M
M
The other day I had a shock.
I had three IE6 browser windows open; my own site, the reputable
www.adslguide.org.uk and MoveableType (which I was using to update my own
site). I didn't have Outlook Express open.
Suddenly Norton AV popped up and told me that two files in my Temporary
Internet Files were infected with MHTMLRedir.Exploit and "Trojan Horse"
(the files were blahblahblah\man[2].htm and blahblahblah\exploit[1]htm).
Obviously they weren't "blahblahblah" but .... In a bit of a panic I
deleted my Temp. Internet files (including off-line content). The panic
was mainly as I was not surfing unknown/dodgy sites, just my own, MT and
adslguide. I thought someone must have hacked my site but I had friends
check it out the same night and there's nothing odd happening there.
I have my security settings pretty high - so much so that I'm prompted
continually to allow ActiveX controls and plugins to run. That happened
when I got the NAV alerts. I think I must have clicked on "yes" as next
thing I knew, I was being prompted to download "seksdialer.exe" from
69.93.142.154. Obviously I didn't continue with that!
I have all the critical Windows XP patches. I run Spybot S & D,
Spywareblaster, and have scanned my pc with TDS-3. Nothing has been
picked up. I've examined my Hijackthis log and can't see anything
suspicious.
I'd love to know how I got these "virus" infections. As NAV trapped the
problem files and I deleted the cache I thought I had nothing to be
concerned about. However, since that night, whenever I try to download a
file and I'm told "your download will begin automatically" it doesn't, so
I have to click the provided link to start the download. Similarly, on
forums when I've posted a message and I'm told that I'm being taken back,
I'm not, so have to click the "click here if you do not wish to wait"
link.
I've tried running the command regsvr32 /i urlmon.dll which I've seen
mentioned as a cure for loss of autoredirects but that hasn't helped.
If anyone has any ideas I'd be grateful. Sorry for the long-winded post
but I wanted to provide as much info as I could.
thanks
I had three IE6 browser windows open; my own site, the reputable
www.adslguide.org.uk and MoveableType (which I was using to update my own
site). I didn't have Outlook Express open.
Suddenly Norton AV popped up and told me that two files in my Temporary
Internet Files were infected with MHTMLRedir.Exploit and "Trojan Horse"
(the files were blahblahblah\man[2].htm and blahblahblah\exploit[1]htm).
Obviously they weren't "blahblahblah" but .... In a bit of a panic I
deleted my Temp. Internet files (including off-line content). The panic
was mainly as I was not surfing unknown/dodgy sites, just my own, MT and
adslguide. I thought someone must have hacked my site but I had friends
check it out the same night and there's nothing odd happening there.
I have my security settings pretty high - so much so that I'm prompted
continually to allow ActiveX controls and plugins to run. That happened
when I got the NAV alerts. I think I must have clicked on "yes" as next
thing I knew, I was being prompted to download "seksdialer.exe" from
69.93.142.154. Obviously I didn't continue with that!
I have all the critical Windows XP patches. I run Spybot S & D,
Spywareblaster, and have scanned my pc with TDS-3. Nothing has been
picked up. I've examined my Hijackthis log and can't see anything
suspicious.
I'd love to know how I got these "virus" infections. As NAV trapped the
problem files and I deleted the cache I thought I had nothing to be
concerned about. However, since that night, whenever I try to download a
file and I'm told "your download will begin automatically" it doesn't, so
I have to click the provided link to start the download. Similarly, on
forums when I've posted a message and I'm told that I'm being taken back,
I'm not, so have to click the "click here if you do not wish to wait"
link.
I've tried running the command regsvr32 /i urlmon.dll which I've seen
mentioned as a cure for loss of autoredirects but that hasn't helped.
If anyone has any ideas I'd be grateful. Sorry for the long-winded post
but I wanted to provide as much info as I could.
thanks