|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
|
Thread Tools | Display Modes |
|
#1
October 22nd 04, 01:28 PM
|
|||
|
|||
IE6 infected
I use free versions of ZoneAlarm for firewall & AVG 6.0.779 for anti-virus
checking. ZoneAlarm is set to automatically check for updates. Updating AVG is usually the first thing I do every time I go online. I also automatically check for & immediately install updates to IE6, Win 98 & other Microsoft products. My PC seems to have some sort of infection. Web pages I view with IE6 appear to have JavaScript inserted. This script is not actually in those web pages & when I use a non-Microsoft browser I can see them as they should be, This problem does not manifest itself when I create a web page myself and examine it on my hard drive. However once that page is placed in my webspace the Javascript problem manifests itself (see example below: first original file, then file with inserted Javascript). I have tried doing a free PestScan offered by ZoneLabs, but it just opens a blank IE window. It doesn't seem to do anything. Some one suggested using "HijackThis" but the blurb for this says its "Intended for advanced users". I don't think I know enough to use it. Can anyone suggest a course of action which doesn't involve spending money on new software or re formatting my disc& re-installing the operating system? ---------------------------------------------------------------------------- --------------------------- ?xml version="1.0" encoding="utf-8"? ?xml-stylesheet type="text/css" href="standard.css" ? !DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" html xmlns="http://www.w3.org/1999/xhtml" head titleTesting NTL webspace/title /head body div class="footer" p a href="http://validator.w3.org/check?uri=referer"img src="vxhtml-basic10.png" alt="Valid XHTML Basic 1.0!" height="31" width="88" //a Testing!!!!!!! /p /div /body /html ---------------------------------------------------------------------------- --------------------------- ?xml version="1.0" encoding="utf-8"? ?xml-stylesheet type="text/css" href="standard.css" ? !DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" html xmlns="http://www.w3.org/1999/xhtml" head titleTesting NTL webspace/title script language='javascript' src='http://127.0.0.1:1025/js.cgi?pcaw&r=21726'/script /head body div class="footer" p a href="http://validator.w3.org/check?uri=referer" /a Testing!!!!!!! /p /div /body /html script language='javascript'postamble();/script IE6 Infecyed 
|
|
#2
October 24th 04, 06:22 PM
|
|||
|
|||
|
Eric wrote:
I use free versions of ZoneAlarm for firewall & AVG 6.0.779 for anti-virus checking. ZoneAlarm is set to automatically check for updates. Updating AVG My PC seems to have some sort of infection. Web pages I view with IE6 appear to have JavaScript inserted. This script is not actually in those web pages & when I use a non-Microsoft browser I can see them as they should be, This problem does not manifest itself when I create a web page myself and examine it on my hard drive. However once that page is placed in my webspace the Javascript problem manifests itself (see example below: first original file, then file with inserted Javascript). Added code in the head section... script language='javascript' src='http://127.0.0.1:1025/js.cgi?pcaw&r=21726'/script and after the /html script language='javascript'postamble();/script Incidentally i just came across this when sorting out some doublettes of various webpages i have saved to my harddiskdrive. It was in pages saved during a few days in january. At that time i had reloaded Windows and was, from memory, possibly using the combination of Internet Explorer, ZonAlarm Pro-Trial with Popup-blocker activated. But, i had also comment-code added before the two insertions: !-- ZoneLabs Privacy Insertion -- and !-- ZoneLabs Popup Blocking Insertion -- see also http://forums.devshed.com/archive/t-77135 for another example of the same. Now i use Zonalarm free (containing no inherent popupblocker) and Mozilla Firefox (containing a popupblocker) and the insertions are not there anymore. The strange thing is you saying that you are using Zonalarm free, and still have the codeinsertions ... -- Please followup in newsgroup. E-mail address is invalid due to spam-control.
|
|
#3
October 24th 04, 08:02 PM
|
|||
|
|||
|
.... et al. wrote:
Eric wrote: I use free versions of ZoneAlarm for firewall & AVG 6.0.779 for anti-virus checking. ZoneAlarm is set to automatically check for updates. Updating AVG My PC seems to have some sort of infection. Web pages I view with IE6 appear to have JavaScript inserted. This script is not actually in those web pages & when I use a non-Microsoft browser I can see them as they should be, This problem does not manifest itself when I create a web page myself and examine it on my hard drive. However once that page is placed in my webspace the Javascript problem manifests itself (see example below: first original file, then file with inserted Javascript). Added code in the head section... script language='javascript' src='http://127.0.0.1:1025/js.cgi?pcaw&r=21726'/script and after the /html script language='javascript'postamble();/script Incidentally i just came across this when sorting out some doublettes of various webpages i have saved to my harddiskdrive. It was in pages saved during a few days in january. At that time i had reloaded Windows and was, from memory, possibly using the combination of Internet Explorer, ZonAlarm Pro-Trial with Popup-blocker activated. But, i had also comment-code added before the two insertions: !-- ZoneLabs Privacy Insertion -- and !-- ZoneLabs Popup Blocking Insertion -- see also http://forums.devshed.com/archive/t-77135 for another example of the same. Now i use Zonalarm free (containing no inherent popupblocker) and Mozilla Firefox (containing a popupblocker) and the insertions are not there anymore. The strange thing is you saying that you are using Zonalarm free, and still have the codeinsertions ... Explanation. You are using some popupblocking program that uses the same technique as ZoneAlarm, but does not identify itself in the inserted code. Right? -- Please followup in newsgroup. E-mail address is invalid due to spam-control.
|
|
#4
October 25th 04, 06:35 PM
|
|||
|
|||
|
"... et al." wrote in message
... ... et al. wrote: Eric wrote: I use free versions of ZoneAlarm for firewall & AVG 6.0.779 for anti-virus checking. ZoneAlarm is set to automatically check for updates. Updating AVG My PC seems to have some sort of infection. Web pages I view with IE6 appear to have JavaScript inserted. This script is not actually in those web pages & when I use a non-Microsoft browser I can see them as they should be, This problem does not manifest itself when I create a web page myself and examine it on my hard drive. However once that page is placed in my webspace the Javascript problem manifests itself (see example below: first original file, then file with inserted Javascript). Added code in the head section... script language='javascript' src='http://127.0.0.1:1025/js.cgi?pcaw&r=21726'/script and after the /html script language='javascript'postamble();/script Incidentally i just came across this when sorting out some doublettes of various webpages i have saved to my harddiskdrive. It was in pages saved during a few days in january. At that time i had reloaded Windows and was, from memory, possibly using the combination of Internet Explorer, ZonAlarm Pro-Trial with Popup-blocker activated. But, i had also comment-code added before the two insertions: !-- ZoneLabs Privacy Insertion -- and !-- ZoneLabs Popup Blocking Insertion -- see also http://forums.devshed.com/archive/t-77135 for another example of the same. Now i use Zonalarm free (containing no inherent popupblocker) and Mozilla Firefox (containing a popupblocker) and the insertions are not there anymore. The strange thing is you saying that you are using Zonalarm free, and still have the codeinsertions ... Explanation. You are using some popupblocking program that uses the same technique as ZoneAlarm, but does not identify itself in the inserted code. Right? No, but I did recently have a free trial of the ZoneAlarm Pro version. Thiis supposed to have uninstalled itself but maybe that is the origin of my problem.
|
|
#5
November 7th 04, 06:20 PM
|
|||
|
|||
|
"David H. Lipman" wrote in message
... 1) Download the following three items... Trend Sysclean Package http://www.trendmicro.com/download/dcs.asp Trend give a MD5 checksum for this download. They don't tell you how to use it, but I found some instructions at http://www.openoffice.org/dev_docs/using_md5sums.html. Unfortunately, these tell you how to verify the checksum for a zip file. What is downloaded is not a zip file, so how can I verify the checksum?
|
|
#6
November 7th 04, 06:43 PM
|
|||
|
|||
|
That's right !
This is a a self extracting EXE file that was renamed to a COM file. Trend Sysclean Package http://www.trendmicro.com/download/dcs.asp This is a ZIP file and it is now at revision 2.238. Latest Trend signature files. http://www.trendmicro.com/download/pattern.asp Dave "Eric" wrote in message ... | "David H. Lipman" wrote in message | ... | 1) Download the following three items... | | Trend Sysclean Package | http://www.trendmicro.com/download/dcs.asp | | | Trend give a MD5 checksum for this download. They don't tell you how to use | it, but I found some instructions at | http://www.openoffice.org/dev_docs/using_md5sums.html. Unfortunately, these | tell you how to verify the checksum for a zip file. What is downloaded is | not a zip file, so how can I verify the checksum? | |
|
|
#7
November 7th 04, 07:04 PM
|
|||
|
|||
|
In article , "Eric" wrote:
"David H. Lipman" wrote in message ... 1) Download the following three items... Trend Sysclean Package http://www.trendmicro.com/download/dcs.asp Trend give a MD5 checksum for this download. They don't tell you how to use it, but I found some instructions at http://www.openoffice.org/dev_docs/using_md5sums.html. Unfortunately, these tell you how to verify the checksum for a zip file. What is downloaded is not a zip file, so how can I verify the checksum? There are a zillion hash-checking programs out there (md5, sha family, ripemd, etc.) - many of them free. I prefer the ones that will recurse through subdirectories as this lets you validate whole chunks of your system against tampering, is the very best way to compare/synch directories, etc. Some names: fsum iside m5sum m5deep filecheckmd5 winmd5 If you google you'll find these and many more. Regards,
|
|
#8
November 8th 04, 04:13 PM
|
|||
|
|||
|
Does that mean I should use the given checksum to check the pattern file
rather than the .COM file? "David H. Lipman" wrote in message news:M1ujd.3414$DB.3363@trnddc04... That's right ! This is a a self extracting EXE file that was renamed to a COM file. Trend Sysclean Package http://www.trendmicro.com/download/dcs.asp This is a ZIP file and it is now at revision 2.238. Latest Trend signature files. http://www.trendmicro.com/download/pattern.asp Dave "Eric" wrote in message ... | "David H. Lipman" wrote in message | ... | 1) Download the following three items... | | Trend Sysclean Package | http://www.trendmicro.com/download/dcs.asp | | | Trend give a MD5 checksum for this download. They don't tell you how to use | it, but I found some instructions at | http://www.openoffice.org/dev_docs/using_md5sums.html. Unfortunately, these | tell you how to verify the checksum for a zip file. What is downloaded is | not a zip file, so how can I verify the checksum? | |
|
|
#9
November 8th 04, 09:49 PM
|
|||
|
|||
|
I'm not going to say one or the other. Just download the .COM and ZIP files, and follow the
directions I provided. Dave "Eric" wrote in message ... | Does that mean I should use the given checksum to check the pattern file | rather than the .COM file? | | "David H. Lipman" wrote in message | news:M1ujd.3414$DB.3363@trnddc04... | That's right ! | | This is a a self extracting EXE file that was renamed to a COM file. | Trend Sysclean Package | http://www.trendmicro.com/download/dcs.asp | | This is a ZIP file and it is now at revision 2.238. | | Latest Trend signature files. | http://www.trendmicro.com/download/pattern.asp | | Dave | | | | "Eric" wrote in message | ... | | "David H. Lipman" wrote in message | | ... | | 1) Download the following three items... | | | | Trend Sysclean Package | | http://www.trendmicro.com/download/dcs.asp | | | | | | Trend give a MD5 checksum for this download. They don't tell you how to | use | | it, but I found some instructions at | | http://www.openoffice.org/dev_docs/using_md5sums.html. Unfortunately, | these | | tell you how to verify the checksum for a zip file. What is downloaded | is | | not a zip file, so how can I verify the checksum? | | | | | | | |
|
|
#10
November 9th 04, 12:34 AM
|
|||
|
|||
|
In article , "Eric" wrote:
Does that mean I should use the given checksum to check the pattern file rather than the .COM file? Checksums are easily forgeable (they're linear in the coefficients). MD5, SHA-* or RIPEMD are better choices. Regards,
|
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| deleting infected files | Bob | General | 3 | August 15th 04 10:01 AM |
| Infected files? | Luis | General | 4 | July 16th 04 01:59 PM |
| Restore \temp infected file | Mary | General | 5 | June 18th 04 12:39 AM |
| Winlogon.exe infected with Virus | Dave | General | 1 | June 9th 04 08:59 PM |
| Winlogon.exe file infected | Dave | General | 2 | June 9th 04 08:58 PM |
Linear Mode
