[dba-Tech] Compromised Internet Explorer?

MartyConnelly martyconnelly at shaw.ca
Thu May 5 17:25:26 CDT 2005 

I think Winsockfix works down to 98 SE and up to WinXP SP1 , the caveat 
is referring only to WinXP SP2
where Microsoft has added it's own utility fix to replace winsockfix.
I haven't looked up if there is a really conflict between winsockfix and 
winxp sp2
I would probably use MS method for winxp sp2.

Jon Tydda wrote:

>That's pretty cool Marty, do you know if it works for 2000 as well?
>
>
>Jon
>
>-----Original Message-----
>From: dba-tech-bounces at databaseadvisors.com
>[mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of MartyConnelly
>Sent: 05 May 2005 21:13
>To: Discussion of Hardware and Software issues
>Subject: Re: [dba-Tech] Compromised Internet Explorer?
>
>
>I found a reference to winsockfix in this forum site I often visit for
>XP problems
>http://www.windowsbbs.com
>http://www.windowsbbs.com/showthread.php?t=44261&highlight=winsockfix
>I usually read through posts here for caveats on windows utilities
>before I try or download
>and sure enuff I found one with a pointer here
>
>http://www.tek-tips.com/faqs.cfm?fid=4625
>
>Special Note For Win XP Service Pack 2 Users:
>
>Service Pack 2 adds a new command to repair the Winsock corruption
>problem that can be caused by adware, spyware, or some other causes.
>You should use this instead of the utility WinsockFix:
>netsh winsock reset catalog
>
>Using this command should normally not do any harm, so if you have
>unsolvable connection problems or spurious disconnections, try it. It
>does remove all nonstandard LSP (Layered Service Provider) entries from
>the Winsock catalog, which are usually adware or spyware entries, but if
>you happened to have a legitimate one installed, it would also be
>removed and would have to be reinstalled.
>
>If you're really curious, you can use the command:
>
>netsh winsock show catalog
>
>before and after resetting the catalog to find out whether any entries
>were in fact removed and which ones these were. Another way to get at
>the same information is to run
>
>winmsd
>
>and select Components, Network, Protocol. The Layered Service Providers
>in the list should be of the MSAFD or RSVP ... Service Provider type.
>All others are likely malevolent and should disappear after the reset
>command shown above.
>
>
>
>WinSockFix
>http://www.softpedia.com/public/cat/12/4/12-4-47.shtml
>
>WinSockFix offers a last resort if your Internet connectivity has been
>corrupted due to invalid or removed registry entries.
>It can often cure the problem of lost connections after the removal of
>Adware components or improper uninstall of firewall applications or
>other tools that modify the XP network and Winsock settings.
>If you encounter connection problems after removing network related
>software, Adware or after registry clean-up; and all other ways fail,
>then give WinSock XP Fix a try.
>It can create a registry backup of your current settings, so it is
>fairly safe to use.
>
>
>
>John Bartow wrote:
>
>  
>
>>That rings a bell. I think someone recently posted something to that effect
>>on this list.
>>
>>
>>John B.
>>
>>
>>-----Original Message-----
>>From: dba-tech-bounces at databaseadvisors.com
>>[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Perry Harold
>>Sent: Thursday, May 05, 2005 1:40 PM
>>To: 'Discussion of Hardware and Software issues'
>>Subject: RE: [dba-Tech] Compromised Internet Explorer?
>>
>>Steve
>>
>>I had a problem somewhat similar when one of the spyware protectors deleted
>>some spyware that was on the machine and in the process the winsock was
>>hosed.  Couldn't get to Windows Update and most of the time could not get
>>IE6 to work at all.  Tried Firefox and it wouldn't work either.
>>
>>I don't recall the site but I searched with Google and found a program to
>>reset the winsock - something like winsockfix.exe or similar.  Sorry -
>>    
>>
>can't
>  
>
>>locate whether I saved it or not.
>>
>>Perry Harold
>>
>>-----Original Message-----
>>From: dba-tech-bounces at databaseadvisors.com
>>[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Steve Erbach
>>Sent: Thursday, May 05, 2005 9:55 AM
>>To: Discussion of Hardware and Software issues
>>Subject: [dba-Tech] Compromised Internet Explorer?
>>
>>
>>Dear Group,
>>
>>I'm working on a PC that belongs to my wife's best friend. I've gone
>>    
>>
>through
>  
>
>>all the standard routines: Trend Micro Housecall on-line virus check,
>>Windows System File Checker, update to Windows XP SP2, download and install
>>Windows Anti-Spyware Beta, Gibson Research SpinRite 6, update Ad-Aware SE
>>and run it, and even repair the Windows XP installation. My only concerns
>>with this system are: 1) that Norton Anti-Virus 2005 doesn't start properly
>>and I don't have the lady's installation CD; 2) that the ZoneAlarm Pro
>>subscription expired almost two years ago; and 3) that the Windows Update
>>site doesn't work.
>>
>>Regarding #3, When I get to the page that says that it checks for the
>>    
>>
>latest
>  
>
>>version of the Windows Update software, there is a flurry of "activity" in
>>that the progress bar in IE 6 goes all the way to 100%...but the "checking
>>for latest version" screen doesn't go away. My suspicion is that IE itself
>>is compromised.
>>
>>I used an XP SP2 upgrade CD that I have, hoping that it would take care of
>>the problem. But after I ran Belarc Advisor and saw that a good dozen of
>>    
>>
>the
>  
>
>>Windows security updates had NOT been installed, I went to the individual
>>Microsoft KB articles on the upgrades and clicked on the links to get the
>>security update...and each time I was directed to the Windows Update page
>>where it doesn't go past the "Checking for the latest version of the
>>    
>>
>Windows
>  
>
>>Update software..." stage.
>>
>>For what it's worth, this copy of IE is "branded" with the original ISP
>>    
>>
>that
>  
>
>>the lady signed up with, ComCast. I see that logo in the upper right-hand
>>corner of the IE window instead of the Windows logo.
>>
>>Something is stopping this PC from being updated in the normal way. I have
>>also set the automatic updates option, but when I open the Security Center,
>>it shows that the automatic updates option has not been configured. If I
>>click on 'Turn on automatic updates,' I see
>>this:
>>
>>"We're sorry. The Security Center could not change your Automatic Updates
>>settings. To try changing these settings yourself, go to System in Control
>>Panel. On the Automatic Updates tab, select Automatic (recommended), and
>>then click OK."
>>
>>Needless, to say, that's how I tried to change the setting. If I go to
>>System and look at the Automatic Updates tab, first of all it takes FOREVER
>>for the Automatic Updates tab to actually show its information. Last night
>>    
>>
>I
>  
>
>>waited it out. Several minutes went by and then I saw the Update
>>information. It was set to Automatic Updates, but I wanted to change the
>>time that it would check for updates. So I changed it to 11:00pm and
>>    
>>
>clicked
>  
>
>>Apply. I had to wait another interminable time before I could click OK.
>>We're talking 20 minutes or so in total for those two simple acts: click
>>    
>>
>the
>  
>
>>Automatic Updates tab and Apply the new setting.
>>
>>Clearly something is compromised. If it's Internet Explorer then, what? Do
>>    
>>
>I
>  
>
>>have to re-install Windows from scratch? I would recommend doing that to
>>this lady since the drive is formatted as FAT32, not NTFS....but, like,
>>    
>>
>I've
>  
>
>>spent way too much time on this already.
>>
>>Anybody ever see anything like I've described?
>>--
>>Regards,
>>
>>Steve Erbach
>>Scientific Marketing
>>Neenah, WI
>>www.swerbach.com
>>Security Page: www.swerbach.com/security
>>_______________________________________________
>>dba-Tech mailing list
>>dba-Tech at databaseadvisors.com
>>http://databaseadvisors.com/mailman/listinfo/dba-tech
>>Website: http://www.databaseadvisors.com
>>
>>
>>_______________________________________________
>>dba-Tech mailing list
>>dba-Tech at databaseadvisors.com
>>http://databaseadvisors.com/mailman/listinfo/dba-tech
>>Website: http://www.databaseadvisors.com
>>
>>_______________________________________________
>>dba-Tech mailing list
>>dba-Tech at databaseadvisors.com
>>http://databaseadvisors.com/mailman/listinfo/dba-tech
>>Website: http://www.databaseadvisors.com
>>
>>
>>
>>
>>    
>>
>
>--
>Marty Connelly
>Victoria, B.C.
>Canada
>
>
>
>_______________________________________________
>dba-Tech mailing list
>dba-Tech at databaseadvisors.com
>http://databaseadvisors.com/mailman/listinfo/dba-tech
>Website: http://www.databaseadvisors.com
>
>--
>This email has been verified as Virus free
>Virus Protection and more available at http://www.plus.net
>
>_______________________________________________
>dba-Tech mailing list
>dba-Tech at databaseadvisors.com
>http://databaseadvisors.com/mailman/listinfo/dba-tech
>Website: http://www.databaseadvisors.com
>
>
>  
>

-- 
Marty Connelly
Victoria, B.C.
Canada

More information about the dba-Tech mailing list