[dba-Tech] Compromised Internet Explorer?

John Bartow john at winhaven.net
Thu May 5 13:05:40 CDT 2005 

I had an issue with IE not updating about 1.5 years ago - although the
reason the updates would not download was made perfectly clear in that case.
It was an improper XP ID key. It was the key that came with the CD but it
would not register correctly with MS. It had been XPhe and was upgraded to
XPPro (pre-me). In that case I had to reinstall XPpro to get it to work
correctly. It probably could have been rectified another way but I didn't
have the time to figure it all out so it was quicker to do the obvious.


John B.


-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Peter Brawley
Sent: Thursday, May 05, 2005 12:52 PM
To: Discussion of Hardware and Software issues
Subject: Re: [dba-Tech] Compromised Internet Explorer?

Steve, John

I saw something similar with an infected PC running w2k and NAV. The only
remedy I could find: removed NAV completely (not trivial), ran two spyware
removers till they each found nothing, ran Grisoft Antivirus repeatedly till
it found nothing, ran a registry repair utility, and installed Firefox as
the default browser.

PB

-----

John Bartow wrote:

>Steve,
>Sounds like you've run the gamut! In really bad cases (I've got two 
>sitting here now) I run multiple Spyware detectors (after the initial 
>Trend-Micro,
>MS-AS) and then manually remove the detections (if the free version 
>won't do it). Panda, CA, X-Cleaner, Norton, F-Secure, Ad-Aware, Spybot 
>S&D, Webroot, CheckPoint(Zone Alarm), Aluria. Can all be run one at a 
>time (or many at the
>same) so I just do that while I'm working on other things.
>
>Have you booted into safe mode and tried resetting the windows update 
>settings as the administrator account? Also try the repair feature of IE.
>Turn off the software firewall and set the IE settings back to the
defaults.
>(I'm assuming you're behind a router/HW firewall.) Try running the 
>updates after that. Also try a registry optimizer on it if you have 
>one. Systemworks or Vcom, etc. or try 
>http://www.pcpitstop.com/pcpitstop/default.asp if you don't.
>
>You could also download the updates from another PC using the Windows 
>Update Catalog. I used to make CDs of all the updates once a month or 
>so and then use the CD with dial-up customers. It was kind of putsy but 
>better than waiting for dialup downloads (Thankfully most of my 
>customers have DSL now!)
>
>Another possible issue - NAV 2005 has some major quirks about it. Up 
>until
>2004 it was my top recommendation for home users (or NIS) but I have 
>run into many issues with it and unfortunately Symantec's answer always 
>seems to come down to "uninstall all Symantec software and re-install". 
>I would suggest uninstalling it. I suggest, if its OK with your friend, 
>that you try AVG or another free for personal use AV. For home users I 
>now recommend AVG/Sygate personal firewall and MS-AS (which I don't 
>care for but hey, its free and it works pretty good).
>
>Anyway, there's my 2 scents...
>
>John B.
>
>
>-----Original Message-----
>From: dba-tech-bounces at databaseadvisors.com
>[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Steve 
>Erbach
>Sent: Thursday, May 05, 2005 8:55 AM
>To: Discussion of Hardware and Software issues
>Subject: [dba-Tech] Compromised Internet Explorer?
>
>Dear Group,
>
>I'm working on a PC that belongs to my wife's best friend. I've gone 
>through all the standard routines: Trend Micro Housecall on-line virus 
>check, Windows System File Checker, update to Windows XP SP2, download 
>and install Windows Anti-Spyware Beta, Gibson Research SpinRite 6, 
>update Ad-Aware SE and run it, and even repair the Windows XP 
>installation. My only concerns with this system are: 1) that Norton 
>Anti-Virus 2005 doesn't start properly and I don't have the lady's 
>installation CD; 2) that the ZoneAlarm Pro subscription expired almost 
>two years ago; and 3) that the Windows Update site doesn't work.
>
>Regarding #3, When I get to the page that says that it checks for the 
>latest version of the Windows Update software, there is a flurry of 
>"activity" in that the progress bar in IE 6 goes all the way to 
>100%...but the "checking for latest version" screen doesn't go away.
>My suspicion is that IE itself is compromised.
>
>I used an XP SP2 upgrade CD that I have, hoping that it would take care 
>of the problem. But after I ran Belarc Advisor and saw that a good 
>dozen of the Windows security updates had NOT been installed, I went to 
>the individual Microsoft KB articles on the upgrades and clicked on the 
>links to get the security update...and each time I was directed to the 
>Windows Update page where it doesn't go past the "Checking for the 
>latest version of the Windows Update software..."
>stage.
>
>For what it's worth, this copy of IE is "branded" with the original ISP 
>that the lady signed up with, ComCast. I see that logo in the upper 
>right-hand corner of the IE window instead of the Windows logo.
>
>Something is stopping this PC from being updated in the normal way. I 
>have also set the automatic updates option, but when I open the 
>Security Center, it shows that the automatic updates option has not 
>been configured. If I click on 'Turn on automatic updates,' I see
>this:
>
>"We're sorry. The Security Center could not change your Automatic 
>Updates settings. To try changing these settings yourself, go to System 
>in Control Panel. On the Automatic Updates tab, select Automatic 
>(recommended), and then click OK."
>
>Needless, to say, that's how I tried to change the setting. If I go to 
>System and look at the Automatic Updates tab, first of all it takes 
>FOREVER for the Automatic Updates tab to actually show its information. 
>Last night I waited it out. Several minutes went by and then I saw the 
>Update information. It was set to Automatic Updates, but I wanted to 
>change the time that it would check for updates. So I changed it to 
>11:00pm and clicked Apply. I had to wait another interminable time before I
could click OK.
>We're talking 20 minutes or so in total for those two simple acts: 
>click the Automatic Updates tab and Apply the new setting.
>
>Clearly something is compromised. If it's Internet Explorer then, what? 
>Do I have to re-install Windows from scratch? I would recommend doing 
>that to this lady since the drive is formatted as FAT32, not 
>NTFS....but, like, I've spent way too much time on this already.
>
>Anybody ever see anything like I've described?
>--
>Regards,
>
>Steve Erbach
>Scientific Marketing
>Neenah, WI
>www.swerbach.com
>Security Page: www.swerbach.com/security 
>_______________________________________________
>dba-Tech mailing list
>dba-Tech at databaseadvisors.com
>http://databaseadvisors.com/mailman/listinfo/dba-tech
>Website: http://www.databaseadvisors.com
>
>_______________________________________________
>dba-Tech mailing list
>dba-Tech at databaseadvisors.com
>http://databaseadvisors.com/mailman/listinfo/dba-tech
>Website: http://www.databaseadvisors.com
>
>
>  
>


--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.11.5 - Release Date: 5/4/2005

_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

More information about the dba-Tech mailing list