Weird IE6 behaviors

[Gino]

I have WinXP Pro SP1 with Norton AV 2004 installed on a fresh system.
No applications have been installed as of yet.
Both the system and NAV have been updated with latest patches and updates.

I assumed NAV was supposed to catch bad behavior while surfing the net.

However upon surfing some websites, my system seems to behave as if there is
a security hole which hasn't been patched.
IE6 has been automatically getting the Homepage changed. Even when I choose
a blank homepage, it changes when surfing some websites.
I was unable to cut down which websites these are, but am I not the one
choosing the Homepage?
Shouldn't NAV catch some of these system attacks? (I have enabled for NAV to
catch spyware, joke and dial programs, scripts, etc).
I have recently installed Ad-Aware 6 Pro, which, when run, hasn't gotten any
suspicious files that ran in the background.
The only items it catches all the time is in the cookies, which are titled
"Data Miner" cookies.
I don't know what causes my system to collect these cookies. I havn't found
any help on the net, either.

So what can I do so my IE6 can behave normally and secure?

Please advise.
Gino

 

[Gino]

PS
When I stated that the homepage on IE6 changes everytime, this doesn't
happen until some websites have been visited. I mean, if I set the Homepage
as blank, it will stay that way. It's just that some websites, which I
believe there are some with bad scripts, are changing them without my
permission. I'd like to apply a patch that is, perhaps, not yet available on
windows updates sites.
Thank you
Gino.

 

[roger]

Hi Gino,

On Tue, 20 Apr 2004 17:52:56 -0700, " Gino"

[...]

So what can I do so my IE6 can behave normally and secure?

More info about parasites:
http://www.aumha.org/a/parasite.htm

Download the utility CWshredder:
http://www.spywareinfo.com/~merijn/files/cwshredder.zip

Unzip - close *all* instances of IE & OE, hit the executable and
follow
the prompts.

You can also download Hijack This from here:

http://www.mjc1.com/files/merijn/hijackthis.exe

Go here:
http://mjc1.com/mirror/hjt/

For instructions on how to use it; you have to post the log it
produces

so experts tell you what is good and what is malware


Try downloading, installing and updating the
spyware removers from the links below. Run both of them.

Ad-aware
http://www.lavasoftusa.com/support/download/

Spybot S&D
http://www.safer-networking.org/index.php?lang=en&page=download


If these don't correct the problem, then get yourself a copy of

BHODemon, available at
http://www.definitivesolutions.com/bhodemon.htm .

It does not need installing - simply unzip and run the EXE program. It

is easy to use. It will find the hijackware DLL files, and give you

the ability to disable them.

Hope this helps.

 

[Shenan Stanley]

PS
When I stated that the homepage on IE6 changes everytime, this doesn't
happen until some websites have been visited. I mean, if I set the
Homepage as blank, it will stay that way. It's just that some
websites, which I believe there are some with bad scripts, are
changing them without my permission. I'd like to apply a patch that
is, perhaps, not yet available on windows updates sites.

Nothing to do with updates (yet - wait until SP2, but I suggest doing all
this AFTER SP2 as well..

Secure your system and keep it protected/updated by following these tips:

Popups and Home Page Hijacks come in several flavors.. However, if
you use most of the items in the list I am about to give you, you will
lessen your popups, security holes and spam all with one list. Your
problem may be Messenger Popups (you should follow the firewall
advice and do a Google search on 'disable messenger service in
windows xp' to fix this) or web page popups (you should follow the
Google Toolbar advice section for these.) You may have
spyware/adware infesting your machine, follow the appropriate
section for that, making sure you use at least THREE of the tools
I list to scan and clean your machine AFTER updating them.
Cleaning up spyware/adware/malware usually solves home page
hijackers as well.

Please Notice that if you use AOL, you should at least upgrade to 9.0 or
greater before doing any of the fixes. I know you can get AOL 9.0 at almost
any convenience store, gas station, super market or other retail outlet in
the world, so this should not be a problem.


Turn on that firewall...
http://www.microsoft.com/WindowsXP/home/using/howto/homenet/icf.asp
(It has been reported that it now works with AOL 9.0+)


Make sure you have all the updates (critical) installed from:
http://windowsupdate.microsoft.com/
(Scan for updates, Review and Install)


Get rid of the spy/ad/mal-ware..
(Yes - using MORE than one of these..
I recommend at least the first three. Also..
UPDATE the definitions for them before using.)

Spybot Search and Destroy
http://www.safer-networking.net/

Lavasoft AdAware
http://www.lavasoft.de

CWSShredder
http://www.spywareinfo.com/~merijn/downloads.html

Hijack This!
http://mjc1.com/mirror/hjt/

I also like "The Cleaner" and "SpywareBlaster" and "SpywareGuard".
- http://www.moosoft.com/
- http://www.javacoolsoftware.com/

The first is a PAY product, but useable for 30 days - it has found and
eliminated problems in the past the others did not. The latter two are
prevention mechanisms. I like SpywareGuard for those with enough processor
to have something running like antivirus software - and it prevents browser
hijacking quite well.

And Assortment of Others:
http://www.merijn.org/downloads.html


After you cleanup your PC somewhat of spy/ad/mal-ware, verify your antivirus
software is updated and run a full scan of your computer. If you have no
antivirus software - get one NOW! Grisoft AntiVirus:
http://www.grisoft.com/us/us_dwnl_free.php


Empty your Temporary Internet Files and shrink the size it stores to about
80 to 120MB (seems to be an optimal size for the normal user)

- Open ONE copy of Internet Explorer.
- Select TOOLS -> Internet Options.
- Under the General tab in the "Temporary Internet Files" section,
do the following:
- Click on "Delete Cookies" (click OK)
- Click on "Settings" and change the
"Amount of disk space to use:" to something between 80MB
and 120MB. (Betting it is MUCH larger right now.)
- Click OK.
- Click on "Delete Files" and select to
"Delete all offline contents" (the checkbox) and click
OK. (If you had a LOT, this could take 2-10 minutes or
more.)
- Once it is done, click OK, close Internet Explorer
- Re-open Internet Explorer.


Uninstall any software you do not use often/ever. (If you have something
installed but never use it, uninstall it.) If you go through Control
Panel -> Add/Remove Programs and see things you seldom if ever use, it is to
your advantage to remove it.


Also, if you are tired of Web Page Pop-Ups/Unders.. You could try the
Google Toolbar.
http://toolbar.google.com/


Stop loading applications at logon.. run MSCONFIG and look under the startup
tab for things you DON'T want to startup! Search the Internet with Google
to discover what things are safe to remove and what things may even be
malware infecting your computer.


Better control your email and lessen the amount of time you spend dealing
with SPAM:
SpamBayes
http://spambayes.sourceforge.net
or
Spamihilator.
http://www.spamihilator.com

 

[cquirke (MVP Win9x)]

On Tue, 20 Apr 2004 17:52:56 -0700, " Gino"

I have WinXP Pro SP1 with Norton AV 2004 installed on a fresh system.
No applications have been installed as of yet.
Both the system and NAV have been updated with latest patches and updates.

I assumed NAV was supposed to catch bad behavior while surfing the net.

It will catch some, and miss some.

However upon surfing some websites, my system seems to behave as if there is
a security hole which hasn't been patched.
IE6 has been automatically getting the Homepage changed. Even when I choose
a blank homepage, it changes when surfing some websites.

In addition to checking the detail for your security zones (custom),
you can also harden IE via some settings in Tools, Options, Advanced:
- DISable "install on demand" (both of them)
- DISable "third party enhancements" (i.e. BHOs)

Firewall on?

-------------------- ----- ---- --- -- - - - -

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.

 

[Gino]

Thank you all for your help.
Gino

Nothing to do with updates (yet - wait until SP2, but I suggest doing all
this AFTER SP2 as well..

Secure your system and keep it protected/updated by following these tips:

Popups and Home Page Hijacks come in several flavors.. However, if
you use most of the items in the list I am about to give you, you will
lessen your popups, security holes and spam all with one list. Your
problem may be Messenger Popups (you should follow the firewall
advice and do a Google search on 'disable messenger service in
windows xp' to fix this) or web page popups (you should follow the
Google Toolbar advice section for these.) You may have
spyware/adware infesting your machine, follow the appropriate
section for that, making sure you use at least THREE of the tools
I list to scan and clean your machine AFTER updating them.
Cleaning up spyware/adware/malware usually solves home page
hijackers as well.

Please Notice that if you use AOL, you should at least upgrade to 9.0 or
greater before doing any of the fixes. I know you can get AOL 9.0 at almost
any convenience store, gas station, super market or other retail outlet in
the world, so this should not be a problem.


Turn on that firewall...
http://www.microsoft.com/WindowsXP/home/using/howto/homenet/icf.asp
(It has been reported that it now works with AOL 9.0+)


Make sure you have all the updates (critical) installed from:
http://windowsupdate.microsoft.com/
(Scan for updates, Review and Install)


Get rid of the spy/ad/mal-ware..
(Yes - using MORE than one of these..
I recommend at least the first three. Also..
UPDATE the definitions for them before using.)

Spybot Search and Destroy
http://www.safer-networking.net/

Lavasoft AdAware
http://www.lavasoft.de

CWSShredder
http://www.spywareinfo.com/~merijn/downloads.html

Hijack This!
http://mjc1.com/mirror/hjt/

I also like "The Cleaner" and "SpywareBlaster" and "SpywareGuard".
- http://www.moosoft.com/
- http://www.javacoolsoftware.com/

The first is a PAY product, but useable for 30 days - it has found and
eliminated problems in the past the others did not. The latter two are
prevention mechanisms. I like SpywareGuard for those with enough processor
to have something running like antivirus software - and it prevents browser
hijacking quite well.

And Assortment of Others:
http://www.merijn.org/downloads.html


After you cleanup your PC somewhat of spy/ad/mal-ware, verify your antivirus
software is updated and run a full scan of your computer. If you have no
antivirus software - get one NOW! Grisoft AntiVirus:
http://www.grisoft.com/us/us_dwnl_free.php


Empty your Temporary Internet Files and shrink the size it stores to about
80 to 120MB (seems to be an optimal size for the normal user)

- Open ONE copy of Internet Explorer.
- Select TOOLS -> Internet Options.
- Under the General tab in the "Temporary Internet Files" section,
do the following:
- Click on "Delete Cookies" (click OK)
- Click on "Settings" and change the
"Amount of disk space to use:" to something between 80MB
and 120MB. (Betting it is MUCH larger right now.)
- Click OK.
- Click on "Delete Files" and select to
"Delete all offline contents" (the checkbox) and click
OK. (If you had a LOT, this could take 2-10 minutes or
more.)
- Once it is done, click OK, close Internet Explorer
- Re-open Internet Explorer.


Uninstall any software you do not use often/ever. (If you have something
installed but never use it, uninstall it.) If you go through Control
Panel -> Add/Remove Programs and see things you seldom if ever use, it is to
your advantage to remove it.


Also, if you are tired of Web Page Pop-Ups/Unders.. You could try the
Google Toolbar.
http://toolbar.google.com/


Stop loading applications at logon.. run MSCONFIG and look under the startup
tab for things you DON'T want to startup! Search the Internet with Google
to discover what things are safe to remove and what things may even be
malware infecting your computer.


Better control your email and lessen the amount of time you spend dealing
with SPAM:
SpamBayes
http://spambayes.sourceforge.net
or
Spamihilator.
http://www.spamihilator.com