Full Disclosure mailing list archives

Re: !! Internet Explorer !!

From: Rachael Treu-Gomes <rara () navigo com>
Date: Fri, 11 Jun 2004 13:47:14 -0500

Sploit-du-jour, throwback from yesteryear, unpatched hole,
pr0n, javascript, careless install, operator error...you name 
it.  You might as well throw a dart at a page of possibilities
if you're trying to blindly diagnose the infection details.

If the suggested spyware removal agents don't fully do the 
trick and you find all web requests continually redirected 
to an alternate site, don't forget to visit and do some
housekeeping on your hosts file.

I'll happily second those in this thread who prescribe
deployment of FireFox or Netscape or Opera or any other
http MO than IE as a prophyllactic measure.  ;)

ymmv,
--ra

-- 
K. Rachael Treu-Gomes, CISSP       rara () navigo com
..quis costodiet ipsos custodes?..

On Fri, Jun 11, 2004 at 07:48:22AM -0700, Harlan Carvey said something to the effect of:

       Yesterday i was visitng web sites. so i felt
my computer slow. and that time i shutdown my
computer and go somewhere. now today i restarted my
computer and when i open internet explorer i got Web
Page. Which i didn't SET. and now i am not able to
write www.anydomain.com . when i type it gave me
error. and it is also opening Popup window
advertise. and it has 2 files in my windows
directory. when i removed them it comes back again.
So please tell me,
1) what  is  it?


Sounds like some sort of spyware/annoy-ware, that
hijacks your default web page, feeds pop-ups, etc.

From what little you've said, sounds like a Browswer

Helper Object, perhaps.  

Some things you might mention are, what's this web
page that you see, but didn't set?  What's the URL?

2) how i can delete/remove it ?


Spybot Search and Destroy.  AdAware.  HijackThis.  Run
them all.

3) how i got this thing ?

From web surfing.  It's also likely that you don't

have (up-to-date) antivirus software.

4) how to secure from this thing ?


Stop using IE.  Try FireFox or Netscape.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

!! Internet Explorer !! Farrukh Hussain (Jun 11)
- Re: !! Internet Explorer !! Matthew Jonkman (Jun 11)
- Re: !! Internet Explorer !! Brian Toovey (Jun 11)
- Re: !! Internet Explorer !! Harlan Carvey (Jun 11)
  - Re: !! Internet Explorer !! Rachael Treu-Gomes (Jun 11)
- Re: !! Internet Explorer !! Andrei Zlate-Podani (Jun 11)
- Message not available
  - Re: !! Internet Explorer !! Koen (Jun 11)
    - Re: !! Internet Explorer !! Pavel Kankovsky (Jun 13)
- RE: !! Internet Explorer !! Syed Imran Ali (Jun 12)
  - PestPatrol (was: !! Internet Explorer !!) Michal Zalewski (Jun 12)
    - Re: PestPatrol (was: !! Internet Explorer !!) yossarian (Jun 12)
    - Yahoo upgraded all accounts to 100MB Syed Imran Ali (Jun 15)
    - Re: Yahoo upgraded all accounts to 100MB William Warren (Jun 15)
    - Re: Yahoo upgraded all accounts to 100MB Joseph Peterson (Jun 15)
    - Re: Yahoo upgraded all accounts to 100MB randall (Jun 15)

(Thread continues...)