[dba-Tech] Compromised Internet Explorer?

Perry Harold pharold at proftesting.com
Thu May 5 13:39:40 CDT 2005 

Steve

I had a problem somewhat similar when one of the spyware protectors deleted
some spyware that was on the machine and in the process the winsock was
hosed.  Couldn't get to Windows Update and most of the time could not get
IE6 to work at all.  Tried Firefox and it wouldn't work either.

I don't recall the site but I searched with Google and found a program to
reset the winsock - something like winsockfix.exe or similar.  Sorry - can't
locate whether I saved it or not.

Perry Harold

-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Steve Erbach
Sent: Thursday, May 05, 2005 9:55 AM
To: Discussion of Hardware and Software issues
Subject: [dba-Tech] Compromised Internet Explorer?


Dear Group,

I'm working on a PC that belongs to my wife's best friend. I've gone through
all the standard routines: Trend Micro Housecall on-line virus check,
Windows System File Checker, update to Windows XP SP2, download and install
Windows Anti-Spyware Beta, Gibson Research SpinRite 6, update Ad-Aware SE
and run it, and even repair the Windows XP installation. My only concerns
with this system are: 1) that Norton Anti-Virus 2005 doesn't start properly
and I don't have the lady's installation CD; 2) that the ZoneAlarm Pro
subscription expired almost two years ago; and 3) that the Windows Update
site doesn't work.

Regarding #3, When I get to the page that says that it checks for the latest
version of the Windows Update software, there is a flurry of "activity" in
that the progress bar in IE 6 goes all the way to 100%...but the "checking
for latest version" screen doesn't go away. My suspicion is that IE itself
is compromised.

I used an XP SP2 upgrade CD that I have, hoping that it would take care of
the problem. But after I ran Belarc Advisor and saw that a good dozen of the
Windows security updates had NOT been installed, I went to the individual
Microsoft KB articles on the upgrades and clicked on the links to get the
security update...and each time I was directed to the Windows Update page
where it doesn't go past the "Checking for the latest version of the Windows
Update software..." stage.

For what it's worth, this copy of IE is "branded" with the original ISP that
the lady signed up with, ComCast. I see that logo in the upper right-hand
corner of the IE window instead of the Windows logo.

Something is stopping this PC from being updated in the normal way. I have
also set the automatic updates option, but when I open the Security Center,
it shows that the automatic updates option has not been configured. If I
click on 'Turn on automatic updates,' I see
this:

"We're sorry. The Security Center could not change your Automatic Updates
settings. To try changing these settings yourself, go to System in Control
Panel. On the Automatic Updates tab, select Automatic (recommended), and
then click OK."

Needless, to say, that's how I tried to change the setting. If I go to
System and look at the Automatic Updates tab, first of all it takes FOREVER
for the Automatic Updates tab to actually show its information. Last night I
waited it out. Several minutes went by and then I saw the Update
information. It was set to Automatic Updates, but I wanted to change the
time that it would check for updates. So I changed it to 11:00pm and clicked
Apply. I had to wait another interminable time before I could click OK.
We're talking 20 minutes or so in total for those two simple acts: click the
Automatic Updates tab and Apply the new setting.

Clearly something is compromised. If it's Internet Explorer then, what? Do I
have to re-install Windows from scratch? I would recommend doing that to
this lady since the drive is formatted as FAT32, not NTFS....but, like, I've
spent way too much time on this already.

Anybody ever see anything like I've described?
-- 
Regards,

Steve Erbach
Scientific Marketing
Neenah, WI
www.swerbach.com
Security Page: www.swerbach.com/security
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

More information about the dba-Tech mailing list