Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > IE6 infected

Reply
Thread Tools

IE6 infected

 
 
Eric
Guest
Posts: n/a
 
      11-08-2004
Does that mean I should use the given checksum to check the pattern file
rather than the .COM file?

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:M1ujd.3414$DB.3363@trnddc04...
> That's right !
>
> This is a a self extracting EXE file that was renamed to a COM file.
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
>
> This is a ZIP file and it is now at revision 2.238.
>
> Latest Trend signature files.
> http://www.trendmicro.com/download/pattern.asp
>
> Dave
>
>
>
> "Eric" <(E-Mail Removed)> wrote in message

news:8Itjd.181$(E-Mail Removed)...
> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> | news:%231hCJ$(E-Mail Removed)...
> | > 1) Download the following three items...
> | >
> | > Trend Sysclean Package
> | > http://www.trendmicro.com/download/dcs.asp
> | >
> |
> | Trend give a MD5 checksum for this download. They don't tell you how to

use
> | it, but I found some instructions at
> | http://www.openoffice.org/dev_docs/using_md5sums.html. Unfortunately,

these
> | tell you how to verify the checksum for a zip file. What is downloaded

is
> | not a zip file, so how can I verify the checksum?
> |
> |
>
>



 
Reply With Quote
 
 
 
 
David H. Lipman
Guest
Posts: n/a
 
      11-08-2004
I'm not going to say one or the other. Just download the .COM and ZIP files, and follow the
directions I provided.

Dave



"Eric" <(E-Mail Removed)> wrote in message news:GWMjd.133$%(E-Mail Removed)...
| Does that mean I should use the given checksum to check the pattern file
| rather than the .COM file?
|
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:M1ujd.3414$DB.3363@trnddc04...
| > That's right !
| >
| > This is a a self extracting EXE file that was renamed to a COM file.
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| >
| > This is a ZIP file and it is now at revision 2.238.
| >
| > Latest Trend signature files.
| > http://www.trendmicro.com/download/pattern.asp
| >
| > Dave
| >
| >
| >
| > "Eric" <(E-Mail Removed)> wrote in message
| news:8Itjd.181$(E-Mail Removed)...
| > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| > | news:%231hCJ$(E-Mail Removed)...
| > | > 1) Download the following three items...
| > | >
| > | > Trend Sysclean Package
| > | > http://www.trendmicro.com/download/dcs.asp
| > | >
| > |
| > | Trend give a MD5 checksum for this download. They don't tell you how to
| use
| > | it, but I found some instructions at
| > | http://www.openoffice.org/dev_docs/using_md5sums.html. Unfortunately,
| these
| > | tell you how to verify the checksum for a zip file. What is downloaded
| is
| > | not a zip file, so how can I verify the checksum?
| > |
| > |
| >
| >
|
|


 
Reply With Quote
 
 
 
 
nemo outis
Guest
Posts: n/a
 
      11-09-2004
In article <GWMjd.133$%(E-Mail Removed)>, "Eric" <(E-Mail Removed)> wrote:
>Does that mean I should use the given checksum to check the pattern file
>rather than the .COM file?


Checksums are easily forgeable (they're linear in the
coefficients). MD5, SHA-* or RIPEMD are better choices.

Regards,

 
Reply With Quote
 
Eric
Guest
Posts: n/a
 
      11-19-2004
I've run Sysclean & Adaware SE. Neither seems to have found the source of my
problem. Running Sysclean in Safe mode seems to cause problems.

Details below.


WinPatrol says I have a browser object called Related.htm. I can't find any
info on this in the list of known browser objects at
http://www.sysinfo.org/bholist.php. It has also twice reported that the
file associations for .CAB have changed, but doesn't specify what's changed
it.

Downloaded Adaware & Sysclean.com. Ran MD5 checksum verification on
Sysclean.com - checksums matched. Unzipped sysclean, downloaded latest
pattern file, unzipped it & copied lpt$vpn.246 to the same folder as
Sysclean.exe. Rebooted while holding down F8. During boot up sequence got
the
message:

CMOS/GPNVChexcksum bad!

Continued & started up in Safe Mode. Ran Sysclean by double-clicking on
Sysclean.exe in Windows explorer. Twice (before & after starting Sysclean)
got a message saying "
If you run a text-based program in safe mode, you risk corruption of the
video display or experiencing other anomalies...". Closed all other
application before
starting scan with automatic clean/delete of infected files. Sysclean ran
for about 25 minutes before a message came up saying vscantn (might be wrong
spelling, I forgot to write it down) had performed an illegal operation &
would be shut down This happened while it was scanning the root directory
(C:*.*). Had to use button on the PC casing to perform a hardware shut down.
While rebooting held down F8 again & again got the message:

CMOS/GPNVChexcksum bad!

Also, mouse was not detected.

Again continued & started in Safe mode. Mouse not working.

Scandisk log said "Log file generated at 06:10PM on Friday, January 04,
1980....There was one lost cluster."

Sysclean.log was empty.
TSCDebug.log said "Debug Information Level=0"

Ran Sysclean as before. After about 30 minutes got windows message saying
Pstores had pergformed an illegal operation & would be shut down. When I
closed that, got the same message for vscantm. Sysclean finishefd & produced
a liog, but when I exited I saw a Windows message saying Sysclean had
performed an illegal operation.

TSCDebug.log said "Debug Information Level=0"

SYSCLEAN.log was as follows:

/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


1980-01-04, 18:37:24, Auto-clean mode specified.
1980-01-04, 18:37:24, Running scanner "C:\MY
DOCUMENTS\SECURITY\TSC.BIN"...
1980-01-04, 18:42:09, Scanner "C:\MY DOCUMENTS\SECURITY\TSC.BIN" has
finished running.
1980-01-04, 18:42:09, TSC Log:

Damage Cleanup Engine (DCE) 3.6(Build 1120)
Windows 98

Start time : Fri Jan 04 1980 18:41:37

Load Damage Cleanup Template (DCT) "C:\MY DOCUMENTS\SECURITY\tsc.ptn"
(version 449) [success]

Complete time : Fri Jan 04 1980 18:42:09
Execute pattern count(1391), Virus found count(0), Virus clean count(0),
Clean failed count(0)

1980-01-04, 18:46:08, An error occurred while scanning file
"C:\WINDOWS\WIN386.SWP": Access is denied.
1980-01-04, 19:12:29, Running scanner "C:\MY
DOCUMENTS\SECURITY\VSCANTM.BIN"...
1980-01-04, 19:13:07, Files Detected:
1980-01-04, 19:13:07, Files Clean:
1980-01-04, 19:13:07, Clean Fail:
1980-01-04, 19:13:07, Scanner "C:\MY DOCUMENTS\SECURITY\VSCANTM.BIN" has
finished running.
--------------------------- end of SYSCLEAN.log ------------------------

Booted up in normal mode. No checksum problem reported during boot-up
sequence. Stopped anti-virus, firewall & other windows applications. Ran
Sysclean. No illegal operation errors reported. Log file seems to have
appended new report to old one. My system time needs to be reset, but
Sysclean only detected one virus, in an email attachment I already
suspected. However, it was unable to scan my swop file & reported an error.
New report as follows:
/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


1980-01-04, 13:49:02, Auto-clean mode specified.
1980-01-04, 13:49:02, Running scanner "C:\MY
DOCUMENTS\SECURITY\TSC.BIN"...
1980-01-04, 13:49:54, Scanner "C:\MY DOCUMENTS\SECURITY\TSC.BIN" has
finished running.
1980-01-04, 13:49:54, TSC Log:

Damage Cleanup Engine (DCE) 3.6(Build 1120)
Windows 98

Start time : Fri Jan 04 1980 13:49:02

Load Damage Cleanup Template (DCT) "C:\MY DOCUMENTS\SECURITY\tsc.ptn"
(version 449) [success]

Complete time : Fri Jan 04 1980 13:49:54
Execute pattern count(1391), Virus found count(0), Virus clean count(0),
Clean failed count(0)

1980-01-04, 13:49:56, An error occurred while scanning file
"C:\WIN386.SWP": Access is denied.
1980-01-04, 14:12:13, Running scanner "C:\MY
DOCUMENTS\SECURITY\VSCANTM.BIN"...
1980-01-04, 14:44:59, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/4/1980 14:12:15
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 246 (75549 Patterns) (2004/11/11) (224600)
Command Line: C:\MY DOCUMENTS\SECURITY\VSCANTM.BIN /NBPM /S /CLEANALL
/LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\MY
DOCUMENTS\SECURITY

23338 files have been read.
23338 files have been checked.
15902 files have been scanned.
54484 files have been scanned. (including files in archived)
1 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/4/1980 14:44:58
---------*---------*---------*---------*---------*---------*---------*------
---*
1980-01-04, 14:44:59, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/4/1980 14:12:15
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 246 (75549 Patterns) (2004/11/11) (224600)
Command Line: C:\MY DOCUMENTS\SECURITY\VSCANTM.BIN /NBPM /S /CLEANALL
/LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\MY
DOCUMENTS\SECURITY

Success Clean [ WORM_NETSKY.P]( 1) from C:\My Documents\Hacker
details\possible email with virus 1.txt,(message.scr)
23338 files have been read.
23338 files have been checked.
15902 files have been scanned.
54484 files have been scanned. (including files in archived)
1 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/4/1980 14:44:58 32 minutes 39 seconds (1959.14 seconds) has
elapsed.

---------*---------*---------*---------*---------*---------*---------*------
---*
1980-01-04, 14:44:59, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/4/1980 14:12:15
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 246 (75549 Patterns) (2004/11/11) (224600)
Command Line: C:\MY DOCUMENTS\SECURITY\VSCANTM.BIN /NBPM /S /CLEANALL
/LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\MY
DOCUMENTS\SECURITY

23338 files have been read.
23338 files have been checked.
15902 files have been scanned.
54484 files have been scanned. (including files in archived)
1 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/4/1980 14:44:58 32 minutes 39 seconds (1959.14 seconds) has
elapsed.

---------*---------*---------*---------*---------*---------*---------*------
---*
1980-01-04, 14:44:59, Scanner "C:\MY DOCUMENTS\SECURITY\VSCANTM.BIN" has
finished running.

--------------------------- end of SYSCLEAN.log ------------------------

Ran a compl;ete scan of system using up to date AVG. No viruses found.

Ran Adaware SE. It found 9 critical objects, all tagged "Alexa", which it
says are low threat.











 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
AJAX problem: slow response using IE6 on Win2000 versus IE6 on XP Pugi! Javascript 0 02-05-2007 10:34 AM
IE6 SP1 rendering vs IE6 SP2 rendering Peter Mount HTML 4 01-31-2006 08:01 AM
Bug in IE6 , cant remove ie6 to replace Ockerr Computer Support 2 01-21-2005 04:01 PM
PC could be infected without opening an infected mail?! Doug Fox Computer Security 10 02-28-2004 09:32 PM
Just one ie6 template that works with ie6!? Ivor O'Connor HTML 4 11-25-2003 09:16 PM



Advertisments