Virus that attacks IE?

Discussion in 'OT Technology' started by Biomechanoid, Feb 1, 2004.

  1. Biomechanoid

    Biomechanoid New Member

    Oct 21, 2003
    Likes Received:
    In the Woodline.
    I've been having some really FUCKED up problems with IE.

    everytime I'd use it there's a 50/50 chance that I'd get a 404 error with ANY website... google, e-bay, OT, etc.

    yet when I use mozilla, I don't have to worry about this at all.

    what's going on with my computer? I've run spybot, ad-aware, and norton, all updated within the last 4 days, yet nothing turns up. can anythnig short of a reformat help me out?

    I'm running XP with the service pack on a athlon 1400
    Last edited: Feb 1, 2004
  2. shastaisforwinners

    shastaisforwinners OT Supporter

    Aug 31, 2003
    Likes Received:
    uninstall IE, download IE6 + sp1, reinstall


    don't use IE (I recommend this option :) )
  3. Biomechanoid

    Biomechanoid New Member

    Oct 21, 2003
    Likes Received:
    In the Woodline.

    whoops.. I do have the service pack 1 installed... edited in my post.

    I don't like mozilla/firebird, because sometimes it doesn't display images (and no broken image tag in its place). makes it really annoying when browsing OT and not seeing half the avatars and smileys.
  4. col_panic

    col_panic calm like a bomb Moderator

    Sep 19, 2003
    Likes Received:
    winter haven, fl
    i don't recognize this as anything viral. you might d/l hijackthis and see if that helps. mozilla should load all your images too, but that's another story.

    i'm out for the night :wavey:
  5. Biomechanoid

    Biomechanoid New Member

    Oct 21, 2003
    Likes Received:
    In the Woodline.

    hijackthis fixed my problem, but IE's still fucking up. looks like it's a reformat later tonight :hs:
  6. Astro

    Astro Code Monkey

    Mar 18, 2000
    Likes Received:
    Cleveland Ohio
    Mozilla/Firebird work great for me on OT. Make sure you're using the latest version (v1.6) and not some v1.0 or something (early versions may have had some issues). Also, if you're still having problems, check your video card. If its ATI, you'll need to grab the latest drivers. Moz/Firebird have documented a known bug with ATI that doesn't render all images all the time. This is not a bug in the browser but the video driver. I'm running ATI on on at least 3+ computers and haven't had any problems (although I'm also running the latest drivers for the cards).
  7. Biomechanoid

    Biomechanoid New Member

    Oct 21, 2003
    Likes Received:
    In the Woodline.

    it's a GeForce2 64MB :hs:

    I've resigned to reformatting and reinstalling XP, as there's been a few other quirks with my virtual memory usage that seem to be cropping up as well (10gigs free on the XP hard drive, so I have the virtual mem set at 4gigs... yet it's always "full" )
  8. I'm a Slacker

    I'm a Slacker ASStastic

    Nov 19, 2001
    Likes Received:
    Browser users could be fooled into downloading executable files. A security hole in Microsoft Corp.’s Internet Explorer could prove devastating. Following the exposure of a vulnerability in Windows XP earlier this week, “http-equiv” of Malware has revealed that Explorer 6 users (and possibly users of earlier versions) could be fooled into downloading what look like safe files but are in fact whatever the author wishes them to be -- including executables.

    A demonstration of the hole is currently on security company Secunia’s website and demonstrates that if you click on a link, and select “Open” it purports to be downloading a pdf file whereas in fact it is an HTML executable file.

    It is therefore only a matter of imagination in getting people to freely download what could be an extremely dangerous worm -- like, for instance, the Doom worm currently reeking havoc across the globe.

    However what is more worrying is that this hole could easily be combined with another Explorer spoofing problem discovered in December.

    The previous spoofing problem allowed Explorer users to think they were visiting one site when in fact they were visiting somewhere entirely different. The implications are not only troublesome, but Microsoft’s failure to include a fix for the problem in its January patches has led many to believe it cannot be prevented.

    If the same is true for this spoofing issue, then it will only be a matter of time before someone who thinks they are visiting one website and downloading one file will in fact be visiting somewhere entirely different and downloading whatever that site’s owner decides.

    We also have reason to believe there is no fix. It may be that today’s flaw is identical to one found nearly three years ago by Georgi Guninski in which double-clicking a link in Explorer led you to believe you were downloading a text file but were in fact downloading a .hta file.

    In both cases, the con is created by embedding a CLSID into a file name. CLSID is a long numerical string that relates to a particular COM (Component Object Model) object. COM objects are what Microsoft uses to build applications on the Internet. By doing so, any type of file can be made to look like a “trusted” file type i.e. text or pdf.

    Guninski informed Microsoft in April 2001. The fact that the issue has been born afresh suggests rather heavily that the software giant has no way of preventing this from happening.

    So how bad could it get? Just off the top of our heads -- suppose someone set up a fake Hutton Inquiry site today with a link to the report’s summaries -- how many people across the U.K. would download a worm this afternoon? And imagine the computers it would end up on.

    The possibilities are endless, and since both spoof issues appear to be unfixable, it must surely place a big question mark over Explorer’s viability as a browser.

    The advice is to avoid this latest hole is always save files to a folder and then look at them. On your hard drive, the file’s true nature is revealed. But this advice is nearly as practical as Microsoft telling users not to click on links to avoid being caught out by the previous spoof problem.
  9. WPS

    WPS f22c1

    Mar 14, 2000
    Likes Received:
    i have a problem. every once in a while while running hotmail in IE it would close down the window and a txt file(hs_err_pid5516) will appear on the desktop and contain ....................
    what can it be? it's annoying

    "An unexpected exception has been detected in native code outside the VM.
    Unexpected Signal : unknown exception code (0xe06d7363) occurred at PC=0x77E73887

    Current Java thread:
    at Method)
    at sun.plugin.viewer.LifeCycleManager.installBrowserEventListener(Unknown Source)
    - locked <0x1c05a320> (a java.lang.Object)
    at sun.plugin.viewer.LifeCycleManager.checkLifeCycle(Unknown Source)
    at sun.plugin.viewer.IExplorerPluginObject.initPlugin(Unknown Source)
    - locked <0x1c05a2f8> (a sun.plugin.viewer.IExplorerPluginObject)
    at sun.plugin.viewer.IExplorerPluginObject.mayInit(Unknown Source)
    at sun.plugin.viewer.IExplorerPluginObject.frameReady(Unknown Source)
    at sun.plugin.viewer.frame.IExplorerEmbeddedFrame.setFrameSize(Unknown Source)

    Dynamic libraries:
    0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    0x77F50000 - 0x77FF7000 C:\WINDOWS\System32\ntdll.dll
    0x77E60000 - 0x77F46000 C:\WINDOWS\system32\kernel32.dll
    0x77C10000 - 0x77C63000 C:\WINDOWS\system32\msvcrt.dll
    0x77D40000 - 0x77DCC000 C:\WINDOWS\system32\USER32.dll
    0x77C70000 - 0x77CB0000 C:\WINDOWS\system32\GDI32.dll
    0x77DD0000 - 0x77E5D000 C:\WINDOWS\system32\ADVAPI32.dll
    0x78000000 - 0x7807E000 C:\WINDOWS\system32\RPCRT4.dll
    0x70A70000 - 0x70AD4000 C:\WINDOWS\system32\SHLWAPI.dll
    0x71700000 - 0x71849000 C:\WINDOWS\System32\SHDOCVW.dll
    0x76390000 - 0x763AC000 C:\WINDOWS\System32\IMM32.DLL
    0x629C0000 - 0x629C8000 C:\WINDOWS\System32\LPK.DLL
    0x72FA0000 - 0x72FFA000 C:\WINDOWS\System32\USP10.dll
    0x71950000 - 0x71A34000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
    0x773D0000 - 0x77BC2000 C:\WINDOWS\system32\SHELL32.dll
    0x77340000 - 0x773CB000 C:\WINDOWS\system32\comctl32.dll
    0x771B0000 - 0x772C7000 C:\WINDOWS\system32\ole32.dll
    0x5AD70000 - 0x5ADA4000 C:\WINDOWS\System32\uxtheme.dll
    0x74720000 - 0x74764000 C:\WINDOWS\System32\MSCTF.dll
    0x63000000 - 0x63014000 C:\WINDOWS\System32\SynTPFcs.dll
    0x77C00000 - 0x77C07000 C:\WINDOWS\system32\VERSION.dll
    0x75F80000 - 0x7607C000 C:\WINDOWS\System32\BROWSEUI.dll
    0x72430000 - 0x72442000 C:\WINDOWS\System32\browselc.dll
    0x75F40000 - 0x75F5F000 C:\WINDOWS\system32\appHelp.dll
    0x76FD0000 - 0x77048000 C:\WINDOWS\System32\CLBCATQ.DLL
    0x77120000 - 0x771AB000 C:\WINDOWS\system32\OLEAUT32.dll
    0x77050000 - 0x77115000 C:\WINDOWS\System32\COMRes.dll
    0x00DB0000 - 0x00DDB000 C:\WINDOWS\System32\msctfime.ime
    0x746F0000 - 0x74716000 C:\WINDOWS\System32\Msimtf.dll
    0x76200000 - 0x76298000 C:\WINDOWS\system32\WININET.dll
    0x762C0000 - 0x76348000 C:\WINDOWS\system32\CRYPT32.dll
    0x762A0000 - 0x762AF000 C:\WINDOWS\system32\MSASN1.dll
    0x76F90000 - 0x76FA0000 C:\WINDOWS\System32\Secur32.dll
    0x76620000 - 0x7666E000 C:\WINDOWS\System32\cscui.dll
    0x76600000 - 0x7661B000 C:\WINDOWS\System32\CSCDLL.dll
    0x76670000 - 0x76757000 C:\WINDOWS\System32\SETUPAPI.dll
    0x10000000 - 0x10008000 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    0x75E90000 - 0x75F37000 C:\WINDOWS\System32\SXS.DLL
    0x11000000 - 0x1100C000 C:\Program Files\PopupAdZero\PopupZeroIEDLL.dll
    0x73420000 - 0x73573000 C:\WINDOWS\System32\MSVBVM60.DLL
    0x021A0000 - 0x021BC000 C:\Program Files\Norton AntiVirus\NavShExt.dll
    0x021C0000 - 0x021DA000 C:\WINDOWS\System32\ccTrust.dll
    0x55900000 - 0x55961000 C:\WINDOWS\System32\MSVCP60.dll
    0x76B20000 - 0x76B35000 C:\WINDOWS\System32\ATL.DLL
    0x1A400000 - 0x1A47A000 C:\WINDOWS\system32\urlmon.dll
    0x76170000 - 0x761F8000 C:\WINDOWS\System32\shdoclc.dll
    0x74770000 - 0x747FF000 C:\WINDOWS\System32\mlang.dll
    0x71AD0000 - 0x71AD8000 C:\WINDOWS\System32\wsock32.dll
    0x71AB0000 - 0x71AC5000 C:\WINDOWS\System32\WS2_32.dll
    0x71AA0000 - 0x71AA8000 C:\WINDOWS\System32\WS2HELP.dll
    0x71A50000 - 0x71A8B000 C:\WINDOWS\system32\mswsock.dll
    0x71A90000 - 0x71A98000 C:\WINDOWS\System32\wshtcpip.dll
    0x63580000 - 0x63831000 C:\WINDOWS\System32\mshtml.dll
    0x029C0000 - 0x02BC1000 C:\WINDOWS\System32\msi.dll
    0x325C0000 - 0x325D2000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
    0x02CD0000 - 0x02CEB000 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll
    0x02E00000 - 0x02E1E000 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll
    0x76C30000 - 0x76C5B000 C:\WINDOWS\System32\wintrust.dll
    0x76C90000 - 0x76CB2000 C:\WINDOWS\system32\IMAGEHLP.dll
    0x0FFD0000 - 0x0FFF3000 C:\WINDOWS\System32\rsaenh.dll
    0x75A70000 - 0x75B15000 C:\WINDOWS\system32\userenv.dll
    0x71C20000 - 0x71C6E000 C:\WINDOWS\System32\netapi32.dll
    0x73D50000 - 0x73D60000 C:\WINDOWS\System32\cryptnet.dll
    0x76F60000 - 0x76F8C000 C:\WINDOWS\system32\WLDAP32.dll
    0x6B700000 - 0x6B790000 c:\windows\system32\jscript.dll
    0x746C0000 - 0x746E7000 C:\WINDOWS\System32\MSLS31.DLL
    0x73300000 - 0x73375000 c:\windows\system32\vbscript.dll
    0x039B0000 - 0x03B3D000 C:\WINDOWS\System32\macromed\flash\Flash.ocx
    0x76B40000 - 0x76B6C000 C:\WINDOWS\System32\WINMM.dll
    0x763B0000 - 0x763F5000 C:\WINDOWS\system32\comdlg32.dll
    0x72D20000 - 0x72D29000 C:\WINDOWS\System32\wdmaud.drv
    0x72D10000 - 0x72D18000 C:\WINDOWS\System32\msacm32.drv
    0x77BE0000 - 0x77BF4000 C:\WINDOWS\System32\MSACM32.dll
    0x77BD0000 - 0x77BD7000 C:\WINDOWS\System32\midimap.dll
    0x66E50000 - 0x66E8B000 C:\WINDOWS\System32\iepeers.dll
    0x73000000 - 0x73023000 C:\WINDOWS\System32\WINSPOOL.DRV
    0x76EE0000 - 0x76F17000 C:\WINDOWS\System32\RASAPI32.DLL
    0x76E90000 - 0x76EA1000 C:\WINDOWS\System32\rasman.dll
    0x76EB0000 - 0x76EDB000 C:\WINDOWS\System32\TAPI32.dll
    0x76E80000 - 0x76E8D000 C:\WINDOWS\System32\rtutils.dll
    0x722B0000 - 0x722B5000 C:\WINDOWS\System32\sensapi.dll
    0x76F20000 - 0x76F45000 C:\WINDOWS\System32\DNSAPI.dll
    0x76FB0000 - 0x76FB7000 C:\WINDOWS\System32\winrnr.dll
    0x76FC0000 - 0x76FC5000 C:\WINDOWS\System32\rasadhlp.dll
    0x65000000 - 0x65009000 C:\WINDOWS\System32\ddrawex.dll
    0x51000000 - 0x5104D000 C:\WINDOWS\System32\DDRAW.dll
    0x73BC0000 - 0x73BC6000 C:\WINDOWS\System32\DCIMAN32.dll
    0x74CB0000 - 0x74D1F000 C:\WINDOWS\System32\mshtmled.dll
    0x1C000000 - 0x1C007000 C:\Program Files\AIM95\idlemon.dll
    0x5FF20000 - 0x5FF43000 C:\WINDOWS\System32\MSRATING.DLL
    0x5FF50000 - 0x5FF61000 C:\WINDOWS\System32\msratelc.dll
    0x735A0000 - 0x735C4000 C:\WINDOWS\System32\scrrun.dll
    0x71D40000 - 0x71D5B000 C:\WINDOWS\System32\actxprxy.dll
    0x767F0000 - 0x76814000 C:\WINDOWS\System32\schannel.dll
    0x0FFA0000 - 0x0FFC1000 C:\WINDOWS\System32\dssenh.dll
    0x08830000 - 0x08868000 C:\WINDOWS\System32\wmpdxm.dll
    0x71B20000 - 0x71B31000 C:\WINDOWS\system32\MPR.dll
    0x07680000 - 0x07AF2000 C:\WINDOWS\System32\wmp.dll
    0x73BD0000 - 0x73BF0000 C:\WINDOWS\System32\MSVFW32.dll
    0x08110000 - 0x083DE000 C:\WINDOWS\System32\wmploc.dll
    0x6D440000 - 0x6D450000 C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    0x5EDD0000 - 0x5EDEA000 C:\WINDOWS\System32\OLEPRO32.DLL
    0x6D310000 - 0x6D327000 C:\Program Files\Java\j2re1.4.2\bin\jpiexp32.dll
    0x6D380000 - 0x6D397000 C:\Program Files\Java\j2re1.4.2\bin\jpishare.dll
    0x06380000 - 0x064B6000 C:\PROGRA~1\Java\J2RE14~1.2\bin\client\jvm.dll
    0x059E0000 - 0x059E7000 C:\PROGRA~1\Java\J2RE14~1.2\bin\hpi.dll
    0x05A00000 - 0x05A0E000 C:\PROGRA~1\Java\J2RE14~1.2\bin\verify.dll
    0x05A30000 - 0x05A48000 C:\PROGRA~1\Java\J2RE14~1.2\bin\java.dll
    0x05A90000 - 0x05A9D000 C:\PROGRA~1\Java\J2RE14~1.2\bin\zip.dll
    0x06ED0000 - 0x06FDA000 C:\Program Files\Java\j2re1.4.2\bin\awt.dll
    0x06FE0000 - 0x07030000 C:\Program Files\Java\j2re1.4.2\bin\fontmanager.dll
    0x5C000000 - 0x5C0C8000 C:\WINDOWS\System32\D3DIM700.DLL
    0x6D2F0000 - 0x6D304000 C:\Program Files\Java\j2re1.4.2\bin\jpicom32.dll
    0x6D510000 - 0x6D58D000 C:\WINDOWS\system32\DBGHELP.dll
    0x76BF0000 - 0x76BFB000 C:\WINDOWS\System32\PSAPI.DLL

    Heap at VM Abort:
    def new generation total 576K, used 408K [0x1c010000, 0x1c0b0000, 0x1c770000)
    eden space 512K, 67% used [0x1c010000, 0x1c0661f0, 0x1c090000)
    from space 64K, 100% used [0x1c090000, 0x1c0a0000, 0x1c0a0000)
    to space 64K, 0% used [0x1c0a0000, 0x1c0a0000, 0x1c0b0000)
    tenured generation total 1408K, used 295K [0x1c770000, 0x1c8d0000, 0x22010000)
    the space 1408K, 20% used [0x1c770000, 0x1c7b9e90, 0x1c7ba000, 0x1c8d0000)
    compacting perm gen total 4096K, used 3534K [0x22010000, 0x22410000, 0x26010000)
    the space 4096K, 86% used [0x22010000, 0x22383aa0, 0x22383c00, 0x22410000)

    Local Time = Sun Feb 01 16:37:15 2004
    Elapsed Time = 5
    # The exception above was detected in native code outside the VM
    # Java VM: Java HotSpot(TM) Client VM (1.4.2-b28 mixed mode)

Share This Page