[dba-Tech] Compromised Internet Explorer?

Jon Tydda jon at tydda.plus.com
Thu May 5 15:17:40 CDT 2005


That's pretty cool Marty, do you know if it works for 2000 as well?


Jon

-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of MartyConnelly
Sent: 05 May 2005 21:13
To: Discussion of Hardware and Software issues
Subject: Re: [dba-Tech] Compromised Internet Explorer?


I found a reference to winsockfix in this forum site I often visit for
XP problems
http://www.windowsbbs.com
http://www.windowsbbs.com/showthread.php?t=44261&highlight=winsockfix
I usually read through posts here for caveats on windows utilities
before I try or download
and sure enuff I found one with a pointer here

http://www.tek-tips.com/faqs.cfm?fid=4625

Special Note For Win XP Service Pack 2 Users:

Service Pack 2 adds a new command to repair the Winsock corruption
problem that can be caused by adware, spyware, or some other causes.
You should use this instead of the utility WinsockFix:
netsh winsock reset catalog

Using this command should normally not do any harm, so if you have
unsolvable connection problems or spurious disconnections, try it. It
does remove all nonstandard LSP (Layered Service Provider) entries from
the Winsock catalog, which are usually adware or spyware entries, but if
you happened to have a legitimate one installed, it would also be
removed and would have to be reinstalled.

If you're really curious, you can use the command:

netsh winsock show catalog

before and after resetting the catalog to find out whether any entries
were in fact removed and which ones these were. Another way to get at
the same information is to run

winmsd

and select Components, Network, Protocol. The Layered Service Providers
in the list should be of the MSAFD or RSVP ... Service Provider type.
All others are likely malevolent and should disappear after the reset
command shown above.



WinSockFix
http://www.softpedia.com/public/cat/12/4/12-4-47.shtml

WinSockFix offers a last resort if your Internet connectivity has been
corrupted due to invalid or removed registry entries.
It can often cure the problem of lost connections after the removal of
Adware components or improper uninstall of firewall applications or
other tools that modify the XP network and Winsock settings.
If you encounter connection problems after removing network related
software, Adware or after registry clean-up; and all other ways fail,
then give WinSock XP Fix a try.
It can create a registry backup of your current settings, so it is
fairly safe to use.



John Bartow wrote:

>That rings a bell. I think someone recently posted something to that effect
>on this list.
>
>
>John B.
>
>
>-----Original Message-----
>From: dba-tech-bounces at databaseadvisors.com
>[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Perry Harold
>Sent: Thursday, May 05, 2005 1:40 PM
>To: 'Discussion of Hardware and Software issues'
>Subject: RE: [dba-Tech] Compromised Internet Explorer?
>
>Steve
>
>I had a problem somewhat similar when one of the spyware protectors deleted
>some spyware that was on the machine and in the process the winsock was
>hosed.  Couldn't get to Windows Update and most of the time could not get
>IE6 to work at all.  Tried Firefox and it wouldn't work either.
>
>I don't recall the site but I searched with Google and found a program to
>reset the winsock - something like winsockfix.exe or similar.  Sorry -
can't
>locate whether I saved it or not.
>
>Perry Harold
>
>-----Original Message-----
>From: dba-tech-bounces at databaseadvisors.com
>[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Steve Erbach
>Sent: Thursday, May 05, 2005 9:55 AM
>To: Discussion of Hardware and Software issues
>Subject: [dba-Tech] Compromised Internet Explorer?
>
>
>Dear Group,
>
>I'm working on a PC that belongs to my wife's best friend. I've gone
through
>all the standard routines: Trend Micro Housecall on-line virus check,
>Windows System File Checker, update to Windows XP SP2, download and install
>Windows Anti-Spyware Beta, Gibson Research SpinRite 6, update Ad-Aware SE
>and run it, and even repair the Windows XP installation. My only concerns
>with this system are: 1) that Norton Anti-Virus 2005 doesn't start properly
>and I don't have the lady's installation CD; 2) that the ZoneAlarm Pro
>subscription expired almost two years ago; and 3) that the Windows Update
>site doesn't work.
>
>Regarding #3, When I get to the page that says that it checks for the
latest
>version of the Windows Update software, there is a flurry of "activity" in
>that the progress bar in IE 6 goes all the way to 100%...but the "checking
>for latest version" screen doesn't go away. My suspicion is that IE itself
>is compromised.
>
>I used an XP SP2 upgrade CD that I have, hoping that it would take care of
>the problem. But after I ran Belarc Advisor and saw that a good dozen of
the
>Windows security updates had NOT been installed, I went to the individual
>Microsoft KB articles on the upgrades and clicked on the links to get the
>security update...and each time I was directed to the Windows Update page
>where it doesn't go past the "Checking for the latest version of the
Windows
>Update software..." stage.
>
>For what it's worth, this copy of IE is "branded" with the original ISP
that
>the lady signed up with, ComCast. I see that logo in the upper right-hand
>corner of the IE window instead of the Windows logo.
>
>Something is stopping this PC from being updated in the normal way. I have
>also set the automatic updates option, but when I open the Security Center,
>it shows that the automatic updates option has not been configured. If I
>click on 'Turn on automatic updates,' I see
>this:
>
>"We're sorry. The Security Center could not change your Automatic Updates
>settings. To try changing these settings yourself, go to System in Control
>Panel. On the Automatic Updates tab, select Automatic (recommended), and
>then click OK."
>
>Needless, to say, that's how I tried to change the setting. If I go to
>System and look at the Automatic Updates tab, first of all it takes FOREVER
>for the Automatic Updates tab to actually show its information. Last night
I
>waited it out. Several minutes went by and then I saw the Update
>information. It was set to Automatic Updates, but I wanted to change the
>time that it would check for updates. So I changed it to 11:00pm and
clicked
>Apply. I had to wait another interminable time before I could click OK.
>We're talking 20 minutes or so in total for those two simple acts: click
the
>Automatic Updates tab and Apply the new setting.
>
>Clearly something is compromised. If it's Internet Explorer then, what? Do
I
>have to re-install Windows from scratch? I would recommend doing that to
>this lady since the drive is formatted as FAT32, not NTFS....but, like,
I've
>spent way too much time on this already.
>
>Anybody ever see anything like I've described?
>--
>Regards,
>
>Steve Erbach
>Scientific Marketing
>Neenah, WI
>www.swerbach.com
>Security Page: www.swerbach.com/security
>_______________________________________________
>dba-Tech mailing list
>dba-Tech at databaseadvisors.com
>http://databaseadvisors.com/mailman/listinfo/dba-tech
>Website: http://www.databaseadvisors.com
>
>
>_______________________________________________
>dba-Tech mailing list
>dba-Tech at databaseadvisors.com
>http://databaseadvisors.com/mailman/listinfo/dba-tech
>Website: http://www.databaseadvisors.com
>
>_______________________________________________
>dba-Tech mailing list
>dba-Tech at databaseadvisors.com
>http://databaseadvisors.com/mailman/listinfo/dba-tech
>Website: http://www.databaseadvisors.com
>
>
>
>

--
Marty Connelly
Victoria, B.C.
Canada



_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

--
This email has been verified as Virus free
Virus Protection and more available at http://www.plus.net




More information about the dba-Tech mailing list