«

I use free versions of ZoneAlarm for firewall & AVG 6.0.779 for anti-virus
checking. ZoneAlarm is set to automatically check for updates. Updating AVG
is usually the first thing I do every time I go online. I also automatically
check for & immediately install updates to IE6, Win 98 & other Microsoft
products.

My PC seems to have some sort of infection. Web pages I view with IE6 appear
to have JavaScript inserted. This script is not actually in those web
pages & when I use a non-Microsoft browser I can see them as they should be,
This problem does not manifest itself when I create a web page myself and
examine it on my hard drive. However once that page is placed in my webspace
the Javascript problem manifests itself (see example below: first original
file, then file with inserted Javascript).

I have tried doing a free PestScan offered by ZoneLabs, but it just opens a
blank IE window. It doesn't seem to do anything.

Some one suggested using "HijackThis" but the blurb for this says its
"Intended for advanced users". I don't think I know enough to use it. Can
anyone suggest a course of action which doesn't involve spending money on
new software or re formatting my disc& re-installing the operating system?

----------------------------------------------------------------------------
---------------------------
<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/css" href="standard.css" ?>

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Testing NTL webspace</title>
</head>
<body>
<div class="footer">
<p>
<a href="http://validator.w3.org/check?uri=referer"><img
src="vxhtml-basic10.png"
alt="Valid XHTML Basic 1.0!"
height="31"
width="88" /></a>
Testing!!!!!!!
</p>
</div>

</body>
</html>

----------------------------------------------------------------------------
---------------------------
<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/css" href="standard.css" ?>

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Testing NTL webspace</title>


<script language='javascript'
src='http://127.0.0.1:1025/js.cgi?pcaw&r=21726'></script>

</head>
<body>
<div class="footer">
<p>
<a href="http://validator.w3.org/check?uri=referer">
</a>
Testing!!!!!!!
</p>
</div>

</body>
</html>

<script language='javascript'>postamble();</script>











IE6 Infecyed

Hi Eric

There are several types of warez that can also infect your system other than
a virus. Actually, the most common types are hijackers, malware and
parasites, all of which can cause a variety of problems. If you have more
than one of these types, you may have a series of problems. Most anti-virus
programs can not detect these types of warez as they don't have those types
of definitions.

The warning for the HiJackThis as being meant to be used by advanced users,
does not mean that you have to be an expert to *use* it, but, as it can deal
with removing files in the Registry, and if you really are not sure what
files are what, then it is best to have it analyzed by an expert at one of
the forums that will do this for you and can make recommendations for the
proper corrections needed, if any, and the proper procedures to do so
without compromising your system. Running the program to create the log for
the experts to analyze is not at all difficult, so there is no need to tarry
to use it.

I have provided the link of a few forums that have experts to analyze the
HJT logs for you and provide instructions to make any necessary corrections.
They will see you through the process and make sure your system is fully
clean. You should also download the other programs, such as AdAware SE,
SpyBot S&D and CWShredder, to make sure your system is free of any malware,
spyware, adware and parasites as well. Below is information to obtain the
proper programs and instructions for scanning your system for the various
warez.

Although you may have already run one or more of the programs, please do so
again according to the instructions below. Some variants of malware can
replicate themselves over and over if not removed properly. Please follow
all instructions carefully to be sure your system is thoroughly cleaned:

Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
Be sure to run CWShredder, Ad-aware and Spybot.
Also be sure to use the HijackThis. Please do not post your log to this
newsgroup, but to the SpywareInfo or the Aumha HiJackThis forums
http://forum.aumha.org/viewforum.php?f=30, to allow the experts there to
evaluate your log and advise you of the necessary steps to clean your
system.

AdAware SE: Free
http://www.lavasoft.de/software/adaware/

New CWShredder version: Free
http://www.intermute.com/spysubtract..._download.html

CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.

Also, get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
Also, with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also
From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
also ....
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)

or ........

Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip

Also.........

Courtesy of Jim Byrd -

Download Sysclean.com, from Trend Micro, here:
http://www.trendmicro.com/download/dcs.asp along with the latest pattern
file, here:
http://www.trendmicro.com/download/pattern.asp
Be sure to read the "How-to" info here:
http://www.trendmicro.com/ftp/products/tsc/readme.txt
You might also want to get Art's updater, SYS-UP.Zip, here for future
updating of these: http://home.epix.net/~artnpeg/.
(If you download and use the updater from the beginning, it will
automatically handle downloading the other files. Place them in a dedicated
folder after appropriate unzipping, and then run. This scan may take a long
time, as Sysclean is VERY extensive and thorough

and......

NOTE: If you can not download these programs from the Internet, if your PC
has CD read capabilities, go to another computer with CD-ROM burning
capabilities. Create a folder on the hard drive of the other computer called
HOLD, download the programs to that folder, then burn that folder to a CD.
Copy the HOLD folder to your HD and then install the programs from there
and run them. After you have IE access again, update all programs where
possible to get the latest definitions and run them again in Safe Mode to be
sure there are no lingering items on the system.

If these steps do not resolve your problem, please post back to this thread
with the details and any error messages.

Hope this helps

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm




"Eric" <> wrote in message
news:B17ed.56$...
> I use free versions of ZoneAlarm for firewall & AVG 6.0.779 for
anti-virus
> checking. ZoneAlarm is set to automatically check for updates. Updating
AVG
> is usually the first thing I do every time I go online. I also
automatically
> check for & immediately install updates to IE6, Win 98 & other Microsoft
> products.
>
> My PC seems to have some sort of infection. Web pages I view with IE6
appear
> to have JavaScript inserted. This script is not actually in those web
> pages & when I use a non-Microsoft browser I can see them as they should
be,
> This problem does not manifest itself when I create a web page myself and
> examine it on my hard drive. However once that page is placed in my
webspace
> the Javascript problem manifests itself (see example below: first original
> file, then file with inserted Javascript).
>
> I have tried doing a free PestScan offered by ZoneLabs, but it just opens
a
> blank IE window. It doesn't seem to do anything.
>
> Some one suggested using "HijackThis" but the blurb for this says its
> "Intended for advanced users". I don't think I know enough to use it. Can
> anyone suggest a course of action which doesn't involve spending money on
> new software or re formatting my disc& re-installing the operating system?
>
> --------------------------------------------------------------------------
--
> ---------------------------
> <?xml version="1.0" encoding="utf-8"?>
> <?xml-stylesheet type="text/css" href="standard.css" ?>
>
> <!DOCTYPE html
> PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
>
> <html xmlns="http://www.w3.org/1999/xhtml">
> <head>
>
> <title>Testing NTL webspace</title>
> </head>
> <body>
> <div class="footer">
> <p>
> <a href="http://validator.w3.org/check?uri=referer"><img
> src="vxhtml-basic10.png"
> alt="Valid XHTML Basic 1.0!"
> height="31"
> width="88" /></a>
> Testing!!!!!!!
> </p>
> </div>
>
> </body>
> </html>
>
> --------------------------------------------------------------------------
--
> ---------------------------
> <?xml version="1.0" encoding="utf-8"?>
> <?xml-stylesheet type="text/css" href="standard.css" ?>
>
> <!DOCTYPE html
> PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
>
> <html xmlns="http://www.w3.org/1999/xhtml">
> <head>
>
> <title>Testing NTL webspace</title>
>
>
> <script language='javascript'
> src='http://127.0.0.1:1025/js.cgi?pcaw&r=21726'></script>
>
> </head>
> <body>
> <div class="footer">
> <p>
> <a href="http://validator.w3.org/check?uri=referer">
> </a>
> Testing!!!!!!!
> </p>
> </div>
>
> </body>
> </html>
>
> <script language='javascript'>postamble();</script>
>
>
>
>
>
>
>
>
>
>
>
> IE6 Infecyed
>
>

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (personal free version)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt210.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

You can also try some of the below online scanners.

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

Symantec:
http://security.symantec.com/

BitDefender
http://www.bitdefender.com/scan/license.php

Freedom Online scanner
http://www.freedom.net/viruscenter/index.html

* * * Please report your results ! * * *

Dave





"Eric" <> wrote in message news:B17ed.56$...
| I use free versions of ZoneAlarm for firewall & AVG 6.0.779 for anti-virus
| checking. ZoneAlarm is set to automatically check for updates. Updating AVG
| is usually the first thing I do every time I go online. I also automatically
| check for & immediately install updates to IE6, Win 98 & other Microsoft
| products.
|
| My PC seems to have some sort of infection. Web pages I view with IE6 appear
| to have JavaScript inserted. This script is not actually in those web
| pages & when I use a non-Microsoft browser I can see them as they should be,
| This problem does not manifest itself when I create a web page myself and
| examine it on my hard drive. However once that page is placed in my webspace
| the Javascript problem manifests itself (see example below: first original
| file, then file with inserted Javascript).
|
| I have tried doing a free PestScan offered by ZoneLabs, but it just opens a
| blank IE window. It doesn't seem to do anything.
|
| Some one suggested using "HijackThis" but the blurb for this says its
| "Intended for advanced users". I don't think I know enough to use it. Can
| anyone suggest a course of action which doesn't involve spending money on
| new software or re formatting my disc& re-installing the operating system?
|
| ----------------------------------------------------------------------------
| ---------------------------
| <?xml version="1.0" encoding="utf-8"?>
| <?xml-stylesheet type="text/css" href="standard.css" ?>
|
| <!DOCTYPE html
| PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
| "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
| <html xmlns="http://www.w3.org/1999/xhtml">
| <head>
|
| <title>Testing NTL webspace</title>
| </head>
| <body>
| <div class="footer">
| <p>
| <a href="http://validator.w3.org/check?uri=referer"><img
| src="vxhtml-basic10.png"
| alt="Valid XHTML Basic 1.0!"
| height="31"
| width="88" /></a>
| Testing!!!!!!!
| </p>
| </div>
|
| </body>
| </html>
|
| ----------------------------------------------------------------------------
| ---------------------------
| <?xml version="1.0" encoding="utf-8"?>
| <?xml-stylesheet type="text/css" href="standard.css" ?>
|
| <!DOCTYPE html
| PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
| "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
| <html xmlns="http://www.w3.org/1999/xhtml">
| <head>
|
| <title>Testing NTL webspace</title>
|
|
| <script language='javascript'
| src='http://127.0.0.1:1025/js.cgi?pcaw&r=21726'></script>
|
| </head>
| <body>
| <div class="footer">
| <p>
| <a href="http://validator.w3.org/check?uri=referer">
| </a>
| Testing!!!!!!!
| </p>
| </div>
|
| </body>
| </html>
|
| <script language='javascript'>postamble();</script>
|
|
|
|
|
|
|
|
|
|
|
| IE6 Infecyed
|
|

"Eric" <> wrote in news:B17ed.56$Nm2.47@newsfe1-
win.ntli.net:

> IE6 infected
>

See:
Internet Explorer Is Too Dangerous to Keep Using
http://www.thechannelinsider.com/art...1619762,00.asp

WRT HijackThis, you can download it and follow the directions from here:
http://tomcoyote.com/hjt/

Eric wrote:

> I use free versions of ZoneAlarm for firewall & AVG 6.0.779 for anti-virus
> checking. ZoneAlarm is set to automatically check for updates. Updating AVG



>
> My PC seems to have some sort of infection. Web pages I view with IE6 appear
> to have JavaScript inserted. This script is not actually in those web
> pages & when I use a non-Microsoft browser I can see them as they should be,
> This problem does not manifest itself when I create a web page myself and
> examine it on my hard drive. However once that page is placed in my webspace
> the Javascript problem manifests itself (see example below: first original
> file, then file with inserted Javascript).
>

Added code in the <head> section...

> <script language='javascript'
> src='http://127.0.0.1:1025/js.cgi?pcaw&r=21726'></script>

and after the </html>

> <script language='javascript'>postamble();</script>

Incidentally i just came across this when sorting out some
doublettes of various webpages i have saved to my harddiskdrive.

It was in pages saved during a few days in january. At that time
i had reloaded Windows and was, from memory, possibly using the
combination of Internet Explorer, ZonAlarm Pro-Trial with
Popup-blocker activated.

But, i had also comment-code added before the two insertions:
<!-- ZoneLabs Privacy Insertion -->
and
<!-- ZoneLabs Popup Blocking Insertion -->

see also <http://forums.devshed.com/archive/t-77135> for another
example of the same.

Now i use Zonalarm free (containing no inherent popupblocker) and
Mozilla Firefox (containing a popupblocker) and the insertions
are not there anymore.

The strange thing is you saying that you are using Zonalarm free,
and still have the codeinsertions ...

--
Please followup in newsgroup.
E-mail address is invalid due to spam-control.

.... et al. wrote:
> Eric wrote:
>
>> I use free versions of ZoneAlarm for firewall & AVG 6.0.779 for
>> anti-virus
>> checking. ZoneAlarm is set to automatically check for updates.
>> Updating AVG
>
>
>
>
>>
>> My PC seems to have some sort of infection. Web pages I view with IE6
>> appear
>> to have JavaScript inserted. This script is not actually in those web
>> pages & when I use a non-Microsoft browser I can see them as they
>> should be,
>> This problem does not manifest itself when I create a web page myself and
>> examine it on my hard drive. However once that page is placed in my
>> webspace
>> the Javascript problem manifests itself (see example below: first
>> original
>> file, then file with inserted Javascript).
>>
>
> Added code in the <head> section...
>
>> <script language='javascript'
>> src='http://127.0.0.1:1025/js.cgi?pcaw&r=21726'></script>
>
>
> and after the </html>
>
>> <script language='javascript'>postamble();</script>
>
>
> Incidentally i just came across this when sorting out some doublettes of
> various webpages i have saved to my harddiskdrive.
>
> It was in pages saved during a few days in january. At that time i had
> reloaded Windows and was, from memory, possibly using the combination of
> Internet Explorer, ZonAlarm Pro-Trial with Popup-blocker activated.
>
> But, i had also comment-code added before the two insertions:
> <!-- ZoneLabs Privacy Insertion -->
> and
> <!-- ZoneLabs Popup Blocking Insertion -->
>
> see also <http://forums.devshed.com/archive/t-77135> for another example
> of the same.
>
> Now i use Zonalarm free (containing no inherent popupblocker) and
> Mozilla Firefox (containing a popupblocker) and the insertions are not
> there anymore.
>
> The strange thing is you saying that you are using Zonalarm free, and
> still have the codeinsertions ...
>

Explanation.
You are using some popupblocking program that uses the same
technique as ZoneAlarm, but does not identify itself in the
inserted code.
Right?

--
Please followup in newsgroup.
E-mail address is invalid due to spam-control.

"... et al." <> wrote in message
news:i%Sed.107252$...
> ... et al. wrote:
> > Eric wrote:
> >
> >> I use free versions of ZoneAlarm for firewall & AVG 6.0.779 for
> >> anti-virus
> >> checking. ZoneAlarm is set to automatically check for updates.
> >> Updating AVG
> >
> >
> >
> >
> >>
> >> My PC seems to have some sort of infection. Web pages I view with IE6
> >> appear
> >> to have JavaScript inserted. This script is not actually in those web
> >> pages & when I use a non-Microsoft browser I can see them as they
> >> should be,
> >> This problem does not manifest itself when I create a web page myself
and
> >> examine it on my hard drive. However once that page is placed in my
> >> webspace
> >> the Javascript problem manifests itself (see example below: first
> >> original
> >> file, then file with inserted Javascript).
> >>
> >
> > Added code in the <head> section...
> >
> >> <script language='javascript'
> >> src='http://127.0.0.1:1025/js.cgi?pcaw&r=21726'></script>
> >
> >
> > and after the </html>
> >
> >> <script language='javascript'>postamble();</script>
> >
> >
> > Incidentally i just came across this when sorting out some doublettes of
> > various webpages i have saved to my harddiskdrive.
> >
> > It was in pages saved during a few days in january. At that time i had
> > reloaded Windows and was, from memory, possibly using the combination of
> > Internet Explorer, ZonAlarm Pro-Trial with Popup-blocker activated.
> >
> > But, i had also comment-code added before the two insertions:
> > <!-- ZoneLabs Privacy Insertion -->
> > and
> > <!-- ZoneLabs Popup Blocking Insertion -->
> >
> > see also <http://forums.devshed.com/archive/t-77135> for another example
> > of the same.
> >
> > Now i use Zonalarm free (containing no inherent popupblocker) and
> > Mozilla Firefox (containing a popupblocker) and the insertions are not
> > there anymore.
> >
> > The strange thing is you saying that you are using Zonalarm free, and
> > still have the codeinsertions ...
> >
>
> Explanation.
> You are using some popupblocking program that uses the same
> technique as ZoneAlarm, but does not identify itself in the
> inserted code.
> Right?
>

No, but I did recently have a free trial of the ZoneAlarm Pro version. Thiis
supposed to have uninstalled itself but maybe that is the origin of my
problem.

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%231hCJ$...
> 1) Download the following three items...
>
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
>

Trend give a MD5 checksum for this download. They don't tell you how to use
it, but I found some instructions at
http://www.openoffice.org/dev_docs/using_md5sums.html. Unfortunately, these
tell you how to verify the checksum for a zip file. What is downloaded is
not a zip file, so how can I verify the checksum?

That's right !

This is a a self extracting EXE file that was renamed to a COM file.
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

This is a ZIP file and it is now at revision 2.238.

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Dave



"Eric" <> wrote in message news:8Itjd.181$...
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:%231hCJ$...
| > 1) Download the following three items...
| >
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| >
|
| Trend give a MD5 checksum for this download. They don't tell you how to use
| it, but I found some instructions at
| http://www.openoffice.org/dev_docs/using_md5sums.html. Unfortunately, these
| tell you how to verify the checksum for a zip file. What is downloaded is
| not a zip file, so how can I verify the checksum?
|
|

In article <8Itjd.181$>, "Eric" <> wrote:
>"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>news:%231hCJ$...
>> 1) Download the following three items...
>>
>> Trend Sysclean Package
>> http://www.trendmicro.com/download/dcs.asp
>>
>
>Trend give a MD5 checksum for this download. They don't tell you how to use
>it, but I found some instructions at
>http://www.openoffice.org/dev_docs/using_md5sums.html. Unfortunately, these
>tell you how to verify the checksum for a zip file. What is downloaded is
>not a zip file, so how can I verify the checksum?


There are a zillion hash-checking programs out there (md5, sha
family, ripemd, etc.) - many of them free. I prefer the ones
that will recurse through subdirectories as this lets you
validate whole chunks of your system against tampering, is the
very best way to compare/synch directories, etc.

Some names:

fsum
iside
m5sum
m5deep
filecheckmd5
winmd5

If you google you'll find these and many more.

Regards,