I am working with an XP Home - PC that is having some very
odd problems with IE and OE. In IE I am unable to type in
any text box on any page - for example I can not log in to
my hotmail email account because I try to click in the
user name field and nothing happens. Similar problem in
OE - when I either reply to a message or create a new
message I can type in the To: field but I can not access
nor type in the message field.
I have searched extensively on these problems all over the
Internet and the closest hint I could find (on MS's
support page - but really for IE 5, not 6) was to replace
the mshtmler.dll file in the windows system directory as
it might be corrupt (I did this with every instance of
that file I could find on the PC) - and this did not help
at all. I also did the usual things such as uninstall both
IE and OE and reinstall, scan for viruses with the best
and brightest apps and check for all manner of spyware via
adaware and spybot etc. Nothing has helped.
Other clues: I get an "Error: 96" when I go to IE help-
>about and I get a similar error when I start up OE and
click on the Outlook Express parent folder - it gives
me "Error: 30".
This PC was having hardware stability issues (now fixed)
so quite likely some file or other is corrupt.
I am about to wipe the hard drive and reinstall unless
someone here might be able to assist.
Thanks in advance!
-Steve
1st i would download and run these be sure to update them
http://www.lavasoftusa.com/software/adaware/ adaware
http://www.safer-networking.org/index.php?page=download spybot
http://www.safer-networking.org/index.php?page=download cwshredder
http://www.spywareinfo.com/~merijn/downloads.html some other usefull removal
tools
also do a full virus scan
--
If the information posted above helps then let me know.
If it doesn't more fool you for believing me.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.713 / Virus Database: 469 - Release Date: 30/06/2004
Try the following and see if it helps.
Can't type in text fields (IE and OE)
http://inetexplorer.mvps.org/answers_5.htm#text_fields
Hope this helps.
Jan :)
Smiles are meant to be shared,
that's why they're so contagious.
Please post back to this newsgroup for the benetit of others.
Also see security tips at:
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm
Don
--
MVP IE/OE
Please reply to the newsgroup so that others may participate.
"Steve" wrote in message news:2447801c45f4b$54c0bd80$a501...@phx.gbl...
Okay, so I'm a little frustrated. But I was unhappy with seeing the same
thing thrown at me three or four times when I tried to make it clear that it
didn't work the first time.
If SP2 wasn't so close to being released I'd probably bite the bullet and do
a reinstall over my existing XP Pro.
"Steve" <anon...@discussions.microsoft.com> wrote in message
news:2447801c45f4b$54c0bd80$a501...@phx.gbl...
--
If the information posted above helps then let me know.
If it doesn't more fool you for believing me.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.714 / Virus Database: 470 - Release Date: 02/07/2004
Instead of a reinstall, try the information below and see if a repair will
help.
Repair Internet Explorer
For XP Repair of IE -
Be sure that your AV and firewall is disabled before starting:
How to Reinstall or Repair Internet Explorer and Outlook Express in Windows
XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q318378
Courtesy of Robert Aldwinckle
XP users who have installed IE6sp1 before upgrading to XPsp1
will have setupwbv.dll and will be able to do a repair using
rundll32 setupwbv.dll,IE6Maintenance
Otherwise, they have to use
sfc /scannow
etc., or reinstall IE6 (Ref: KB318378)
or......................
Courtesy of Jim Byrd:
There is no direct Repair function for IE6 in XP. Here are some
alternatives:
1. With XP you need to go to Start|Run and type "sfc /scannow" (without the
quotes and notice the space between the c and the /.) Have your XP CD handy
and be prepared to go get a cup of coffee - it takes a while. This will do
the same thing as Repair IE6 for XP but a lot more, that is find any corrupt
system files and replace them. It does not, however, re-register the
various software components (except possibly the ones it replaces?) AFAIK.
Be aware that under certain circumstances (Win2k before SP4 - see mskb
814510, http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q814510) sfc
can erroneously overwrite (restore over) previously installed files from
certain "hotfixes" which will then need to be re-installed. To check for
this, after running sfc, open a Cmd window and enter "qfecheck /v /l:c:\"
(without the quotes). If you don't have qfecheck installed, it can be
obtained for XP here:
http://www.microsoft.com/downloads/release.asp?ReleaseID=35468 and for
Win2k, obtain qfecheck here:
http://www.microsoft.com/downloads/release.asp?ReleaseID=35470
2. Another alternative that works on Win2k and may or may not work on XP
(but probably does - I've heard both stories), for just IE6 repair if you
don't have IE6 listed in Add-Remove Programs, then in Start|Run then enter
"rundll32 setupwbv.dll,IE6Maintenance"
without the quotes, exactly as shown, and select the appropriate entry.
3. If you find that you need to do a re-install of IE6 then you can
consider the following, I can't verify this for XP (I'm Win2k - it works
there, and I've had good reports from XP users), but you might want to give
it a try at your own risk. Again, enter this at Start|Run without the
quotes and be careful about the spacing:
"rundll32.exe setupapi,InstallHinfSection DefaultInstall 132
C:\windows\inf\ie.inf"
4. Lastly, here is a link to a MSKB article about re-installing IE6/OE6:
How to Reinstall or Repair Internet Explorer and Outlook Express in Windows
XP (Q318378)
http://support.microsoft.com/?id=kb;en-us;Q318378
or................
Courtesy of Robert Aldwinckle
Here is a more recent suggestion I have been giving to XP users
who want to try some repair procedures.
<TITLE>831429 - Windows XP stops responding when you download updates from
Windows Update</TITLE>
< http://support.microsoft.com/default.aspx?scid=kb;en-us;831429 >
It is actually a more comprehensive set of re-registrations than an
IE Repair with the default FixIE.inf would do for either NT5.
Although they are listed specifically for W2K they should apply
equally to XP.
Hope this helps.
Jan :)
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
If the other suggestions don't resolve the problem, try the information
Repair Internet Explorer
Courtesy of Robert Aldwinckle
rundll32 setupwbv.dll,IE6Maintenance
sfc /scannow
or......................
Courtesy of Jim Byrd:
"rundll32 setupwbv.dll,IE6Maintenance"
or................
Courtesy of Robert Aldwinckle
Hope this helps.
Jan :)
What constitutes a "messed up" PC? Apart from this one issue I have been
running all kinds of stuff on my machine since the day I installed XP Pro
last year. Photoshop, AutoCAD, various multimedia programs... all without
one blip of a problem. No Spyware, no virii, no trojans. Running behind a
router using NAT and also a software firewall. My machine is carefully
maintained, probably better than most. It runs 24/7 and is only rebooted
when I feel like doing it; not because it is required. So does it qualify as
"messed up"?
"Jan Il" <ab...@localhost.com> wrote in message
news:uBRLdUaY...@tk2msftngp13.phx.gbl...
Did it. Had no effect.
> Be aware that under certain circumstances (Win2k before SP4 - see mskb
> 814510, http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q814510)
sfc
> can erroneously overwrite (restore over) previously installed files from
> certain "hotfixes" which will then need to be re-installed. To check for
> this, after running sfc, open a Cmd window and enter "qfecheck /v /l:c:\"
> (without the quotes). If you don't have qfecheck installed, it can be
> obtained for XP here:
> http://www.microsoft.com/downloads/release.asp?ReleaseID=35468 and for
> Win2k, obtain qfecheck here:
> http://www.microsoft.com/downloads/release.asp?ReleaseID=35470
>
Does not apply.
> 2. Another alternative that works on Win2k and may or may not work on XP
> (but probably does - I've heard both stories), for just IE6 repair if you
> don't have IE6 listed in Add-Remove Programs, then in Start|Run then enter
>
> "rundll32 setupwbv.dll,IE6Maintenance"
>
> without the quotes, exactly as shown, and select the appropriate entry.
>
> 3. If you find that you need to do a re-install of IE6 then you can
> consider the following, I can't verify this for XP (I'm Win2k - it
works
> there, and I've had good reports from XP users), but you might want to
give
> it a try at your own risk. Again, enter this at Start|Run without the
> quotes and be careful about the spacing:
>
> "rundll32.exe setupapi,InstallHinfSection DefaultInstall 132
> C:\windows\inf\ie.inf"
>
> 4. Lastly, here is a link to a MSKB article about re-installing IE6/OE6:
>
> How to Reinstall or Repair Internet Explorer and Outlook Express in
Windows
> XP (Q318378)
> http://support.microsoft.com/?id=kb;en-us;Q318378
>
I'm a little scared of trying 2 or 3 because of the NT / XP qualifier.
Option 4 is the one I'm trying not to do, but if I were to do it (Method 2
on the KB article) how does one actually carry out step 5 (reinstall IE6)?
> or................
>
> Courtesy of Robert Aldwinckle
>
> Here is a more recent suggestion I have been giving to XP users
> who want to try some repair procedures.
>
> <TITLE>831429 - Windows XP stops responding when you download updates from
> Windows Update</TITLE>
> < http://support.microsoft.com/default.aspx?scid=kb;en-us;831429 >
>
> It is actually a more comprehensive set of re-registrations than an
> IE Repair with the default FixIE.inf would do for either NT5.
>
> Although they are listed specifically for W2K they should apply
> equally to XP.
>
> Hope this helps.
>
> Jan :)
...snip...
Thanks Jan. I will continue to try and resolve this.
you have a problem wihich is stopping you using your pc as you wish to,
therfor it is "messed up".
if your gona do a wipe/reinstall it's worth trying sp2 1st.
i wish you all the best in trying to fix your problem
>> I'm a little scared of trying 2 or 3 because of the NT / XP qualifier.
> Option 4 is the one I'm trying not to do, but if I were to do it
> (Method 2 on the KB article) how does one actually carry out step 5
> (reinstall IE6)?
I don't normally recommend a reinstall, but, if it is the last card in the
deck, and it really needs to be done, and perhaps this is one of the cases
where things are just too messed up somewhere to salvage, then I strongly
urge folks to go by the information here, and to follow instructions very
carefully. Also, print out all instructions so that you have them handy.
Once IE is uninstalled, you will not have Internet access until you
reinstall IE.
I know that it can be a bit scary the first time. Review all the
instructions in the information provided before you start, and If there is
anything you don't understand, or need clarification on, post back. :-)
How Do I Install/Uninstall IE?
http://www.btinternet.com/~winnoel/ReInIE.htm
Problems reinstalling IE6 Q831167
http://support.microsoft.com/?kbid=831167
also, if you use Outlook Express..........
To Backup, restore or transfer OE messages and settings:
See:
http://insideoe.tomsterdam.com/backup/index.htm
http://www.oehelp.com/backup.aspx
Outlook Express Backup programs
www.oehelp.com/OEBackup/)
Hope this helps.
Jan :)
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html
Okay, I'll print these out and give it a go. BTW, will these answer how to
reinstall OE? If not, I'll need to ask for some insight on that as well. :)
...snip...
Hmm, will IEradicator work in XP Pro?
NO! IE6 in XP is a core part of the program, and it can not be delete or
uninstalled without serious damage to the program. It is not meant to be
uninstalled. *Do Not* use the IEradicator on XP at all. You'll wind up with
Duck Soup. ;-)
Unless there is serious scumware on your system, a repair of IE6 on XP
should clear most problems.
Jan :)
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html.
Did the Registry trick to get the ie6setup program to work. Got to where it
began to install the downloaded components, and it stopped, indicating that
it did not pass the Windows Logo criteria. Huh?
>
> Did the Registry trick to get the ie6setup program to work. Got to
> where it began to install the downloaded components, and it stopped,
> indicating that it did not pass the Windows Logo criteria. Huh?
OK....let's try the following and see if they will help get you back on
track.
828031 - The Software You Are Installing Has Not Passed Windows Logo
Testing...
http://support.microsoft.com/?kbid=828031
822798 - You cannot install some updates or programs [logo testing]:
http://support.microsoft.com/default.aspx?kbid=822798
JSI Tip 6571. 'The software you are installing has not passed Windows Logo
testing to verify it's compatibility with Windows XP:
http://www.jsiinc.com/SUBN/tip6500/rh6571.htm
Hope this helps.
Jan :)
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
Not applicable. Don't have that Hotfix installed (which is kind of wierd, as
it does not show up as needed when I go to Windows Update)
> 822798 - You cannot install some updates or programs [logo testing]:
> http://support.microsoft.com/default.aspx?kbid=822798
>
Did everything except the Certificate stuff. None of it worked. I did check
the Certs, and they look okay, but I did not do any of the replacement stuff
becuase I have not yet found a known machine to acquire the Certificates for
import back to my machine.
> JSI Tip 6571. 'The software you are installing has not passed Windows Logo
> testing to verify it's compatibility with Windows XP:
> http://www.jsiinc.com/SUBN/tip6500/rh6571.htm
>
>
Haven't gotten to this page yet, but I did note a difference between this
and the KB steps. On this page it says to stop cryptsvc before renaming
Catroot2, which is not indicated in the KB. Is this a subtle difference that
will matter? I'll give it a try.
Hard to tell, Tony. Seems that something is not right somewhere. All I can
say is try it and see. If this does not do it, then you may need to
reinstall the OS, then reinstall all the Updates and Patches again. But,
these things do weird things to the system that is sometimes not 'general
issue', so it makes if very hard to troubleshoot. I've consulted with some
of the experts on this as well, and this was the recommended procedure for
this type of problem. That nothing seems to be helping is an indication
there may be a serious file corruption somewhere. I am the first to prefer
trying everything possible before a reinstall, but, if this doesn't work,
then I don't know what else to offer as an alternative remedy. You've given
it the good old college try, and then some, and obviously, there is a deeper
problem. Give the other a shot, and report back the results.
I'll be trying the rest of these tips tomorrow (too late to start something
that may end in disaster!). But here's some stuff that may add to the
confusion:
One other observation I've made is with both OE and IE6. When I have
multiple windows of IE6 running and I click on one of the windows that
happens to be in the background, it will not raise to the top - even though
the title bar changes to the active color. I have to click on the topmost
window after that, then click on that window in the background, and then it
will raise to the top. The same kind of thing happens if I have one IE6
window and OE running. I suspect this and my other problem are related
somehow.
OK....I wanted you to try the information below first, so, let's see if we
can get this to work. :-)
I found these tips at this site, which you might want to make note of for
future reference, as there are a lot of really good tips here that can come
in handy: http://www.onecomputerguy.com/windowsxp_tips.htm
NOW - try this one and see where we get. This gives you a work around for
the problem you said you had with the CD.
Running SFC without a CD ROM
Added 6/9/04
If you run sfc /scannow and get prompted to insert a CD,
there are a couple of changes you might need to make.
Slipstream your copy of WindowsXP with the latest service pack you have
applied.
For detailed instructions on how to do this see:
SlipStreaming a Service Pack into Windows XP
http://www.onecomputerguy.com/install/winxp_slipstream.htm
Once these files are on your hard drive, you can simply make a few registry
changes to point to those locations.
Start Regedit
Go to the follow locations and change the path to wherever you copied the
source files.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePa
ckSourcePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePat
h
the last one might not be necessary
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SourcePath
If that does not work, try this next:
Yes, it might very well be part of the over all. The 'stop cryptsvc' issue.
You try the information here too.
http://www.updatexp.com/cryptographic-service.html
Restore CryptSvc (Cryptographic Service)
http://www.kellys-korner-xp.com/regs_edits/cryptsvc.reg
http://www.theeldergeek.com/cryptographic_services.htm
If you need to replace the mshtmler.dll file, go here and scroll down to
find it and then download it and install. This file may have become
corrupted, if the other things don't work, then try this.
http://www.dlldump.com/cgi-bin/dlldownload.cgi?path=dllfiles/M
This is the information I have been able to find thus far, so let's see how
we do with this. Let me know how you do.
Hope this helps.
Jan :)
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
> "Jan Il" <ab...@localhost.com> wrote in message
> news:OHlescWZ...@TK2MSFTNGP10.phx.gbl...
... lots of different repair / reinstall options snipped ...
Jan II, I think I may have run across a post that has solved my problem. I
was just short of doing a "corrective" reinstall of XP Pro to fix my loss of
text box usability in IE6 SP1. You may recall I tried (with no success,
which I still haven't figured out) to force via various tricks a reinstall
of IE6 itself. So, I was going to toss in the XP Pro CD when I ran across a
post on this NG from someone who was having trouble - not like mine, but
close enough to make me want to read the thread. I went to this site
http://www.infinisource.com/techfiles/surf-safe.html
As I read it, it occurred to me that my problem may in fact have been
related to recent (within the last 6 months) customization of my Internet
Security settings. I had previously had a Custom security profile, but some
random post from several months ago caused me to tweak it. I honestly can't
remember what it was I tweaked. Well, the combination of my old setting plus
that last set of changes appears to have been responsible (somehow). After
following the recommendations on this site I seem to be quite back to
normal.
I still haven't been able to figure out why I could not get IE6 to reinstall
(although I never got around to trying one or two of the suggestions), but
I'm willing to let that go for now.
So it appears there is at least one combination of Security settings on IE6
SP1 that produces a less than completely stable browser environment.
Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html
Run these tools in the following order with nothing else running in
background:
1. CWShredder (fix all found)
2. Ad-Aware (fix all found)
3. Spybot (RTFM but generally fix everything in red)
Important: You *must* seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred
tool to use. It will help you to both identify and remove any
hijackware/spyware. **Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**
[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]
Also:
1. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...
2. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow all Removal steps.
WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then Disk Cleanup > More options > Delete all but the most
recent Restore Point.
So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
HTH - Please Reply to This Thread
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
AumHa Forums
http://forum.aumha.org
Protect Your PC
http://www.microsoft.com/security/protect
"PA Bear" <PAB...@mvps.org> wrote in message
news:e4KpTEqc...@TK2MSFTNGP12.phx.gbl...
IE Tools>Internet Options>General>Accessibility> Is anything enabled here?
Did you enable it?
IE Tools>Internet Options>Advanced>Browsing>Enable third party browser
extentions (unchecked?)
Do you or did you have any P2P file sharing apps installed? How about
"free" toolbars?
You piggy-backed onto a thread begun by another poster to which a talented
MVP (Doug Varnau), familiar with hijackware, had responded. Did you see his
post? You appear to have take only a few of his thorough and explicit
suggestions.
> ...I have been
> through the entire mantra that the experts here suggest: AdAware,
> Spybot, CWShredder, Virus Scan, Hijack This, etc. Not one thing was
> found. I even did the mshtmler.dll replacement. I was left twisting
> in the wind. Apparently there's not a lot to suggest beyond the usual
> things that seem to appear in this ng.
Did you seek updates for CWShredder, Ad-aware and Spybot v1.3 before using
them each & every time (even "right of the box" new), and run them in that
exact order? Have you updated and run them since 03 July-04? Have you
enabled 'Show Hidden Files' before running them? Have you scanned with
these tools in Safe Mode? Has Ad-aware been reconfigured for a full custom
scan per http://aumha.org/forum/viewtopic.php?t=5877?
Have you posted your HijackThis log to an appropriate forum for
interpretation by the pros? HijackThis doesn't fix anything on its own and
there's a fairly steep learning curve associated with knowing what the good
and bad guys are. (If you have posted your log somewhere, please provide a
link to the thread/forum.)
Are your anti-virus application's definitions updated daily, followed by a
full system scan (also daily)? AFAIK, you haven't yet run a full system
scan in Safe Mode (see http://aumha.org/forum/viewtopic.php?t=5878).
Furthermore, you're missing several critical security updates at Windows
Update (though I wouldn't install updates until you get this malware problem
sorted).
Why can't I download [from Windows Update]?
http://www.kellys-korner-xp.com/top10faqs.htm
--
HTH - Please Reply to This Thread
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
AumHa Forums
http://forum.aumha.org
What You Should Know About Spyware
http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx
"PA Bear" <PAB...@mvps.org> wrote in message
news:%23FPTwRu...@tk2msftngp13.phx.gbl...
> Hi, Tony. I've been following this thread since it began earlier this
> month. Reinstalling IE won't make a bit of difference if malware is still
> present on your machine (and your problem is 99.9% certain to be
> malware-related, a recent CoolWebSearch variant, most likely).
>
> IE Tools>Internet Options>General>Accessibility> Is anything enabled here?
> Did you enable it?
>
No and no.
> IE Tools>Internet Options>Advanced>Browsing>Enable third party browser
> extentions (unchecked?)
>
Unchecked.
> Do you or did you have any P2P file sharing apps installed? How about
> "free" toolbars?
>
No and at one time yes. Many months ago I had some add-on toolbar show up,
but I got rid of it with the combination of tools listed here (I also
checked the Registry to make sure it was removed from the usual keys like
Run and Run Once). Had not shown up since.
> You piggy-backed onto a thread begun by another poster to which a talented
> MVP (Doug Varnau), familiar with hijackware, had responded. Did you see
his
> post? You appear to have take only a few of his thorough and explicit
> suggestions.
>
While I only generically indicated what I did here, I did in fact follow all
of his suggestions.
> > ...I have been
> > through the entire mantra that the experts here suggest: AdAware,
> > Spybot, CWShredder, Virus Scan, Hijack This, etc. Not one thing was
> > found. I even did the mshtmler.dll replacement. I was left twisting
> > in the wind. Apparently there's not a lot to suggest beyond the usual
> > things that seem to appear in this ng.
>
> Did you seek updates for CWShredder, Ad-aware and Spybot v1.3 before using
> them each & every time (even "right of the box" new), and run them in that
> exact order? Have you updated and run them since 03 July-04? Have you
> enabled 'Show Hidden Files' before running them? Have you scanned with
> these tools in Safe Mode? Has Ad-aware been reconfigured for a full
custom
> scan per http://aumha.org/forum/viewtopic.php?t=5877?
>
Yes.
CWShredder just run. Came up completely clean.
Adaware just run. 14 tracking cookies (all of which I recognize) and 5
redirected hosts file entries, which other sites indicate is sometimes
incorrectly identified by Adaware. BTW, I am using the hosts file from
http://www.mvps.org/winhelp2002/
Spybot found the same tracking cookies as Adaware, and also 5 DSO Exploits,
of the form
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3
As you can see from this example I fixed them.
> Have you posted your HijackThis log to an appropriate forum for
> interpretation by the pros? HijackThis doesn't fix anything on its own
and
> there's a fairly steep learning curve associated with knowing what the
good
> and bad guys are. (If you have posted your log somewhere, please provide
a
> link to the thread/forum.)
>
Yes. Nothing found.
> Are your anti-virus application's definitions updated daily, followed by a
> full system scan (also daily)? AFAIK, you haven't yet run a full system
> scan in Safe Mode (see http://aumha.org/forum/viewtopic.php?t=5878).
>
Yes. Although I have my full scal set to once per week (hasn't found
anything in a long, long time).
> Furthermore, you're missing several critical security updates at Windows
> Update (though I wouldn't install updates until you get this malware
problem
> sorted).
>
Yes, I know. I wanted to resolve this problem before doing this.
I would appreciate getting some insight as to why you are so sure it's
malware of some kind. The posts on this NG which tend to be traced back to
xxx-ware all seem to be things that many people are posting about (which
makes sense). In all the time I've been looking here (and other IE
newsgroups) I've only seen my exact problem posted three times... twice by
me! Given that my indicated actions have made this problem go away (and not
come back even without any further CW / Ad / Spy etc efforts until I just
ran them again), why do you not conclude that in fact there may have been a
combination of settings that may have been responsible for this? (I'm not
poking you with a stick, I'd like to know)
"Tony" <no...@none.com> wrote in message
news:fb-dncDWh-C...@comcast.com...
- confirm that you've sought updates for Ad-aware and Spybot before
using them each time;
- confirm you are running Spybot v1.3;
- confirm that you've reconfigured Ad-aware per
http://aumha.org/forum/viewtopic.php?t=5877;
- confirm that you've run both Ad-aware and Spybot in Safe Mode after
first having enabled "Show Hidden Files";
- confirm that you've updated virus definitions (manually, if
necessary), enabled "Show Hidden Files" and ran a full system scan with your
AV app;
- confirm that you've run at least two (2) of the free online scans
found listed at http://aumha.org/secure.php#freeav (NB: one of them *must*
be Panda's!)
- post the URL for the forum thread where you posted your HijackThis log
(and if they didn't have you enable "Show Hidden Files" and run HT in Safe
Mode, do so and post back to the thread. (You may reference this IE6
Browser thread and my post.)
[Is this it?... http://forums.spywareinfo.com/index.php?showtopic=8784 ]
>> Do you or did you have any ["free" toolbars] installed?
>>
> [At] one time yes.
What was it?
> Spybot found ...5 DSO Exploits
Assuming your homepage and default Search choices are what you want them to
be and are working properly, you may consider these DSO exploits a known and
much-discussed bug. You may configure Spybot to ignore them in further
scans.
> ...I have my full [AV scan] set to once per week
That scenario is simply insufficient anymore, Tony. Configure your AV to
seek definitions at least once a day (Some IT pros have chosen hourly!), at
a time when the machine is booted up and connected to the 'net. Then
configure it to run a full system scan about five minutes or so after
seeking and installing updates, also daily.
> In all the time I've been looking here (and other IE
> newsgroups) I've only seen my exact problem posted three times
Tony, I've read, re-read, reviewed and re-reviewed [Quiet, Jan! <wink>] all
of your posts in the original thread (http://snipurl.com/81fo) and here.
You have never stated "your exact problem" in either thread. You only made
a "Me, too" reply to OP Steve's post. Please do not consider this an attack
on you. The fact that you didn't clearly state *your* problem (and what
you'd done so far to solve it) is what caused me to "lurk in the background"
for the past month. I suspect others who may have been able to help also
chose to ignore this thread (and the original) for the very same reason
(though Jan's done an admirable job so far and kudos to her for jumping into
the fray).
> I would appreciate getting some insight as to why you are so sure it's
> malware of some kind...
The inablity to type in IE text boxes (and in OE) was one of the very first
"hijackings" we saw, dating back to December 2002 IIRC. It was caused
(then) by a still-nasty, still around POS called Xupiter. There are so many
new types of hijackware, new variants of known ones, and exploits used to
install them, that we simply cannot keep up with them all (which is prolly
the intent of the a**holes who're writing and foisting this stuff on mostly
unsuspecting users).
I respectfully suggest you (1) enable "Show Hidden Files" (and leave it that
way), (2) update virus definitions and run a full system scan in Safe Mode,
(3) update & run Ad-aware and Spybot (in that order and per all of the
above) once again, then (4) update and run HijackThis again (in Safe Mode),
saving your log.
Then go to http://forums.aumha.org and Register. Sign in and post your new
log to a new thread in http://forum.aumha.org/viewforum.php?f=30. Some of
the best hijackware mavens are working there, including MVPs Mike Burgess
(WinHelp2002 in http://forums.spywareinfo.com/index.php?showtopic=8784),
Siljaline, and the inimitable TonyKlein. Again, you may reference this
thread in your post.
Please do *not* insert your replies inline, it's simply too confusing.
Please do not change the subject of a thread; doing so disassociates your
post and replies to it from the original thread.
Please include all of the previous message in your replies.
--
HTH - Please Reply to This Thread
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
AumHa Forums
http://forum.aumha.org
Protect Your PC
http://www.microsoft.com/security/protect
Updates to both programs installed
Ad-aware reconfiguration confirmed
I have never kept a Windows configuration with files Hidden, so that is not
an issue. In any event, both programs were run in Safe mode. Both found the
same stuff I listed below (as when they were run in a regular instance).
I ran RAV and Panda. They both found old stuff in Zip files that were in a
Deleted Items folder from an email account I haven't used since 2002. On an
F: drive. Before jumping on that, I'll say that I don't open anything I get
in an attachment unless I already know what it is (i.e., I'm expecting it).
Yes, that is the HijackThis thread. As indicated earlier, I don't operate my
system with Hidden Files, so it was run in Show mode. It was not run in Safe
Mode. I can do that.
I really don't remember which toolbar I had pop up in my Browser. All I
remember is that I first deleted its entry from the Run key in the Registry,
and then ran every correction tool I had. It went away.
I appreciate what you wrote about AV updating (I use McAfee). I run a fairly
controlled computing environment at home. Only myself and my wife. My wife
uses it only for email and browsing. I use it for that and work and digital
imaging. Neither of us spends a whole lot of time looking for weird new
stuff on the Web. Neither one of us even bother to look at mail if we don't
know who it came from (even the ones from Microsoft Security from a few
months ago :>). I also don't install random stuff for no reason. My system
runs 24/7 on a cable modem behind a switch with NAT and SPI, and with XP
Pro's firewall enabled. I also use another software firewall (Conseal PC
Firewall). With my AV updating weekly I have not had any attack on my system
since the toolbar incident (which is not a virus, per se). If you go
strictly by the definition of a virus I have no recollection of the last
time my system was affected. And yes I have run any number of on-line
firewall testers. My system comes up as Stealthy or Invisible.
I have listed my problem in the past in another thread. The reason why I
jumped in on Steve's is that it seemed like there was some action in his
thread that might help. Try this one
watch out for the overlap.
I will try your 2-4 steps listed below again (1 is already taken care of),
and see what comes up.
"PA Bear" <PAB...@mvps.org> wrote in message
news:ONrlGH7c...@TK2MSFTNGP09.phx.gbl...
"Tony" <no...@none.com> wrote in message
news:BM6dnfDslO3...@comcast.com...