB scare, I was
surfing around looking for info on digital cameras.
After clicking some link, suddenly the screen began
filling with popups (in spite of the Google popup
blocker), and then the system froze. Upon rebooting, I
found my desktop wallpaper had been replaced by an active
desktop page to a "security" software site, and the CPU
was pegged at near 100%. After about 9 hours, and
multiple passes with various tools, I found I that along
with the desktop hijack, I had been infected with
Backdoor.Jeem, several adware programs, and the nefarious
CoolWebSearch. I lost a whole day tracking down and
removing all traces of this.
>
>This Sunday, an identical episode occurred...searching
Google for info on injector razors. One of the links I
clicked on took me to another site that had
some "consolidated" links regarding my search. About the
5th link I clicked on there suddenly put a couple of
popups on the screen, and one looked like a normal
permissions screen, asking if I wanted to install
something-or-other from "Slotch.Com". Of course I
didn't...but I paused for a minute to look over that
window, as it didn't look quite right. The layout of
the "Yes" and "No" buttons, and a couple other things,
didn't appear genuine. I actually felt that clicking
anywhere on that window was a bad idea, so I just closed
down all browser windows. I also shut down the system,
and then I decided that considering my experience from a
couple weeks earlier, I better check things out
thoroughly.
>
>I unplugged the network cable, and booted to safe mode.
First I ran CWShredder, which found 4 instances
installed. I then ran Spybot S&D, which found 40
suspicious files/entries, and deleted those. Then I ran
Norton AV, which found 57 bad hits. It was only able to
delete 37 of them, so I had to manually right down the
name and location of each file/registry entry and attempt
to get rid of them. After working through all this, I
reconnected to the network and booted up normally.
During the course of this, I also discovered that two
programs called PowerScan and Sidebar T-Search, or
something like that, had been installed, and as neither
had any uninstall or entry in Add/Remove programs, I had
to manually get rid of those.
>
>I wanted to go to the Symantic site and see what other
info might be available for some of the things it found.
After booting up, I decided to use Mozilla Firefox to go
to the site, as I had installed that after the previous
problem, and thought I might be a little safer till I was
sure the machine was clean. But when I clicked on the
Firefox desktop icon, it couldn't find the program...sure
enough, the entire Firefox folder and install was gone.
Sneaky move on the spyware's part! I still had the
Firefox install package on the system, so I reinstalled,
and went out to the Symantec site. I went to a couple
more site with Firefox and then shut the system down.
>
>I started it up a little later, and once again, clicking
on the Firefox icon said it couldn't locate the
program...and again, the entire folder and install was
gone. So something was still on the system, and deleting
Firefox apparently at will. I ran HiJack This! and
noticed a new BHO listing that pointed to a DLL I hadn't
seen before, something like bvm202.dll. I went and
looked at the properties of that DLL, and it had been
created that day, at the same time all the problems
started. So I booted to safe mode again, deleted the
DLL, and deleted all references to in from the Registry.
Reinstalled Firefox again, and now it seems to be
staying, so I'm not sure if that was the problem or not.
>
>In any event, I probably lost almost 20 hours of time
over the two incidents. I'm still not 100% confident of
the machine's status at this point. Numerous bad things
got installed in each instance, and with me doing no more
than clicking a web link...in both cases, I did not
attempt to download or install anything, I did not give
permission for installation, and I had firewalls and AV
products active at the time, along with "supposed" popup
blockers, and I was not doing or visiting
anything "shady" that I shouldn't have been. Yet all of
this did nothing to stop these incidents from occurring.
>
>Point is, IE is simply allowing way to much damage to
occurr with little or no action on the end-users part.
It should never allow something to be installed on my
system without my explicit permission. I do not
understand how this has happened, as I didn't think it
was even possible for things like this to occurr without
me doing SOMETHING to initiate it. If clicking on a web
link is all it takes, then quite clearly the IE browser
is useless.
>
>So now I'm back to using Firefox. We'll see how this
goes. In any event, MS needs to completely redesign it's
security model for this thing, as right now I wouldn't
trust it to go to MS's own website.
>.
>