Activex and norton antivirus

[Guest]

When I went to a website today, I received a message that IE6 stopped the
site from installing an Activex control. At the same time, I received a
message from Norton Antivirus that the Trojan Horse Alwayup was located in
the Temporary Internet Files and could not be repaired or accessed. I ran the
Norton full system scan and also checked manually but could not find the
Trojan Horse file that was mentioned by the Norton alert.

Is it possible that the Trojan Horse File detected by Norton is the same as
the Activex control that was stopped from installing by IE ?

 

[Maurice N ~ MVP]

This link is to Symantec's page on the Alwayup Trojan
http://tinyurl.com/af7e2

I'd suggest you insure your NAV is up-to-date with definitions, and then to run it in Safe Mode of Windows.

Run Disk Cleanup while in Safe Mode also to clean out all your temp files.

 

[MAP]

When I went to a website today, I received a message that IE6 stopped
the site from installing an Activex control. At the same time, I
received a message from Norton Antivirus that the Trojan Horse
Alwayup was located in the Temporary Internet Files and could not be
repaired or accessed. I ran the Norton full system scan and also
checked manually but could not find the Trojan Horse file that was
mentioned by the Norton alert.

Is it possible that the Trojan Horse File detected by Norton is the
same as the Activex control that was stopped from installing by IE ?

as
the Activex control that was stopped from installing by IE ?

Yes,Delete your temp.internet files,I would say that the trojan was stopped
before it had a chance to install.Many trojans install via activeX.
SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html

 

[Maurice N ~ MVP]

As to your last question, yes it is possible that website would have passed the trojan to your system.
What was the website?

One other point: When you had run NAV, did you have your browser *closed* ?
If you had it open, and the files were in-use --- it's likely why they could not be removed.
That's another reason for running cleanups in Safe Mode.

 

[Guest]

Thanks for your help. NAV was up-to-date when this problem occurred. I went
to the Symantec link for Alwayup Trojan and ran a full system scan in normal
use mode and also did another scan in safe mode. Both times, NAV did not
detect any infected files. I also manually found the temp folder and
temporary internet files folder and scanned the contents using NAV and no
infected files were detected. I will now clean up the temp files using Disk
Cleanup in Safe Mode.

 

[Guest]

Thanks for the advice. I will delete the temp folder under safe mode.

 

[Maurice N ~ MVP]

WTG, Raj.

 

[Guest]

Hi, the website in question is :

http://www.oldielyrics.com/c/creedence_clearwater_revival.html

I was on this website when I received the messages from NAV and IE Activex.
I then shut down the browser and did a system scan using NAV in regular mode
and also in safe mode. No "threats" were detected by NAV.

 

[Maurice N ~ MVP]

OK, went to that site. Popups blocked by SP2-IE (yea). Temp enabled popups. It attempted to create a new window for media.fastclick.net. Did not work --- window created but no contents --- page not found.
Blocked by my Hosts file which was populated by me (in small part) and MVP Hosts file. Yea. Thank you Mike Burgess.

See Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp200­2/hosts.htm