Question about virus attack

Discussion in 'Computer Support' started by =?ISO-8859-1?Q?R=F4g=EAr?=, Jun 21, 2006.

  1. EZE wrote:
    > The other night I was at my computer and a window popped up from out of
    > nowhere and downloaded a trojan horse virus to my computer in my ie files.
    > My anti-virus program caught it and alerted me, which allowed me to destroy
    > the virus before it had a chance to do anything. I had windows firewall
    > active but it didn't do anything.
    >
    > Is there a service that allows people to download stuff to your computer
    > without permission? If there is, what one is it and how do I turn it off so
    > nobody else can just download stuff to my computer w/o asking me first? If
    > not, is there a way to keep people from just putting stuff on my machine w/o
    > my permission?


    For that to happen, you already were infected. Since you didn't mention
    the virus, it'd be hard to get specific with an answer. But most people
    have Microsoft doing whatever they want to with their computer. Maybe an
    antivirus company too. I really don't trust much of anyone to have carte
    blanche with my computer.

    Have you considered having an antispyware program active on your machine?

    Turn off any file sharing (peer to peer) programs.
    =?ISO-8859-1?Q?R=F4g=EAr?=, Jun 21, 2006
    #1
    1. Advertising

  2. =?ISO-8859-1?Q?R=F4g=EAr?=

    Guest

    "EZE" <> wrote:

    |>The other night I was at my computer and a window popped up from out of
    |>nowhere and downloaded a trojan horse virus to my computer in my ie files.
    |>My anti-virus program caught it and alerted me, which allowed me to destroy
    |>the virus before it had a chance to do anything. I had windows firewall
    |>active but it didn't do anything.
    |>
    |>Is there a service that allows people to download stuff to your computer
    |>without permission? If there is, what one is it and how do I turn it off so
    |>nobody else can just download stuff to my computer w/o asking me first? If
    |>not, is there a way to keep people from just putting stuff on my machine w/o
    |>my permission?

    One was is if you have ActiveX enabled. It should be disabled - or
    better yet use another browser (Opera) that doesn't use nor allow it.

    To check
    Control Panel - internet options - Security - Custom Level
    Turn off ActiveX or tell you when it want's to run.

    There are many other ways (WMF exploit) but ActiveX is a huge front
    door.

    --
    Sigh...
    when I send stuff by ship, it's called Cargo,
    yet when I send stuff by truck it's called a Shipment.
    , Jun 21, 2006
    #2
    1. Advertising

  3. =?ISO-8859-1?Q?R=F4g=EAr?=

    sittingduck Guest

    EZE wrote:

    > Is there a service that allows people to download stuff to your computer
    > without permission? If there is, what one is it and how do I turn it off
    > so nobody else can just download stuff to my computer w/o asking me
    > first? If not, is there a way to keep people from just putting stuff on
    > my machine w/o my permission?


    Yeah, the active service is called Internet Explorer. <G>

    Try using Firefox as your browser. By default, it does NOT allow sites to
    install software to your computer.
    sittingduck, Jun 21, 2006
    #3
  4. =?ISO-8859-1?Q?R=F4g=EAr?=

    Mitch Guest

    In article <ce096$4498d9f3$438d1bfb$>, EZE
    <> wrote:

    > The other night I was at my computer and a window popped up from out of
    > nowhere and downloaded a trojan horse virus to my computer in my ie files.
    > My anti-virus program caught it and alerted me, which allowed me to destroy
    > the virus before it had a chance to do anything. I had windows firewall
    > active but it didn't do anything.
    >
    > Is there a service that allows people to download stuff to your computer
    > without permission? If there is, what one is it and how do I turn it off so
    > nobody else can just download stuff to my computer w/o asking me first? If
    > not, is there a way to keep people from just putting stuff on my machine w/o
    > my permission?


    What you are describing is what happens when there is already software
    on your machine to do someone else's bidding -- a bot or a trojan or
    just something opening access for an external user.
    So you need to clean that kind of junk out -- run anti-spyware
    software, at the very least.
    Mitch, Jun 21, 2006
    #4
  5. =?ISO-8859-1?Q?R=F4g=EAr?=

    EZE Guest

    The other night I was at my computer and a window popped up from out of
    nowhere and downloaded a trojan horse virus to my computer in my ie files.
    My anti-virus program caught it and alerted me, which allowed me to destroy
    the virus before it had a chance to do anything. I had windows firewall
    active but it didn't do anything.

    Is there a service that allows people to download stuff to your computer
    without permission? If there is, what one is it and how do I turn it off so
    nobody else can just download stuff to my computer w/o asking me first? If
    not, is there a way to keep people from just putting stuff on my machine w/o
    my permission?

    Earl
    EZE, Jun 21, 2006
    #5
  6. =?ISO-8859-1?Q?R=F4g=EAr?=

    Whiskers Guest

    On 2006-06-21, EZE <> wrote:
    > The other night I was at my computer and a window popped up from out of
    > nowhere and downloaded a trojan horse virus to my computer in my ie files.
    > My anti-virus program caught it and alerted me, which allowed me to destroy
    > the virus before it had a chance to do anything.


    Good. Make sure your 'anti-virus' and 'spyware' and 'adware' programs are
    all bang up-to-date and scan your whole system. Often.

    > I had windows firewall
    > active but it didn't do anything.


    Not altogether surprising.

    > Is there a service that allows people to download stuff to your computer
    > without permission? If there is, what one is it and how do I turn it off so
    > nobody else can just download stuff to my computer w/o asking me first? If
    > not, is there a way to keep people from just putting stuff on my machine w/o
    > my permission?
    >
    > Earl


    The weakness is called Windows. You can help to protect it by never using
    Internet Explorer or Outlook Express (there are free alternatives to both,
    almost all much better) and by hedging it around with lots of third-party
    defenses such as anti-virus programs, and even better you can avoid
    letting your Windows system ever getting directly connected to the
    internet - use a router/firewall.

    Whatever web browser you use, disable Java, plugins, and 'scripting', by
    default and only enable them for web sites you trust and which don't work
    properly otherwise. How easy it is to do that, and exactly how you do it,
    depends on which browser you are using.

    The only sure way to avoid all security problems with Windows, is to stop
    using Windows.

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~
    Whiskers, Jun 21, 2006
    #6
  7. =?ISO-8859-1?Q?R=F4g=EAr?=

    Whiskers Guest

    On 2006-06-21, Mitch <> wrote:
    > In article <ce096$4498d9f3$438d1bfb$>, EZE
    > <> wrote:
    >
    >> The other night I was at my computer and a window popped up from out of
    >> nowhere and downloaded a trojan horse virus to my computer in my ie files.
    >> My anti-virus program caught it and alerted me, which allowed me to destroy
    >> the virus before it had a chance to do anything. I had windows firewall
    >> active but it didn't do anything.
    >>
    >> Is there a service that allows people to download stuff to your computer
    >> without permission? If there is, what one is it and how do I turn it off so
    >> nobody else can just download stuff to my computer w/o asking me first? If
    >> not, is there a way to keep people from just putting stuff on my machine w/o
    >> my permission?

    >
    > What you are describing is what happens when there is already software
    > on your machine to do someone else's bidding -- a bot or a trojan or
    > just something opening access for an external user.
    > So you need to clean that kind of junk out -- run anti-spyware
    > software, at the very least.


    A bit of dirty scripting on a web site could have taken a 'mouseover' as
    'permission' to install something.

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~
    Whiskers, Jun 21, 2006
    #7
  8. =?ISO-8859-1?Q?R=F4g=EAr?=

    Guest

    wrote:

    |> "EZE" <> wrote:
    |>
    |>|>The other night I was at my computer and a window popped up from out of
    |>|>nowhere and downloaded a trojan horse virus to my computer in my ie files.
    |>|>My anti-virus program caught it and alerted me, which allowed me to destroy
    |>|>the virus before it had a chance to do anything. I had windows firewall
    |>|>active but it didn't do anything.
    |>|>
    |>|>Is there a service that allows people to download stuff to your computer
    |>|>without permission? If there is, what one is it and how do I turn it off so
    |>|>nobody else can just download stuff to my computer w/o asking me first? If
    |>|>not, is there a way to keep people from just putting stuff on my machine w/o
    |>|>my permission?

    |>One way is if you have ActiveX enabled. It should be disabled - or
    |>better yet use another browser (Opera) that doesn't use nor allow it.
    |>
    |>To check
    |>Control Panel - internet options - Security - Custom Level
    |>Turn off ActiveX or tell you when it want's to run.
    |>
    |>There are many other ways (WMF exploit) but ActiveX is a huge front
    |>door.

    Shows the power of ActiveX - if you have it enabled.
    http://www.nsclean.com/exploit.htm

    --
    Sigh...
    when I send stuff by ship, it's called Cargo,
    yet when I send my stuff by truck it's called a Shipment.
    , Jun 21, 2006
    #8
  9. =?ISO-8859-1?Q?R=F4g=EAr?=

    EZE Guest

    "Mitch" <> wrote in message
    news:200620062058010714%...
    > In article <ce096$4498d9f3$438d1bfb$>, EZE
    > <> wrote:
    >
    >> The other night I was at my computer and a window popped up from out of
    >> nowhere and downloaded a trojan horse virus to my computer in my ie
    >> files.
    >> My anti-virus program caught it and alerted me, which allowed me to
    >> destroy
    >> the virus before it had a chance to do anything. I had windows firewall
    >> active but it didn't do anything.
    >>
    >> Is there a service that allows people to download stuff to your computer
    >> without permission? If there is, what one is it and how do I turn it off
    >> so
    >> nobody else can just download stuff to my computer w/o asking me first?
    >> If
    >> not, is there a way to keep people from just putting stuff on my machine
    >> w/o
    >> my permission?

    >
    > What you are describing is what happens when there is already software
    > on your machine to do someone else's bidding -- a bot or a trojan or
    > just something opening access for an external user.
    > So you need to clean that kind of junk out -- run anti-spyware
    > software, at the very least.



    That's exactly what worries me. I run anti-virus/anti-spy and keep my system
    protected as best I can. In fact, if it weren't for anti-virus I wouldn't
    have even known I was being attacked. Since this happened, I have used 2
    different anti-virus programs (Grisoft AVG and Norton), both with up-to-date
    definitions and couldn't find any evidence of anything else. I did have some
    spyware cookies on my machine from places like advertising.com. Other than
    that I can't find anything else. This happened while I was using IE so I'll
    stop using IE, since it always seems to be a favorite target and
    "sittingduck" mentioned. I appreciate everyone's advise and thank everyone
    who responded to my post.


    Earl
    EZE, Jun 21, 2006
    #9
  10. =?ISO-8859-1?Q?R=F4g=EAr?=

    Ponder Guest

    Ponder, Jun 21, 2006
    #10
  11. =?ISO-8859-1?Q?R=F4g=EAr?=

    Ponder Guest

    Hiya .

    In <news:hboohlu76qzl$> I wrote:

    >> Shows the power of ActiveX - if you have it enabled.
    >> http://www.nsclean.com/exploit.htm

    > Nothing happened here... but that might be due to using Firefox under
    > Linux ;)


    Just tried under IE in Windows XP Media Center Edition:

    Line: 27
    Char: 1
    Error: ActiveX component can't create object: 'WScript.Shell'
    Code: 0
    URL: http://www.nsclean.com/exploit.htm

    --
    PGP key ID - DSS:0x2661A952
    Ponder - Homepage: http://www.colinjones.co.uk ICQ# 1707811
    Skittles Team: http://www.ddskittles.co.uk
    Ponder, Jun 21, 2006
    #11
  12. wrote:

    > Shows the power of ActiveX - if you have it enabled.
    > http://www.nsclean.com/exploit.htm


    I think that page is borked.

    In IE, I got the message "In this test, we only opened 3 copies of
    CALCULATOR..." but actually "we" opened nothing at all, and IE reported
    "Error on page."

    In Firefox, I got the same message, but again, not a single instance of
    Calculator.

    rl
    --
    Rhonda Lea Kirk

    Insisting on perfect safety is for people
    without the balls to live in the real world.
    Mary Shafer Iliff
    Rhonda Lea Kirk, Jun 21, 2006
    #12
  13. =?ISO-8859-1?Q?R=F4g=EAr?=

    Guest

    "Rhonda Lea Kirk" <> wrote:

    |> wrote:
    |>
    |>> Shows the power of ActiveX - if you have it enabled.
    |>> http://www.nsclean.com/exploit.htm
    |>
    |>I think that page is borked.
    |>
    |>In IE, I got the message "In this test, we only opened 3 copies of
    |>CALCULATOR..." but actually "we" opened nothing at all, and IE reported
    |>"Error on page."
    |>
    |>In Firefox, I got the same message, but again, not a single instance of
    |>Calculator.
    |>
    |>rl

    Same thing in Opera, it means it's working, or your safe against
    ActiveX doing anything it want's

    It's when the three calculators open you got problems or IE is set to
    default settings.

    --
    Sigh...
    when I send stuff by ship, it's called Cargo,
    yet when I send my stuff by truck it's called a Shipment.
    , Jun 21, 2006
    #13
  14. =?ISO-8859-1?Q?R=F4g=EAr?=

    joevan Guest

    On Wed, 21 Jun 2006 14:51:29 -0400, "Rhonda Lea Kirk"
    <> wrote:

    > wrote:
    >
    >> Shows the power of ActiveX - if you have it enabled.
    >> http://www.nsclean.com/exploit.htm

    >
    >I think that page is borked.
    >
    >In IE, I got the message "In this test, we only opened 3 copies of
    >CALCULATOR..." but actually "we" opened nothing at all, and IE reported
    >"Error on page."
    >
    >In Firefox, I got the same message, but again, not a single instance of
    >Calculator.
    >
    >rl

    What the, I was not running IE and got the following with firefox
    after x'ing the popups.


    If you saw three copies of CALC on your screen, you are at risk
    because you have ActiveX enabled in the "Internet Zone." You should
    have at LEAST gotten a warning that the ActiveX control called was
    unsafe and had to click on an OK box to allow the three copies of
    CALC.EXE to appear. You also have "MS Javascript enabled in the
    "Internet Zone" which is also dangerous.

    You should ALWAYS operate Internet Explorer with "scripting" turned
    off completely and move any sites you actually *TRUST* to the "Trusted
    Sites" zone so that you can continue to protect yourself against rogue
    sites. ONLY those sites you really trust to use ActiveX or Javascript
    should be moved to "Trusted sites." By following these safe practices,
    you won't be burned. We got you to potentially compromise your system
    by clicking on this test. See how easy it is? Can you imagine what
    could be lurking at some of the other sites you visit?

    How does it work?

    Microsoft provides a kernel service called WSHOM.OCX in your "system"
    folder which permits "batch files" similar to the capabilities of the
    old MSDOS batch files. However, WSHOM.OCX "internet enables" these
    functions and by allowing "scripting" and "ActiveX" controls to be run
    from a web site, the WEB SITE can also operate these system-level
    functions just like any trojan horse back door is able to if you allow
    sites access to these capabilities. While you can remove "Windows
    Scripting Host" the WSHOM.OCX is a critical part of the system by
    Microsoft's design and Microsoft INSISTS upon replacing this file
    should you delete it since this functionality is a KEY part of
    Microsoft's "dotNET" strategy. A number of web sites use WSHOM.OCX for
    such things as antivirus scans and other potentially useful functions.
    However, the "script kiddies" have also captured the technology and
    since Microsoft does not provide an intrinsic safety mechanism to
    forbid such activity by their design, a number of people have suffered
    extreme system harm by its exposure to the outside world.

    To make matters worse, we've received reports from a number of people
    who have visited some nasty sites that they never received the
    opportunity to decline these rogue ActiveX controls. In other words,
    they never received warning that an unsafe ActiveX control was going
    to be run and as a result, their hard disks were erased, systems
    destroyed or at minimum, encountered trojan horse back doors placed on
    their system without ANY warning at all. While others who have
    examined the pages in question, by means of their settings did not
    experience these problems, we found it EXTREMELY disturbing that in a
    number of cases, primarily involving IE6, that no warnings were given
    at all. Any "trusted site" which requires Javascript and ActiveX
    controls should *ONLY* be permitted to run in the "Trusted sites" zone
    after being physically placed there by the end user and should NEVER
    be allowed to run in the "Internet Zone." This is the reason why we've
    made this test available - so you can determine if you're at risk and
    make the necessary adjustments to secure your computer. And for those
    who are not comfortable trying to do this, we do manufacture software
    that will do it for you.

    We hope you received an "immune" verdict and did NOT see three copies
    of CALC.EXE on your desktop.

    Our IECLEAN product permits you to turn off Javascript, ActiveX and
    numerous other dangers in Internet Explorer, Outlook Express and Media
    Player and protect yourself if any of these exploits (including the
    alert box which described the existing exploits which take advantage
    of this hole appeared) has appeared on your screen. "Popups" use THIS
    method as well. If you know how to adjust your registry and security
    settings manually, please do so. If your eyes glaze over at mention of
    "security zones" and "registry editing" then our IEClean product for
    Internet Explorer will do it FOR you.

    Click here to return ...
    --
    "Politicians are like diapers. They should both be changed frequently
    and for the same reason."
    joevan, Jun 21, 2006
    #14
  15. =?ISO-8859-1?Q?R=F4g=EAr?=

    Plato Guest

    EZE wrote:
    >
    > The other night I was at my computer and a window popped up from out of
    > nowhere and downloaded a trojan horse virus to my computer in my ie files.
    > My anti-virus program caught it and alerted me, which allowed me to destroy
    > the virus before it had a chance to do anything. I had windows firewall
    > active but it didn't do anything.


    The purpose of a firewall in NOT to block files, including files that
    contain, or are, virus files.


    --
    http://www.bootdisk.com/
    Plato, Jun 22, 2006
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tipsy Tammy

    TROJAN VIRUS ATTACK

    Tipsy Tammy, Jul 27, 2004, in forum: MCSE
    Replies:
    11
    Views:
    679
  2. Rubix

    Help! Under attack from the "Microsoft" virus

    Rubix, Sep 20, 2003, in forum: Computer Support
    Replies:
    8
    Views:
    447
    Steve Knight
    Sep 21, 2003
  3. MKK

    virus attack

    MKK, Oct 25, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    544
    Roy Jones
    Oct 25, 2003
  4. BW

    virus attack

    BW, Nov 1, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    468
    ShepĀ©
    Nov 1, 2003
  5. dorothy.bradbury
    Replies:
    15
    Views:
    1,011
    dorothy.bradbury
    Jul 21, 2003
Loading...

Share This Page