[dba-Tech] Compromised Internet Explorer?

Jon Tydda Jon.Tydda at alcontrol.co.uk
Thu May 5 11:01:00 CDT 2005 

I haven't seen anything exactly like that per se, but I have had some
trouble with IE (who hasn't?) before. If you go to
www.microsoft.com/downloads you can download the administrator installer for
Internet Explorer 6 SP1, which you can run from a memory stick or a cd or
something. Reinstall it from scratch, it should let you do that. 

You can install the latest version of the free version of zonealarm without
any problems - if her subscription has run out then she has out of date
protection, and my reasoning would be that a slightly downgraded up to date
firewall is better than a 2 year old one with bells and whistles on.

I'd also run a Panda online scan, and download McAfee Stinger and let that
run, just to be on the safe side too.


Oh, and speaking of Belarc, I installed that last week, and the next time I
ran my spyware checkers, it was full of back office things... I don't
remember visiting any spurious websites or installing anything else, and I'm
surprised that a security product would install something that's likely to
be flagged as spyware without telling you...

Sorry, meant to post this hours ago, but someone went and broke a pc...
users! :-)


Jon

-----Original Message-----
From: Steve Erbach [mailto:erbachs at gmail.com]
Sent: 05 May 2005 14:55
To: Discussion of Hardware and Software issues
Subject: [dba-Tech] Compromised Internet Explorer?


Dear Group,

I'm working on a PC that belongs to my wife's best friend. I've gone
through all the standard routines: Trend Micro Housecall on-line virus
check, Windows System File Checker, update to Windows XP SP2, download
and install Windows Anti-Spyware Beta, Gibson Research SpinRite 6,
update Ad-Aware SE and run it, and even repair the Windows XP
installation. My only concerns with this system are: 1) that Norton
Anti-Virus 2005 doesn't start properly and I don't have the lady's
installation CD; 2) that the ZoneAlarm Pro subscription expired almost
two years ago; and 3) that the Windows Update site doesn't work.

Regarding #3, When I get to the page that says that it checks for the
latest version of the Windows Update software, there is a flurry of
"activity" in that the progress bar in IE 6 goes all the way to
100%...but the "checking for latest version" screen doesn't go away.
My suspicion is that IE itself is compromised.

I used an XP SP2 upgrade CD that I have, hoping that it would take
care of the problem. But after I ran Belarc Advisor and saw that a
good dozen of the Windows security updates had NOT been installed, I
went to the individual Microsoft KB articles on the upgrades and
clicked on the links to get the security update...and each time I was
directed to the Windows Update page where it doesn't go past the
"Checking for the latest version of the Windows Update software..."
stage.

For what it's worth, this copy of IE is "branded" with the original
ISP that the lady signed up with, ComCast. I see that logo in the
upper right-hand corner of the IE window instead of the Windows logo.

Something is stopping this PC from being updated in the normal way. I
have also set the automatic updates option, but when I open the
Security Center, it shows that the automatic updates option has not
been configured. If I click on 'Turn on automatic updates,' I see
this:

"We're sorry. The Security Center could not change your Automatic
Updates settings. To try changing these settings yourself, go to
System in Control Panel. On the Automatic Updates tab, select
Automatic (recommended), and then click OK."

Needless, to say, that's how I tried to change the setting. If I go to
System and look at the Automatic Updates tab, first of all it takes
FOREVER for the Automatic Updates tab to actually show its
information. Last night I waited it out. Several minutes went by and
then I saw the Update information. It was set to Automatic Updates,
but I wanted to change the time that it would check for updates. So I
changed it to 11:00pm and clicked Apply. I had to wait another
interminable time before I could click OK. We're talking 20 minutes or
so in total for those two simple acts: click the Automatic Updates tab
and Apply the new setting.

Clearly something is compromised. If it's Internet Explorer then,
what? Do I have to re-install Windows from scratch? I would recommend
doing that to this lady since the drive is formatted as FAT32, not
NTFS....but, like, I've spent way too much time on this already.

Anybody ever see anything like I've described?
-- 
Regards,

Steve Erbach
Scientific Marketing
Neenah, WI
www.swerbach.com
Security Page: www.swerbach.com/security
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com


The information in this e-mail is confidential and may also be legally
privileged. The contents are intended for recipient only and are subject
to the legal notice available on request from : webmaster at alcontrol.co.uk
ALcontrol Laboratories is a trading division of ALcontrol UK Limited.
Registered Office: Templeborough House, Mill Close, Rotherham, S60 1BZ.
Registered in England and Wales No 4057291

More information about the dba-Tech mailing list